Windows has encountered a critical problem and will restart automatically in one minute. Please save

Solved
By Mattk11
Aug 2, 2012
  1. I am running Windows 7 on my old HP laptop and have not had any problems with it at all until now. Yesterday I noticed that a Norton anti virus window would pop up and tell me I had problems and I should download and buy their software to fix it. I already had Windows Security Essentials but it wasn't turned on. I tried to activate WSE but it wouldn't work so I uninstalled it, then I uninstalled the Norton that mysteriously appeared on my laptop. Then I redownloaded Microsoft Security Essentials and tried to activate it. When it started, I got this message:

    Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now.

    I looked at the pinned directions, but I'm not able to start anything or scan anything because my laptop just automatically restarts before I can do anything.

    I've tried hitting F8 and chose "Disable automatic restart" but I still got the error. Then I hit F8 and chose safe mode but still got the message.

    Not sure what to do because I cannot run a scan or keep it from restarting.

    Thanks
  2. Broni

    Broni Malware Annihilator Posts: 46,413   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  3. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    I downloaded and saved the 32 bit version of frst to my memory stick. I used the advance boot options. After running notepad, I discovered that the memory stick is the "F" drive. I followed these instructions exactly and when I put in the F:\frst.exe I get a message back that says:

    The subsystem needed to support thisimage type is not present.

    I was unable to enter this set-up using the Win7 disk.
  4. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    Wait, using the 64 bit version is working...............
  5. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 03-08-2012 09:45:52
    Running from F:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [120320 2007-09-14] (Synaptics, Inc.)
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKU\MattK\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
    HKU\MattK\...\Run: [Google Update] "C:\Users\MattK\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-21] (Google Inc.)
    HKU\MattK\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17417904 2012-07-03] (Skype Technologies S.A.)
    HKU\MattK\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\MattK\...\Run: [AdobeBridge] [x]
    Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
    ==================== Services (Whitelisted) ======
    2 AEADIFilters; C:\Windows\System32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
    2 Irmon; C:\Windows\System32\irmon.dll [23552 2009-07-13] (Microsoft Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 NfsClnt; C:\Windows\System32\nfsclnt.exe [65536 2010-11-20] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    3 StumbleUponUpdateService; "C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe" [105672 2011-09-30] (stumbleupon.com)
    2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
    ========================== Drivers (Whitelisted) =============
    3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [402432 2008-04-24] (Analog Devices, Inc.)
    2 irda; C:\Windows\System32\Drivers\irda.sys [120320 2009-07-13] (Microsoft Corporation)
    3 NfsRdr; C:\Windows\System32\Drivers\NfsRdr.sys [246272 2010-11-20] (Microsoft Corporation)
    3 RpcXdr; C:\Windows\System32\Drivers\RpcXdr.sys [104960 2010-11-20] (Microsoft Corporation)
    3 SMSCIRDA; C:\Windows\System32\DRIVERS\SMSCir64.sys [37760 2007-04-25] (SMSC)
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-08-03 09:39 - 2012-08-03 09:39 - 00000000 ____D C:\FRST
    2012-08-03 06:25 - 2012-08-03 06:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAEACAAFE787C68F
    2012-08-03 06:25 - 2012-08-03 06:25 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sxflhouo.sys
    2012-08-03 06:22 - 2012-08-03 06:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E4F39965E21C7F6
    2012-08-03 06:18 - 2012-08-03 06:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9111BA2FA11C53DA
    2012-08-03 06:12 - 2012-08-03 06:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E3988DAD57C33C2
    2012-08-03 05:54 - 2012-08-03 05:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.83D86AA65D2882DA
    2012-08-02 04:05 - 2012-08-02 04:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7AFBF99538297A81
    2012-08-02 03:44 - 2012-08-02 03:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B03314A53CAC5343
    2012-08-02 03:41 - 2012-08-02 03:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB9502B747DD947F
    2012-08-02 03:38 - 2012-08-02 03:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.283098B65BFCCD7F
    2012-08-02 03:34 - 2012-08-02 03:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DE19A90C14592CB
    2012-08-02 03:32 - 2012-08-02 03:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.33EF03CA7700BD56
    2012-08-02 03:29 - 2012-08-02 03:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AA9E80FB5FA9C79
    2012-08-02 03:27 - 2012-08-02 03:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A37297B7AFB3740
    2012-08-02 03:24 - 2012-08-02 03:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.321B547DF6B81C41
    2012-08-02 03:21 - 2012-08-02 03:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52D1F4A13FB07749
    2012-08-02 03:18 - 2012-08-02 03:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE732EBEDF684671
    2012-08-02 03:16 - 2012-08-02 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9E2067CFB24A51B
    2012-08-02 03:13 - 2012-08-02 03:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5BC22F3B63249298
    2012-08-02 03:11 - 2012-08-02 03:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F59426F21092A259
    2012-08-02 03:08 - 2012-08-02 03:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D79C72E3A81AB659
    2012-08-02 03:05 - 2012-08-02 03:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D09342258975EEDF
    2012-08-02 03:02 - 2012-08-02 03:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B3BA0D3DBD2FCD8
    2012-08-02 02:59 - 2012-08-02 02:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FB7481F667A2F54
    2012-08-02 02:56 - 2012-08-02 02:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.687214882F642C44
    2012-08-02 02:50 - 2012-08-02 02:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A389346A41C4B6B
    2012-08-02 02:47 - 2012-08-02 02:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E20DEE647728EEB
    2012-08-02 02:45 - 2012-08-02 02:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3AF53DD9B06B235
    2012-08-02 02:42 - 2012-08-02 02:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.528D5DA1D14332DE
    2012-08-02 02:39 - 2012-08-02 02:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9DC33A5A0FBA1369
    2012-08-02 02:37 - 2012-08-02 02:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AEEB722910C84175
    2012-08-02 02:34 - 2012-08-02 02:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B0C99CD8B6EB29C4
    2012-08-02 02:31 - 2012-08-02 02:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5960297848E68FC5
    2012-08-02 02:29 - 2012-08-02 02:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.39DE16FD8384686D
    2012-08-02 02:26 - 2012-08-02 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BAA367B6B64571F1
    2012-08-02 02:24 - 2012-08-02 02:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B27628944C12F703
    2012-08-02 02:18 - 2012-08-02 02:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D29FC9E61EB1B7C6
    2012-08-02 02:15 - 2012-08-02 02:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1D4ED5D66D65413
    2012-08-02 02:13 - 2012-08-02 02:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24DE82605635B81B
    2012-08-02 02:10 - 2012-08-02 02:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E41E037F0AFCCD4A
    2012-08-02 02:08 - 2012-08-02 02:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.122A5E1E54AE5ED2
    2012-08-02 02:05 - 2012-08-02 02:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9742DC30B0311E00
    2012-08-02 02:03 - 2012-08-02 02:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7159B463D1C5FE20
    2012-08-02 02:00 - 2012-08-02 02:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A525FB6F6319F7EF
    2012-08-02 01:57 - 2012-08-02 01:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96C3E4BA915F702E
    2012-08-02 01:54 - 2012-08-02 01:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D64EF27F40D682F7
    2012-08-02 01:51 - 2012-08-02 01:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C4985E93A8A5F674
    2012-08-02 01:49 - 2012-08-02 01:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA1735DDB584FAEB
    2012-08-02 01:40 - 2012-08-02 01:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59A2A60A6311803B
    2012-08-02 01:38 - 2012-08-02 01:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A4AC2A8C91DAD65
    2012-08-02 01:35 - 2012-08-02 01:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BABD326F42F07624
    2012-08-02 01:32 - 2012-08-02 01:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.425385496B36D13E
    2012-08-02 01:29 - 2012-08-02 01:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14523C6E8170B64D
    2012-08-02 01:26 - 2012-08-02 01:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D011AA9C2F1DDA6D
    2012-08-02 01:23 - 2012-08-02 01:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE650F1C034B2962
    2012-08-02 01:21 - 2012-08-02 01:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F152D54FEA96A54
    2012-08-02 01:18 - 2012-08-02 01:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EEE1C5962E7C7D18
    2012-08-02 01:15 - 2012-08-02 01:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB12AAECC3C0573
    2012-08-02 01:13 - 2012-08-02 01:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.732D2908EB80F490
    2012-08-02 01:10 - 2012-08-02 01:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AD311E264369345
    2012-08-02 01:07 - 2012-08-02 01:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7603D803F7FF7E95
    2012-08-02 01:04 - 2012-08-02 01:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3D0C0BD1DAEDC287
    2012-08-02 01:02 - 2012-08-02 01:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FAA53174069E117
    2012-08-02 00:56 - 2012-08-02 00:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAAEA68937437AC0
    2012-08-02 00:43 - 2012-08-02 00:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.164D00AEC9A7F87D
    2012-08-02 00:40 - 2012-08-02 00:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07E46FBBB0F23A63
    2012-08-02 00:37 - 2012-08-02 00:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3CFA7F46FE59DF4A
    2012-08-02 00:35 - 2012-08-02 00:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34E6064420F94D8E
    2012-08-02 00:32 - 2012-08-02 00:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4557614E7FBCA38F
    2012-08-02 00:28 - 2012-08-02 00:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE447090B88B6140
    2012-08-02 00:26 - 2012-08-02 00:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9FC033005D9CEB7
    2012-08-02 00:23 - 2012-08-02 00:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78C93B32663A461C
    2012-08-02 00:20 - 2012-08-02 00:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FB51642D65A6AED
    2012-08-02 00:18 - 2012-08-02 00:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16E0FC74C1EC0332
    2012-08-02 00:15 - 2012-08-02 00:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CFB6835567BB57F
    2012-08-02 00:12 - 2012-08-02 00:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.661AAECD479867FC
    2012-08-02 00:09 - 2012-08-02 00:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.92CA104CB6B20223
    2012-08-02 00:06 - 2012-08-02 00:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DD94C9B17A66FAF
    2012-08-02 00:04 - 2012-08-02 00:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16686CF02F23027F
    2012-08-02 00:01 - 2012-08-02 00:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4167AE9B0C050290
    2012-08-01 23:59 - 2012-08-01 23:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03B273584CB58979
    2012-08-01 23:55 - 2012-08-01 23:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.614D4E9243E4F92E
    2012-08-01 23:52 - 2012-08-01 23:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3C8733D05F8DD51
    2012-08-01 23:49 - 2012-08-01 23:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D00D5357E4AF8B1E
    2012-08-01 23:46 - 2012-08-01 23:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4BAA7E4BFE0AAC59
    2012-08-01 23:44 - 2012-08-01 23:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F84FFDFFC6BCA91
    2012-08-01 23:41 - 2012-08-01 23:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.611F6DF78FECF8DF
    2012-08-01 23:36 - 2012-08-01 23:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F8E5CB9A7BE3B96
    2012-08-01 23:33 - 2012-08-01 23:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85EA4C9C0FF97D4A
    2012-08-01 23:31 - 2012-08-01 23:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3363AA46023FF692
    2012-08-01 23:29 - 2012-08-01 23:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA9C0FF669B88EC4
    2012-08-01 23:26 - 2012-08-01 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D5FA15A6BD25007
    2012-08-01 23:22 - 2012-08-01 23:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCB91B31723180D6
    2012-08-01 23:19 - 2012-08-01 23:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C40C90D8BD647F6F
    2012-08-01 23:17 - 2012-08-01 23:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C420B175B33DAD4
    2012-08-01 23:15 - 2012-08-01 23:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADD49242DC72885E
    2012-08-01 23:12 - 2012-08-01 23:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF6AA2BDD1925292
    2012-08-01 23:10 - 2012-08-01 23:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3840E6DC9293A846
    2012-08-01 23:07 - 2012-08-01 23:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5913E98792C7A9D
    2012-08-01 22:59 - 2012-08-01 22:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C506211357A9A94
    2012-08-01 22:57 - 2012-08-01 22:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.53A31E5E79F082D9
    2012-08-01 22:54 - 2012-08-01 22:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FAF388D99072CD8B
    2012-08-01 22:52 - 2012-08-01 22:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A71DFCCD88E0C172
    2012-08-01 22:49 - 2012-08-01 22:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5B1E9CC6DF25639
    2012-08-01 22:47 - 2012-08-01 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.105C604F2EF4E085
    2012-08-01 22:44 - 2012-08-01 22:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51A47559531877FB
    2012-08-01 22:39 - 2012-08-01 22:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E667505CDC044B4E
    2012-08-01 22:37 - 2012-08-01 22:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20C6A432EE076E48
    2012-08-01 22:34 - 2012-08-01 22:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE186F5347687056
    2012-08-01 22:31 - 2012-08-01 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E1AF63FAE598301
    2012-08-01 22:28 - 2012-08-01 22:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.10950AD09488E3C9
    2012-08-01 22:26 - 2012-08-01 22:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.727CD3E397711FBD
    2012-08-01 22:23 - 2012-08-01 22:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD64AE2A600D9E96
    2012-08-01 22:21 - 2012-08-01 22:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61C30F20A5DC977B
    2012-08-01 22:16 - 2012-08-01 22:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.679BFC1BB9030927
    2012-08-01 22:13 - 2012-08-01 22:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0014A19341F446C3
    2012-08-01 22:10 - 2012-08-01 22:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0AC70939866BFB9
    2012-08-01 22:07 - 2012-08-01 22:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F70ACD587B17A2D
    2012-08-01 22:04 - 2012-08-01 22:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2EA7C9FC2E7156E
    2012-08-01 22:01 - 2012-08-01 22:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DEF15AD666AD9FF
    2012-08-01 21:59 - 2012-08-01 21:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1918A9640383714C
    2012-08-01 21:56 - 2012-08-01 21:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5402D42734D03253
    2012-08-01 21:54 - 2012-08-01 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B014E7746B69BB5C
    2012-08-01 21:51 - 2012-08-01 21:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94929C660C1FD1D4
    2012-08-01 21:48 - 2012-08-01 21:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9EF7704FA9D20E1B
    2012-08-01 21:45 - 2012-08-01 21:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F388D241C2191134
    2012-08-01 21:42 - 2012-08-01 21:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A04D9D20D033A5BB
    2012-08-01 21:39 - 2012-08-01 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D9C3C0CD22146FAF
    2012-08-01 21:37 - 2012-08-01 21:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03FFBFFA76C511AA
    2012-08-01 21:34 - 2012-08-01 21:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.108C453C32538CE9
    2012-08-01 21:31 - 2012-08-01 21:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AB28B14A4258C2A
    2012-08-01 21:27 - 2012-08-01 21:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AD82583D218B144C
    2012-08-01 21:25 - 2012-08-01 21:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47FF61110861FD93
    2012-08-01 21:22 - 2012-08-01 21:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2A4DCCD093442F2
    2012-08-01 21:20 - 2012-08-01 21:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1078064C81A54B58
    2012-08-01 21:17 - 2012-08-01 21:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79D07146B253AB00
    2012-08-01 21:12 - 2012-08-01 21:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A77C38DF3F8DF5B
    2012-08-01 21:10 - 2012-08-01 21:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.450418ED28DDD245
    2012-08-01 21:07 - 2012-08-01 21:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A013C9220DD8DFA
    2012-08-01 21:02 - 2012-08-01 21:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06EBF1CC5E0B75D4
    2012-08-01 20:59 - 2012-08-01 20:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF7F7AFB4DFA790C
    2012-08-01 20:56 - 2012-08-01 20:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE800A2ABA43F24C
    2012-08-01 20:53 - 2012-08-01 20:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.11DA6FD0CE63C16E
    2012-08-01 20:50 - 2012-08-01 20:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26DD48C1A7C050B6
    2012-08-01 20:48 - 2012-08-01 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28C471C03152E1B3
    2012-08-01 20:46 - 2012-08-01 20:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3816B138406EF55
    2012-08-01 20:43 - 2012-08-01 20:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A66F14526025BAE
    2012-08-01 20:41 - 2012-08-01 20:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F20BF6937A603056
    2012-08-01 20:38 - 2012-08-01 20:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E91FCF0C3369A279
    2012-08-01 20:36 - 2012-08-01 20:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.806535E31760765E
    2012-08-01 20:33 - 2012-08-01 20:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49F559AE5FDEDCB1
    2012-08-01 20:31 - 2012-08-01 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE25DCA304633506
    2012-08-01 20:27 - 2012-08-01 20:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C3635234BBE6D9F
    2012-08-01 20:25 - 2012-08-01 20:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03B4A08F65E6BE9F
    2012-08-01 20:22 - 2012-08-01 20:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27B1D73589D1C2DA
    2012-08-01 20:20 - 2012-08-01 20:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FA2801141B53E39
    2012-08-01 20:17 - 2012-08-01 20:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E464B8FC0107FC3E
    2012-08-01 20:15 - 2012-08-01 20:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2E27867A9E999F1
    2012-08-01 20:12 - 2012-08-01 20:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1541ADBDA750577A
    2012-08-01 20:10 - 2012-08-01 20:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0328FC39D608ABF1
    2012-08-01 20:06 - 2012-08-01 20:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90F7EE4EB1D5E02F
    2012-08-01 20:04 - 2012-08-01 20:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4EAAA88BFB5308D
    2012-08-01 20:01 - 2012-08-01 20:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14410C837950975D
    2012-08-01 19:58 - 2012-08-01 19:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF6CF736CA4EA728
    2012-08-01 19:56 - 2012-08-01 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.91D5ACB29237EC45
    2012-08-01 19:53 - 2012-08-01 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B80E41D62A2707FA
    2012-08-01 19:49 - 2012-08-01 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8D24A5380615DC3E
    2012-08-01 19:47 - 2012-08-01 19:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE376ECF4C875275
    2012-08-01 19:44 - 2012-08-01 19:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E483E6825B6D8295
    2012-08-01 19:42 - 2012-08-01 19:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5BC3413C7D34B109
    2012-08-01 19:39 - 2012-08-01 19:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56B3F557EC4182A8
    2012-08-01 19:34 - 2012-08-01 19:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.71868BE536497452
    2012-08-01 19:31 - 2012-08-01 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F90B2F01D11BB6B
    2012-08-01 19:29 - 2012-08-01 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D8F2C9B40D0859B
    2012-08-01 19:25 - 2012-08-01 19:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5955C4F362257FE3
    2012-08-01 19:23 - 2012-08-01 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3C8A475B854FDB1
    2012-08-01 19:20 - 2012-08-01 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D412545A67F4083C
    2012-08-01 19:18 - 2012-08-01 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B050F9C9D882F6A4
    2012-08-01 19:15 - 2012-08-01 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.950F767B185E03B4
    2012-08-01 19:13 - 2012-08-01 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FBD51F87895F6043
    2012-08-01 19:11 - 2012-08-01 19:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58B181379F5F7276
    2012-08-01 19:08 - 2012-08-01 19:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF063EE80E2F420F
    2012-08-01 19:06 - 2012-08-01 19:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65136D1FDCB47772
    2012-08-01 19:03 - 2012-08-01 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F88A215B0FA4F00
    2012-08-01 19:00 - 2012-08-01 19:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6713F9D40F3D00E7
    2012-08-01 18:57 - 2012-08-01 18:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9ABE2014D9CD438
    2012-08-01 18:54 - 2012-08-01 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1AD39D9FC6F4EDA
    2012-08-01 18:51 - 2012-08-01 18:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9E23300116868299
    2012-08-01 18:48 - 2012-08-01 18:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75969E90459225D8
    2012-08-01 18:43 - 2012-08-01 18:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02CBDDB49335DCA2
    2012-08-01 18:40 - 2012-08-01 18:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.74BE45840965E688
    2012-08-01 18:37 - 2012-08-01 18:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA961D6577E38D4D
    2012-08-01 18:35 - 2012-08-01 18:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC281F03A05862D4
    2012-08-01 18:33 - 2012-08-01 18:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79A32A2AC6FAFA63
    2012-08-01 18:27 - 2012-08-01 18:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50CB5C6F78322DAA
    2012-08-01 18:12 - 2012-08-01 18:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5127EF7252E7874
    2012-08-01 18:04 - 2012-08-01 18:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.21A3C9D408CD73DF
    2012-08-01 18:00 - 2012-08-01 18:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B7018D534506B337
    2012-08-01 17:58 - 2012-08-01 17:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5BF3B8834CF1C5B
    2012-08-01 17:55 - 2012-08-01 17:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.37D6430C6EAC5BB1
    2012-08-01 17:53 - 2012-08-01 17:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC3E6FD8FFFA8D55
    2012-08-01 17:50 - 2012-08-01 17:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.93C3436349025B86
    2012-08-01 17:46 - 2012-08-01 17:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E58B55EAB94D4B2C
    2012-08-01 17:40 - 2012-08-01 17:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.150AE20EB6783123
    2012-08-01 17:38 - 2012-08-01 17:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD180896CE71B1A8
    2012-08-01 17:35 - 2012-08-01 17:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B53EF6C9DBDB8AE5
    2012-08-01 17:32 - 2012-08-01 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A19E180FA658C5E
    2012-08-01 17:30 - 2012-08-01 17:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DB2220710F868E1
    2012-08-01 17:27 - 2012-08-01 17:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B40C9070C1D5A1B8
    2012-08-01 17:24 - 2012-08-01 17:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5F52720A18AE7DF
    2012-08-01 17:21 - 2012-08-01 17:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.442F30237FA9B2A6
    2012-08-01 17:19 - 2012-08-01 17:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4493D11F83FEC41B
    2012-08-01 17:17 - 2012-08-01 17:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.053E351A1D7ED66B
    2012-08-01 17:14 - 2012-08-01 17:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB147E03CD9A0CE5
    2012-08-01 17:12 - 2012-08-01 17:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D06977DCFB03A80
    2012-08-01 17:09 - 2012-08-01 17:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9295F5C6D3BFF747
    2012-08-01 17:06 - 2012-08-01 17:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.699976F3B025FF87
    2012-08-01 17:03 - 2012-08-01 17:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB1FF8864FCA4FB
    2012-08-01 17:01 - 2012-08-01 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A91062709B51957
    2012-08-01 16:58 - 2012-08-01 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E574C91D2D1B280
    2012-08-01 16:56 - 2012-08-01 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC68A6D4EA4DEA52
    2012-08-01 16:53 - 2012-08-01 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D294661BC47DB210
    2012-08-01 16:51 - 2012-08-01 16:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C40702460CA71393
    2012-08-01 16:48 - 2012-08-01 16:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BFCDBE48BBB7B76C
    2012-08-01 16:45 - 2012-08-01 16:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8FD09C0BB4A0FCC
    2012-08-01 16:43 - 2012-08-01 16:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.710532FA6C59B690
    2012-08-01 16:40 - 2012-08-01 16:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2523BAC499D736D8
    2012-08-01 16:38 - 2012-08-01 16:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20B4FDC7848D366C
    2012-08-01 16:36 - 2012-08-01 16:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E05B434EBC7028D
    2012-08-01 16:32 - 2012-08-01 16:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D575F5BF31BB199
    2012-08-01 16:30 - 2012-08-01 16:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FC519C414B4F91E
    2012-08-01 16:27 - 2012-08-01 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48E98BA10EB0E3F2
    2012-08-01 16:25 - 2012-08-01 16:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42506981F5494B6E
    2012-08-01 16:23 - 2012-08-01 16:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA855CD8F3B9469E
    2012-08-01 16:20 - 2012-08-01 16:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBD1925FE6EF3598
    2012-08-01 16:18 - 2012-08-01 16:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A50A6317CBE52344
    2012-08-01 16:15 - 2012-08-01 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC86F47F95977A6B
    2012-08-01 16:12 - 2012-08-01 16:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FFC25EAB1DBEB1D0
    2012-08-01 16:09 - 2012-08-01 16:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FCB301ED906D814B
    2012-08-01 16:06 - 2012-08-01 16:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24A2379ADDBD9ACB
    2012-08-01 16:03 - 2012-08-01 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A5F496D65971FFF
    2012-08-01 15:58 - 2012-08-01 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6B514B7AD16A63B
    2012-08-01 15:54 - 2012-08-01 15:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF0EC05AB416631C
    2012-08-01 15:46 - 2012-08-01 15:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.082EBDEC28EF8027
    2012-08-01 15:43 - 2012-08-01 15:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7539C71E6A14CDC3
    2012-08-01 15:40 - 2012-08-01 15:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90B2E54951ADEE0B
    2012-08-01 15:36 - 2012-08-01 15:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA6442CB581DB35A
    2012-08-01 15:28 - 2012-08-01 15:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-01 15:28 - 2012-08-01 15:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-08-01 15:19 - 2012-08-01 15:19 - 12621696 ____A (Microsoft Corporation) C:\Users\MattK\Downloads\mseinstall.exe
    2012-07-16 04:33 - 2012-07-16 04:33 - 00001358 ____A C:\Users\MattK\Desktop\Norton Installation Files.lnk
    2012-07-16 04:33 - 2012-07-16 04:33 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2012-07-13 10:57 - 2012-07-13 10:57 - 00000000 ____D C:\Program Files (x86)\HDLand
    2012-07-13 10:54 - 2012-07-13 10:55 - 09465770 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.27.0 (1).exe
    2012-07-09 13:03 - 2012-07-09 13:12 - 09465770 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.27.0.exe
  6. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    ============ 3 Months Modified Files ========================
    2012-08-03 06:25 - 2012-08-03 06:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAEACAAFE787C68F
    2012-08-03 06:25 - 2012-08-03 06:25 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sxflhouo.sys
    2012-08-03 06:24 - 2011-08-18 14:35 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-03 06:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-03 06:24 - 2009-07-13 20:51 - 00062592 ____A C:\Windows\setupact.log
    2012-08-03 06:22 - 2012-08-03 06:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E4F39965E21C7F6
    2012-08-03 06:20 - 2012-03-31 06:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-03 06:18 - 2012-08-03 06:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9111BA2FA11C53DA
    2012-08-03 06:12 - 2012-08-03 06:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E3988DAD57C33C2
    2012-08-03 05:54 - 2012-08-03 05:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.83D86AA65D2882DA
    2012-08-02 04:05 - 2012-08-02 04:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7AFBF99538297A81
    2012-08-02 03:44 - 2012-08-02 03:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B03314A53CAC5343
    2012-08-02 03:41 - 2012-08-02 03:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB9502B747DD947F
    2012-08-02 03:38 - 2012-08-02 03:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.283098B65BFCCD7F
    2012-08-02 03:34 - 2012-08-02 03:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DE19A90C14592CB
    2012-08-02 03:32 - 2012-08-02 03:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.33EF03CA7700BD56
    2012-08-02 03:29 - 2012-08-02 03:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AA9E80FB5FA9C79
    2012-08-02 03:27 - 2012-08-02 03:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A37297B7AFB3740
    2012-08-02 03:24 - 2012-08-02 03:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.321B547DF6B81C41
    2012-08-02 03:21 - 2012-08-02 03:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52D1F4A13FB07749
    2012-08-02 03:18 - 2012-08-02 03:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE732EBEDF684671
    2012-08-02 03:16 - 2012-08-02 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9E2067CFB24A51B
    2012-08-02 03:13 - 2012-08-02 03:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5BC22F3B63249298
    2012-08-02 03:11 - 2012-08-02 03:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F59426F21092A259
    2012-08-02 03:11 - 2011-12-14 14:50 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338972807-2305178636-2376310400-1000UA.job
    2012-08-02 03:11 - 2011-08-18 14:35 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-02 03:08 - 2012-08-02 03:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D79C72E3A81AB659
    2012-08-02 03:05 - 2012-08-02 03:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D09342258975EEDF
    2012-08-02 03:02 - 2012-08-02 03:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B3BA0D3DBD2FCD8
    2012-08-02 02:59 - 2012-08-02 02:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FB7481F667A2F54
    2012-08-02 02:56 - 2012-08-02 02:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.687214882F642C44
    2012-08-02 02:53 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-08-02 02:50 - 2012-08-02 02:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A389346A41C4B6B
    2012-08-02 02:47 - 2012-08-02 02:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E20DEE647728EEB
    2012-08-02 02:45 - 2012-08-02 02:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3AF53DD9B06B235
    2012-08-02 02:42 - 2012-08-02 02:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.528D5DA1D14332DE
    2012-08-02 02:39 - 2012-08-02 02:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9DC33A5A0FBA1369
    2012-08-02 02:37 - 2012-08-02 02:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AEEB722910C84175
    2012-08-02 02:34 - 2012-08-02 02:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B0C99CD8B6EB29C4
    2012-08-02 02:31 - 2012-08-02 02:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5960297848E68FC5
    2012-08-02 02:29 - 2012-08-02 02:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.39DE16FD8384686D
    2012-08-02 02:26 - 2012-08-02 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BAA367B6B64571F1
    2012-08-02 02:24 - 2012-08-02 02:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B27628944C12F703
    2012-08-02 02:18 - 2012-08-02 02:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D29FC9E61EB1B7C6
    2012-08-02 02:15 - 2012-08-02 02:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1D4ED5D66D65413
    2012-08-02 02:13 - 2012-08-02 02:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24DE82605635B81B
    2012-08-02 02:10 - 2012-08-02 02:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E41E037F0AFCCD4A
    2012-08-02 02:08 - 2012-08-02 02:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.122A5E1E54AE5ED2
    2012-08-02 02:05 - 2012-08-02 02:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9742DC30B0311E00
    2012-08-02 02:03 - 2012-08-02 02:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7159B463D1C5FE20
    2012-08-02 02:00 - 2012-08-02 02:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A525FB6F6319F7EF
    2012-08-02 01:57 - 2012-08-02 01:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96C3E4BA915F702E
    2012-08-02 01:54 - 2012-08-02 01:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D64EF27F40D682F7
    2012-08-02 01:51 - 2012-08-02 01:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C4985E93A8A5F674
    2012-08-02 01:49 - 2012-08-02 01:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA1735DDB584FAEB
    2012-08-02 01:40 - 2012-08-02 01:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59A2A60A6311803B
    2012-08-02 01:38 - 2012-08-02 01:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A4AC2A8C91DAD65
    2012-08-02 01:35 - 2012-08-02 01:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BABD326F42F07624
    2012-08-02 01:32 - 2012-08-02 01:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.425385496B36D13E
    2012-08-02 01:29 - 2012-08-02 01:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14523C6E8170B64D
    2012-08-02 01:26 - 2012-08-02 01:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D011AA9C2F1DDA6D
    2012-08-02 01:23 - 2012-08-02 01:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE650F1C034B2962
    2012-08-02 01:21 - 2012-08-02 01:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F152D54FEA96A54
    2012-08-02 01:18 - 2012-08-02 01:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EEE1C5962E7C7D18
    2012-08-02 01:15 - 2012-08-02 01:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB12AAECC3C0573
    2012-08-02 01:13 - 2012-08-02 01:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.732D2908EB80F490
    2012-08-02 01:10 - 2012-08-02 01:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AD311E264369345
    2012-08-02 01:07 - 2012-08-02 01:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7603D803F7FF7E95
    2012-08-02 01:04 - 2012-08-02 01:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3D0C0BD1DAEDC287
    2012-08-02 01:02 - 2012-08-02 01:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FAA53174069E117
    2012-08-02 00:56 - 2012-08-02 00:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAAEA68937437AC0
    2012-08-02 00:43 - 2012-08-02 00:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.164D00AEC9A7F87D
    2012-08-02 00:40 - 2012-08-02 00:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07E46FBBB0F23A63
    2012-08-02 00:37 - 2012-08-02 00:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3CFA7F46FE59DF4A
    2012-08-02 00:35 - 2012-08-02 00:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34E6064420F94D8E
    2012-08-02 00:32 - 2012-08-02 00:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4557614E7FBCA38F
    2012-08-02 00:28 - 2012-08-02 00:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE447090B88B6140
    2012-08-02 00:26 - 2012-08-02 00:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9FC033005D9CEB7
    2012-08-02 00:23 - 2012-08-02 00:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78C93B32663A461C
    2012-08-02 00:20 - 2012-08-02 00:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FB51642D65A6AED
    2012-08-02 00:18 - 2012-08-02 00:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16E0FC74C1EC0332
    2012-08-02 00:15 - 2012-08-02 00:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CFB6835567BB57F
    2012-08-02 00:12 - 2012-08-02 00:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.661AAECD479867FC
    2012-08-02 00:09 - 2012-08-02 00:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.92CA104CB6B20223
    2012-08-02 00:06 - 2012-08-02 00:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DD94C9B17A66FAF
    2012-08-02 00:04 - 2012-08-02 00:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16686CF02F23027F
    2012-08-02 00:03 - 2009-07-13 21:08 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-02 00:01 - 2012-08-02 00:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4167AE9B0C050290
    2012-08-01 23:59 - 2012-08-01 23:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03B273584CB58979
    2012-08-01 23:55 - 2012-08-01 23:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.614D4E9243E4F92E
    2012-08-01 23:52 - 2012-08-01 23:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3C8733D05F8DD51
    2012-08-01 23:49 - 2012-08-01 23:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D00D5357E4AF8B1E
    2012-08-01 23:46 - 2012-08-01 23:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4BAA7E4BFE0AAC59
    2012-08-01 23:44 - 2012-08-01 23:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F84FFDFFC6BCA91
    2012-08-01 23:41 - 2012-08-01 23:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.611F6DF78FECF8DF
    2012-08-01 23:36 - 2012-08-01 23:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F8E5CB9A7BE3B96
    2012-08-01 23:33 - 2012-08-01 23:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85EA4C9C0FF97D4A
    2012-08-01 23:31 - 2012-08-01 23:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3363AA46023FF692
    2012-08-01 23:29 - 2012-08-01 23:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA9C0FF669B88EC4
    2012-08-01 23:26 - 2012-08-01 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D5FA15A6BD25007
    2012-08-01 23:22 - 2012-08-01 23:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCB91B31723180D6
    2012-08-01 23:19 - 2012-08-01 23:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C40C90D8BD647F6F
    2012-08-01 23:17 - 2012-08-01 23:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C420B175B33DAD4
    2012-08-01 23:15 - 2012-08-01 23:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADD49242DC72885E
    2012-08-01 23:12 - 2012-08-01 23:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF6AA2BDD1925292
    2012-08-01 23:10 - 2012-08-01 23:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3840E6DC9293A846
    2012-08-01 23:07 - 2012-08-01 23:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5913E98792C7A9D
    2012-08-01 22:59 - 2012-08-01 22:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C506211357A9A94
    2012-08-01 22:57 - 2012-08-01 22:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.53A31E5E79F082D9
    2012-08-01 22:54 - 2012-08-01 22:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FAF388D99072CD8B
    2012-08-01 22:52 - 2012-08-01 22:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A71DFCCD88E0C172
    2012-08-01 22:49 - 2012-08-01 22:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5B1E9CC6DF25639
    2012-08-01 22:47 - 2012-08-01 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.105C604F2EF4E085
    2012-08-01 22:44 - 2012-08-01 22:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51A47559531877FB
    2012-08-01 22:39 - 2012-08-01 22:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E667505CDC044B4E
    2012-08-01 22:37 - 2012-08-01 22:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20C6A432EE076E48
    2012-08-01 22:34 - 2012-08-01 22:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE186F5347687056
    2012-08-01 22:31 - 2012-08-01 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E1AF63FAE598301
    2012-08-01 22:28 - 2012-08-01 22:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.10950AD09488E3C9
    2012-08-01 22:26 - 2012-08-01 22:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.727CD3E397711FBD
    2012-08-01 22:23 - 2012-08-01 22:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD64AE2A600D9E96
    2012-08-01 22:21 - 2012-08-01 22:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61C30F20A5DC977B
    2012-08-01 22:16 - 2012-08-01 22:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.679BFC1BB9030927
    2012-08-01 22:13 - 2012-08-01 22:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0014A19341F446C3
    2012-08-01 22:10 - 2012-08-01 22:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0AC70939866BFB9
    2012-08-01 22:07 - 2012-08-01 22:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F70ACD587B17A2D
    2012-08-01 22:04 - 2012-08-01 22:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2EA7C9FC2E7156E
    2012-08-01 22:01 - 2012-08-01 22:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DEF15AD666AD9FF
    2012-08-01 21:59 - 2012-08-01 21:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1918A9640383714C
    2012-08-01 21:56 - 2012-08-01 21:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5402D42734D03253
    2012-08-01 21:54 - 2012-08-01 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B014E7746B69BB5C
    2012-08-01 21:51 - 2012-08-01 21:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94929C660C1FD1D4
    2012-08-01 21:48 - 2012-08-01 21:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9EF7704FA9D20E1B
    2012-08-01 21:45 - 2012-08-01 21:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F388D241C2191134
    2012-08-01 21:42 - 2012-08-01 21:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A04D9D20D033A5BB
    2012-08-01 21:39 - 2012-08-01 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D9C3C0CD22146FAF
    2012-08-01 21:37 - 2012-08-01 21:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03FFBFFA76C511AA
    2012-08-01 21:34 - 2012-08-01 21:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.108C453C32538CE9
    2012-08-01 21:31 - 2012-08-01 21:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AB28B14A4258C2A
    2012-08-01 21:27 - 2012-08-01 21:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AD82583D218B144C
    2012-08-01 21:25 - 2012-08-01 21:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47FF61110861FD93
    2012-08-01 21:22 - 2012-08-01 21:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2A4DCCD093442F2
    2012-08-01 21:20 - 2012-08-01 21:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1078064C81A54B58
    2012-08-01 21:17 - 2012-08-01 21:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79D07146B253AB00
    2012-08-01 21:12 - 2012-08-01 21:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A77C38DF3F8DF5B
    2012-08-01 21:10 - 2012-08-01 21:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.450418ED28DDD245
    2012-08-01 21:07 - 2012-08-01 21:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A013C9220DD8DFA
    2012-08-01 21:02 - 2012-08-01 21:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06EBF1CC5E0B75D4
    2012-08-01 20:59 - 2012-08-01 20:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF7F7AFB4DFA790C
    2012-08-01 20:56 - 2012-08-01 20:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE800A2ABA43F24C
    2012-08-01 20:53 - 2012-08-01 20:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.11DA6FD0CE63C16E
    2012-08-01 20:50 - 2012-08-01 20:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26DD48C1A7C050B6
    2012-08-01 20:48 - 2012-08-01 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28C471C03152E1B3
    2012-08-01 20:46 - 2012-08-01 20:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3816B138406EF55
    2012-08-01 20:43 - 2012-08-01 20:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A66F14526025BAE
    2012-08-01 20:41 - 2012-08-01 20:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F20BF6937A603056
    2012-08-01 20:38 - 2012-08-01 20:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E91FCF0C3369A279
    2012-08-01 20:36 - 2012-08-01 20:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.806535E31760765E
    2012-08-01 20:33 - 2012-08-01 20:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49F559AE5FDEDCB1
    2012-08-01 20:31 - 2012-08-01 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE25DCA304633506
    2012-08-01 20:27 - 2012-08-01 20:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C3635234BBE6D9F
    2012-08-01 20:25 - 2012-08-01 20:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03B4A08F65E6BE9F
    2012-08-01 20:22 - 2012-08-01 20:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27B1D73589D1C2DA
    2012-08-01 20:20 - 2012-08-01 20:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FA2801141B53E39
    2012-08-01 20:17 - 2012-08-01 20:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E464B8FC0107FC3E
    2012-08-01 20:15 - 2012-08-01 20:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2E27867A9E999F1
    2012-08-01 20:12 - 2012-08-01 20:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1541ADBDA750577A
    2012-08-01 20:10 - 2012-08-01 20:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0328FC39D608ABF1
    2012-08-01 20:06 - 2012-08-01 20:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90F7EE4EB1D5E02F
    2012-08-01 20:04 - 2012-08-01 20:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4EAAA88BFB5308D
    2012-08-01 20:01 - 2012-08-01 20:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14410C837950975D
    2012-08-01 19:58 - 2012-08-01 19:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF6CF736CA4EA728
    2012-08-01 19:56 - 2012-08-01 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.91D5ACB29237EC45
    2012-08-01 19:53 - 2012-08-01 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B80E41D62A2707FA
    2012-08-01 19:49 - 2012-08-01 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8D24A5380615DC3E
    2012-08-01 19:47 - 2012-08-01 19:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE376ECF4C875275
    2012-08-01 19:44 - 2012-08-01 19:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E483E6825B6D8295
    2012-08-01 19:42 - 2012-08-01 19:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5BC3413C7D34B109
    2012-08-01 19:39 - 2012-08-01 19:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56B3F557EC4182A8
    2012-08-01 19:34 - 2012-08-01 19:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.71868BE536497452
    2012-08-01 19:31 - 2012-08-01 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F90B2F01D11BB6B
    2012-08-01 19:29 - 2012-08-01 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D8F2C9B40D0859B
    2012-08-01 19:25 - 2012-08-01 19:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5955C4F362257FE3
    2012-08-01 19:23 - 2012-08-01 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3C8A475B854FDB1
    2012-08-01 19:20 - 2012-08-01 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D412545A67F4083C
    2012-08-01 19:18 - 2012-08-01 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B050F9C9D882F6A4
    2012-08-01 19:15 - 2012-08-01 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.950F767B185E03B4
    2012-08-01 19:13 - 2012-08-01 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FBD51F87895F6043
    2012-08-01 19:11 - 2012-08-01 19:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58B181379F5F7276
    2012-08-01 19:08 - 2012-08-01 19:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF063EE80E2F420F
    2012-08-01 19:06 - 2012-08-01 19:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65136D1FDCB47772
    2012-08-01 19:03 - 2012-08-01 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F88A215B0FA4F00
    2012-08-01 19:00 - 2012-08-01 19:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6713F9D40F3D00E7
    2012-08-01 18:57 - 2012-08-01 18:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9ABE2014D9CD438
    2012-08-01 18:54 - 2012-08-01 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1AD39D9FC6F4EDA
    2012-08-01 18:51 - 2012-08-01 18:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9E23300116868299
    2012-08-01 18:48 - 2012-08-01 18:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75969E90459225D8
    2012-08-01 18:43 - 2012-08-01 18:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02CBDDB49335DCA2
    2012-08-01 18:40 - 2012-08-01 18:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.74BE45840965E688
    2012-08-01 18:37 - 2012-08-01 18:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA961D6577E38D4D
    2012-08-01 18:35 - 2012-08-01 18:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC281F03A05862D4
    2012-08-01 18:33 - 2012-08-01 18:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79A32A2AC6FAFA63
    2012-08-01 18:27 - 2012-08-01 18:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50CB5C6F78322DAA
    2012-08-01 18:12 - 2012-08-01 18:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5127EF7252E7874
    2012-08-01 18:04 - 2012-08-01 18:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.21A3C9D408CD73DF
    2012-08-01 18:00 - 2012-08-01 18:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B7018D534506B337
    2012-08-01 17:58 - 2012-08-01 17:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5BF3B8834CF1C5B
    2012-08-01 17:55 - 2012-08-01 17:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.37D6430C6EAC5BB1
    2012-08-01 17:53 - 2012-08-01 17:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC3E6FD8FFFA8D55
    2012-08-01 17:50 - 2012-08-01 17:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.93C3436349025B86
    2012-08-01 17:46 - 2012-08-01 17:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E58B55EAB94D4B2C
    2012-08-01 17:40 - 2012-08-01 17:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.150AE20EB6783123
    2012-08-01 17:38 - 2012-08-01 17:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD180896CE71B1A8
    2012-08-01 17:35 - 2012-08-01 17:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B53EF6C9DBDB8AE5
    2012-08-01 17:32 - 2012-08-01 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A19E180FA658C5E
    2012-08-01 17:30 - 2012-08-01 17:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DB2220710F868E1
    2012-08-01 17:27 - 2012-08-01 17:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B40C9070C1D5A1B8
    2012-08-01 17:24 - 2012-08-01 17:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5F52720A18AE7DF
    2012-08-01 17:21 - 2012-08-01 17:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.442F30237FA9B2A6
    2012-08-01 17:19 - 2012-08-01 17:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4493D11F83FEC41B
    2012-08-01 17:17 - 2012-08-01 17:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.053E351A1D7ED66B
    2012-08-01 17:14 - 2012-08-01 17:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB147E03CD9A0CE5
    2012-08-01 17:12 - 2012-08-01 17:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D06977DCFB03A80
    2012-08-01 17:09 - 2012-08-01 17:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9295F5C6D3BFF747
    2012-08-01 17:06 - 2012-08-01 17:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.699976F3B025FF87
    2012-08-01 17:03 - 2012-08-01 17:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB1FF8864FCA4FB
    2012-08-01 17:01 - 2012-08-01 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A91062709B51957
    2012-08-01 16:58 - 2012-08-01 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E574C91D2D1B280
    2012-08-01 16:56 - 2012-08-01 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC68A6D4EA4DEA52
    2012-08-01 16:53 - 2012-08-01 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D294661BC47DB210
    2012-08-01 16:51 - 2012-08-01 16:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C40702460CA71393
    2012-08-01 16:48 - 2012-08-01 16:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BFCDBE48BBB7B76C
    2012-08-01 16:45 - 2012-08-01 16:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8FD09C0BB4A0FCC
    2012-08-01 16:43 - 2012-08-01 16:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.710532FA6C59B690
    2012-08-01 16:40 - 2012-08-01 16:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2523BAC499D736D8
    2012-08-01 16:38 - 2012-08-01 16:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20B4FDC7848D366C
    2012-08-01 16:36 - 2012-08-01 16:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E05B434EBC7028D
    2012-08-01 16:32 - 2012-08-01 16:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D575F5BF31BB199
    2012-08-01 16:30 - 2012-08-01 16:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FC519C414B4F91E
    2012-08-01 16:27 - 2012-08-01 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48E98BA10EB0E3F2
    2012-08-01 16:25 - 2012-08-01 16:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42506981F5494B6E
    2012-08-01 16:23 - 2012-08-01 16:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA855CD8F3B9469E
    2012-08-01 16:20 - 2012-08-01 16:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBD1925FE6EF3598
    2012-08-01 16:18 - 2012-08-01 16:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A50A6317CBE52344
    2012-08-01 16:15 - 2012-08-01 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC86F47F95977A6B
    2012-08-01 16:12 - 2012-08-01 16:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FFC25EAB1DBEB1D0
    2012-08-01 16:09 - 2012-08-01 16:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FCB301ED906D814B
    2012-08-01 16:06 - 2012-08-01 16:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24A2379ADDBD9ACB
    2012-08-01 16:03 - 2012-08-01 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A5F496D65971FFF
    2012-08-01 15:58 - 2012-08-01 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6B514B7AD16A63B
    2012-08-01 15:54 - 2012-08-01 15:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF0EC05AB416631C
    2012-08-01 15:54 - 2009-07-13 21:13 - 00861442 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-01 15:46 - 2012-08-01 15:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.082EBDEC28EF8027
    2012-08-01 15:43 - 2012-08-01 15:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7539C71E6A14CDC3
    2012-08-01 15:40 - 2012-08-01 15:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90B2E54951ADEE0B
    2012-08-01 15:38 - 2011-08-11 14:23 - 00019176 ____A C:\Windows\PFRO.log
    2012-08-01 15:36 - 2012-08-01 15:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA6442CB581DB35A
    2012-08-01 15:28 - 2011-08-12 07:35 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-01 15:28 - 2011-08-11 14:14 - 00875592 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-01 15:28 - 2011-08-11 10:19 - 01555915 ____A C:\Windows\WindowsUpdate.log
    2012-08-01 15:19 - 2012-08-01 15:19 - 12621696 ____A (Microsoft Corporation) C:\Users\MattK\Downloads\mseinstall.exe
    2012-08-01 09:11 - 2011-12-14 14:50 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338972807-2305178636-2376310400-1000Core.job
    2012-07-29 11:24 - 2012-03-31 06:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-29 11:24 - 2011-08-18 08:29 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-16 04:33 - 2012-07-16 04:33 - 00001358 ____A C:\Users\MattK\Desktop\Norton Installation Files.lnk
    2012-07-13 10:57 - 2012-01-01 16:06 - 00001036 ____A C:\Users\Public\Desktop\Zappiti.exe.lnk
    2012-07-13 10:55 - 2012-07-13 10:54 - 09465770 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.27.0 (1).exe
    2012-07-11 15:08 - 2011-12-14 14:52 - 00002401 ____A C:\Users\MattK\Desktop\Google Chrome.lnk
    2012-07-09 13:12 - 2012-07-09 13:03 - 09465770 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.27.0.exe
    2012-06-27 09:54 - 2012-01-08 01:00 - 00008744 ____A C:\Windows\System32\lvcoinst.log
    2012-06-27 08:58 - 2012-06-27 08:53 - 09465068 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.25.0.exe
    2012-06-21 07:36 - 2009-07-13 20:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-21 07:36 - 2009-07-13 20:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-19 14:12 - 2012-06-19 14:12 - 00002204 ____A C:\Users\MattK\Documents\iphone contacts.csv
    2012-06-15 07:37 - 2012-06-10 16:05 - 00002026 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2012-06-14 14:53 - 2012-06-14 14:53 - 00517329 ____A C:\Users\MattK\Winstons X-Ray for 1.2.4.zip
    2012-06-14 08:14 - 2012-06-14 08:14 - 00278561 ____A C:\Users\MattK\Downloads\Minecraft (1).exe
    2012-06-13 09:46 - 2012-06-13 09:46 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-13 00:36 - 2009-07-13 20:45 - 05033592 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-13 00:10 - 2011-08-11 10:45 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-10 16:09 - 2011-08-12 07:26 - 00109216 ____A C:\Users\MattK\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-02 14:19 - 2012-06-08 16:31 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-08 16:31 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-08 16:31 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-08 16:31 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-08 16:31 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-08 16:31 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-08 16:31 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 12:19 - 2012-06-08 16:30 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15 - 2012-06-08 16:30 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 05:04 - 2012-06-02 05:04 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-05-31 07:02 - 2012-05-31 06:57 - 09447598 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.14.0 (1).exe
    2012-05-31 06:52 - 2012-05-31 06:41 - 09447598 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.14.0.exe
    2012-05-17 18:47 - 2012-06-13 00:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-13 00:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-13 00:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-13 00:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-13 00:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-13 00:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-13 00:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-13 00:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-13 00:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-13 00:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-13 00:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-13 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-13 00:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-13 00:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-13 00:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-13 00:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-13 00:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-13 00:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-13 00:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-13 00:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-13 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-13 00:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-13 00:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-13 00:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-13 00:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-13 00:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-13 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-13 00:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-14 17:32 - 2012-06-12 14:04 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-12 10:22 - 2011-12-26 06:51 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
    2012-05-11 14:25 - 2012-05-11 14:25 - 00274640 ____A C:\Windows\Minidump\051112-21450-01.dmp
    2012-05-11 14:25 - 2011-08-19 08:04 - 408236282 ____A C:\Windows\MEMORY.DMP
    ZeroAccess:
    C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}
    C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\@
    C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\L
    C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\n
    C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\U
    C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\U\00000001.@
    ZeroAccess:
    C:\Users\MattK\AppData\Local\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}
    C:\Users\MattK\AppData\Local\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\@
    C:\Users\MattK\AppData\Local\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\L
    C:\Users\MattK\AppData\Local\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 16%
    Total physical RAM: 3455.43 MB
    Available physical RAM: 2878.31 MB
    Total Pagefile: 3453.58 MB
    Available Pagefile: 2880.79 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:148.95 GB) (Free:74.96 GB) NTFS
    3 Drive f: () (Removable) (Total:0.5 GB) (Free:0.05 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 149 GB 0 B
    Disk 1 Online 507 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 148 GB 101 MB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy
    ==================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 148 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 507 MB 64 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 507 MB Healthy
    ==================================================================================
    ==========================================================
    Last Boot: 2012-06-17 21:29
    ======================= End Of Log ==========================
  7. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

  8. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

  9. Broni

    Broni Malware Annihilator Posts: 46,413   +252

    You posted FRST log twice.

    I still need you to....

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.
  10. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    Farbar Recovery Scan Tool Version: 04-08-2012 01
    Ran by SYSTEM at 2012-08-04 10:00:08
    Running from D:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-08-02 02:53] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
    ====== End Of Search ======
  11. Broni

    Broni Malware Annihilator Posts: 46,413   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

     
  12. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    SubSystems: [Windows] ==> ZeroAccess
    C:\Windows\System32\consrv.dll
    HKLM\...\Run: [] [x]
    HKLM-x32\...\Run: [] [x]
    2012-08-03 06:25 - 2012-08-03 06:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAEACAAFE787C68F
    2012-08-03 06:25 - 2012-08-03 06:25 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sxflhouo.sys
    2012-08-03 06:22 - 2012-08-03 06:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E4F39965E21C7F6
    2012-08-03 06:18 - 2012-08-03 06:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9111BA2FA11C53DA
    2012-08-03 06:12 - 2012-08-03 06:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E3988DAD57C33C2
    2012-08-03 05:54 - 2012-08-03 05:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.83D86AA65D2882DA
    2012-08-02 04:05 - 2012-08-02 04:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7AFBF99538297A81
    2012-08-02 03:44 - 2012-08-02 03:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B03314A53CAC5343
    2012-08-02 03:41 - 2012-08-02 03:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB9502B747DD947F
    2012-08-02 03:38 - 2012-08-02 03:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.283098B65BFCCD7F
    2012-08-02 03:34 - 2012-08-02 03:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DE19A90C14592CB
    2012-08-02 03:32 - 2012-08-02 03:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.33EF03CA7700BD56
    2012-08-02 03:29 - 2012-08-02 03:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AA9E80FB5FA9C79
    2012-08-02 03:27 - 2012-08-02 03:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A37297B7AFB3740
    2012-08-02 03:24 - 2012-08-02 03:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.321B547DF6B81C41
    2012-08-02 03:21 - 2012-08-02 03:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52D1F4A13FB07749
    2012-08-02 03:18 - 2012-08-02 03:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE732EBEDF684671
    2012-08-02 03:16 - 2012-08-02 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9E2067CFB24A51B
    2012-08-02 03:13 - 2012-08-02 03:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5BC22F3B63249298
    2012-08-02 03:11 - 2012-08-02 03:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F59426F21092A259
    2012-08-02 03:08 - 2012-08-02 03:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D79C72E3A81AB659
    2012-08-02 03:05 - 2012-08-02 03:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D09342258975EEDF
    2012-08-02 03:02 - 2012-08-02 03:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B3BA0D3DBD2FCD8
    2012-08-02 02:59 - 2012-08-02 02:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FB7481F667A2F54
    2012-08-02 02:56 - 2012-08-02 02:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.687214882F642C44
    2012-08-02 02:50 - 2012-08-02 02:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A389346A41C4B6B
    2012-08-02 02:47 - 2012-08-02 02:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E20DEE647728EEB
    2012-08-02 02:45 - 2012-08-02 02:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3AF53DD9B06B235
    2012-08-02 02:42 - 2012-08-02 02:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.528D5DA1D14332DE
    2012-08-02 02:39 - 2012-08-02 02:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9DC33A5A0FBA1369
    2012-08-02 02:37 - 2012-08-02 02:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AEEB722910C84175
    2012-08-02 02:34 - 2012-08-02 02:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B0C99CD8B6EB29C4
    2012-08-02 02:31 - 2012-08-02 02:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5960297848E68FC5
    2012-08-02 02:29 - 2012-08-02 02:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.39DE16FD8384686D
    2012-08-02 02:26 - 2012-08-02 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BAA367B6B64571F1
    2012-08-02 02:24 - 2012-08-02 02:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B27628944C12F703
    2012-08-02 02:18 - 2012-08-02 02:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D29FC9E61EB1B7C6
    2012-08-02 02:15 - 2012-08-02 02:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1D4ED5D66D65413
    2012-08-02 02:13 - 2012-08-02 02:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24DE82605635B81B
    2012-08-02 02:10 - 2012-08-02 02:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E41E037F0AFCCD4A
    2012-08-02 02:08 - 2012-08-02 02:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.122A5E1E54AE5ED2
    2012-08-02 02:05 - 2012-08-02 02:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9742DC30B0311E00
    2012-08-02 02:03 - 2012-08-02 02:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7159B463D1C5FE20
    2012-08-02 02:00 - 2012-08-02 02:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A525FB6F6319F7EF
    2012-08-02 01:57 - 2012-08-02 01:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96C3E4BA915F702E
    2012-08-02 01:54 - 2012-08-02 01:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D64EF27F40D682F7
    2012-08-02 01:51 - 2012-08-02 01:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C4985E93A8A5F674
    2012-08-02 01:49 - 2012-08-02 01:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA1735DDB584FAEB
    2012-08-02 01:40 - 2012-08-02 01:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59A2A60A6311803B
    2012-08-02 01:38 - 2012-08-02 01:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A4AC2A8C91DAD65
    2012-08-02 01:35 - 2012-08-02 01:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BABD326F42F07624
    2012-08-02 01:32 - 2012-08-02 01:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.425385496B36D13E
    2012-08-02 01:29 - 2012-08-02 01:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14523C6E8170B64D
    2012-08-02 01:26 - 2012-08-02 01:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D011AA9C2F1DDA6D
    2012-08-02 01:23 - 2012-08-02 01:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE650F1C034B2962
    2012-08-02 01:21 - 2012-08-02 01:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F152D54FEA96A54
    2012-08-02 01:18 - 2012-08-02 01:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EEE1C5962E7C7D18
    2012-08-02 01:15 - 2012-08-02 01:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB12AAECC3C0573
    2012-08-02 01:13 - 2012-08-02 01:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.732D2908EB80F490
    2012-08-02 01:10 - 2012-08-02 01:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AD311E264369345
    2012-08-02 01:07 - 2012-08-02 01:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7603D803F7FF7E95
    2012-08-02 01:04 - 2012-08-02 01:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3D0C0BD1DAEDC287
    2012-08-02 01:02 - 2012-08-02 01:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FAA53174069E117
    2012-08-02 00:56 - 2012-08-02 00:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAAEA68937437AC0
    2012-08-02 00:43 - 2012-08-02 00:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.164D00AEC9A7F87D
    2012-08-02 00:40 - 2012-08-02 00:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07E46FBBB0F23A63
    2012-08-02 00:37 - 2012-08-02 00:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3CFA7F46FE59DF4A
    2012-08-02 00:35 - 2012-08-02 00:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34E6064420F94D8E
    2012-08-02 00:32 - 2012-08-02 00:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4557614E7FBCA38F
    2012-08-02 00:28 - 2012-08-02 00:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE447090B88B6140
    2012-08-02 00:26 - 2012-08-02 00:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9FC033005D9CEB7
    2012-08-02 00:23 - 2012-08-02 00:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78C93B32663A461C
    2012-08-02 00:20 - 2012-08-02 00:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FB51642D65A6AED
    2012-08-02 00:18 - 2012-08-02 00:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16E0FC74C1EC0332
    2012-08-02 00:15 - 2012-08-02 00:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CFB6835567BB57F
    2012-08-02 00:12 - 2012-08-02 00:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.661AAECD479867FC
    2012-08-02 00:09 - 2012-08-02 00:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.92CA104CB6B20223
    2012-08-02 00:06 - 2012-08-02 00:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DD94C9B17A66FAF
    2012-08-02 00:04 - 2012-08-02 00:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16686CF02F23027F
    2012-08-02 00:01 - 2012-08-02 00:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4167AE9B0C050290
    2012-08-01 23:59 - 2012-08-01 23:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03B273584CB58979
    2012-08-01 23:55 - 2012-08-01 23:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.614D4E9243E4F92E
    2012-08-01 23:52 - 2012-08-01 23:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3C8733D05F8DD51
    2012-08-01 23:49 - 2012-08-01 23:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D00D5357E4AF8B1E
    2012-08-01 23:46 - 2012-08-01 23:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4BAA7E4BFE0AAC59
    2012-08-01 23:44 - 2012-08-01 23:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F84FFDFFC6BCA91
    2012-08-01 23:41 - 2012-08-01 23:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.611F6DF78FECF8DF
    2012-08-01 23:36 - 2012-08-01 23:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F8E5CB9A7BE3B96
    2012-08-01 23:33 - 2012-08-01 23:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85EA4C9C0FF97D4A
    2012-08-01 23:31 - 2012-08-01 23:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3363AA46023FF692
    2012-08-01 23:29 - 2012-08-01 23:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA9C0FF669B88EC4
    2012-08-01 23:26 - 2012-08-01 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D5FA15A6BD25007
    2012-08-01 23:22 - 2012-08-01 23:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCB91B31723180D6
    2012-08-01 23:19 - 2012-08-01 23:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C40C90D8BD647F6F
    2012-08-01 23:17 - 2012-08-01 23:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C420B175B33DAD4
    2012-08-01 23:15 - 2012-08-01 23:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADD49242DC72885E
    2012-08-01 23:12 - 2012-08-01 23:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF6AA2BDD1925292
    2012-08-01 23:10 - 2012-08-01 23:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3840E6DC9293A846
    2012-08-01 23:07 - 2012-08-01 23:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5913E98792C7A9D
    2012-08-01 22:59 - 2012-08-01 22:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C506211357A9A94
    2012-08-01 22:57 - 2012-08-01 22:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.53A31E5E79F082D9
    2012-08-01 22:54 - 2012-08-01 22:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FAF388D99072CD8B
    2012-08-01 22:52 - 2012-08-01 22:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A71DFCCD88E0C172
    2012-08-01 22:49 - 2012-08-01 22:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5B1E9CC6DF25639
    2012-08-01 22:47 - 2012-08-01 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.105C604F2EF4E085
    2012-08-01 22:44 - 2012-08-01 22:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51A47559531877FB
    2012-08-01 22:39 - 2012-08-01 22:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E667505CDC044B4E
    2012-08-01 22:37 - 2012-08-01 22:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20C6A432EE076E48
    2012-08-01 22:34 - 2012-08-01 22:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE186F5347687056
    2012-08-01 22:31 - 2012-08-01 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E1AF63FAE598301
    2012-08-01 22:28 - 2012-08-01 22:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.10950AD09488E3C9
    2012-08-01 22:26 - 2012-08-01 22:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.727CD3E397711FBD
    2012-08-01 22:23 - 2012-08-01 22:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD64AE2A600D9E96
    2012-08-01 22:21 - 2012-08-01 22:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61C30F20A5DC977B
    2012-08-01 22:16 - 2012-08-01 22:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.679BFC1BB9030927
    2012-08-01 22:13 - 2012-08-01 22:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0014A19341F446C3
    2012-08-01 22:10 - 2012-08-01 22:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0AC70939866BFB9
    2012-08-01 22:07 - 2012-08-01 22:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F70ACD587B17A2D
    2012-08-01 22:04 - 2012-08-01 22:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2EA7C9FC2E7156E
    2012-08-01 22:01 - 2012-08-01 22:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DEF15AD666AD9FF
    2012-08-01 21:59 - 2012-08-01 21:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1918A9640383714C
    2012-08-01 21:56 - 2012-08-01 21:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5402D42734D03253
    2012-08-01 21:54 - 2012-08-01 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B014E7746B69BB5C
    2012-08-01 21:51 - 2012-08-01 21:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94929C660C1FD1D4
    2012-08-01 21:48 - 2012-08-01 21:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9EF7704FA9D20E1B
    2012-08-01 21:45 - 2012-08-01 21:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F388D241C2191134
    2012-08-01 21:42 - 2012-08-01 21:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A04D9D20D033A5BB
    2012-08-01 21:39 - 2012-08-01 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D9C3C0CD22146FAF
    2012-08-01 21:37 - 2012-08-01 21:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03FFBFFA76C511AA
    2012-08-01 21:34 - 2012-08-01 21:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.108C453C32538CE9
    2012-08-01 21:31 - 2012-08-01 21:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AB28B14A4258C2A
    2012-08-01 21:27 - 2012-08-01 21:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AD82583D218B144C
    2012-08-01 21:25 - 2012-08-01 21:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47FF61110861FD93
    2012-08-01 21:22 - 2012-08-01 21:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2A4DCCD093442F2
    2012-08-01 21:20 - 2012-08-01 21:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1078064C81A54B58
    2012-08-01 21:17 - 2012-08-01 21:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79D07146B253AB00
    2012-08-01 21:12 - 2012-08-01 21:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A77C38DF3F8DF5B
    2012-08-01 21:10 - 2012-08-01 21:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.450418ED28DDD245
    2012-08-01 21:07 - 2012-08-01 21:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A013C9220DD8DFA
    2012-08-01 21:02 - 2012-08-01 21:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06EBF1CC5E0B75D4
    2012-08-01 20:59 - 2012-08-01 20:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF7F7AFB4DFA790C
    2012-08-01 20:56 - 2012-08-01 20:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE800A2ABA43F24C
    2012-08-01 20:53 - 2012-08-01 20:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.11DA6FD0CE63C16E
    2012-08-01 20:50 - 2012-08-01 20:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26DD48C1A7C050B6
    2012-08-01 20:48 - 2012-08-01 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28C471C03152E1B3
    2012-08-01 20:46 - 2012-08-01 20:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3816B138406EF55
    2012-08-01 20:43 - 2012-08-01 20:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A66F14526025BAE
    2012-08-01 20:41 - 2012-08-01 20:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F20BF6937A603056
    2012-08-01 20:38 - 2012-08-01 20:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E91FCF0C3369A279
    2012-08-01 20:36 - 2012-08-01 20:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.806535E31760765E
    2012-08-01 20:33 - 2012-08-01 20:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49F559AE5FDEDCB1
    2012-08-01 20:31 - 2012-08-01 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE25DCA304633506
    2012-08-01 20:27 - 2012-08-01 20:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C3635234BBE6D9F
    2012-08-01 20:25 - 2012-08-01 20:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03B4A08F65E6BE9F
    2012-08-01 20:22 - 2012-08-01 20:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27B1D73589D1C2DA
    2012-08-01 20:20 - 2012-08-01 20:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FA2801141B53E39
    2012-08-01 20:17 - 2012-08-01 20:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E464B8FC0107FC3E
    2012-08-01 20:15 - 2012-08-01 20:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2E27867A9E999F1
    2012-08-01 20:12 - 2012-08-01 20:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1541ADBDA750577A
    2012-08-01 20:10 - 2012-08-01 20:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0328FC39D608ABF1
    2012-08-01 20:06 - 2012-08-01 20:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90F7EE4EB1D5E02F
    2012-08-01 20:04 - 2012-08-01 20:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4EAAA88BFB5308D
    2012-08-01 20:01 - 2012-08-01 20:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14410C837950975D
    2012-08-01 19:58 - 2012-08-01 19:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF6CF736CA4EA728
    2012-08-01 19:56 - 2012-08-01 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.91D5ACB29237EC45
    2012-08-01 19:53 - 2012-08-01 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B80E41D62A2707FA
    2012-08-01 19:49 - 2012-08-01 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8D24A5380615DC3E
    2012-08-01 19:47 - 2012-08-01 19:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE376ECF4C875275
    2012-08-01 19:44 - 2012-08-01 19:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E483E6825B6D8295
    2012-08-01 19:42 - 2012-08-01 19:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5BC3413C7D34B109
    2012-08-01 19:39 - 2012-08-01 19:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56B3F557EC4182A8
    2012-08-01 19:34 - 2012-08-01 19:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.71868BE536497452
    2012-08-01 19:31 - 2012-08-01 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F90B2F01D11BB6B
    2012-08-01 19:29 - 2012-08-01 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D8F2C9B40D0859B
    2012-08-01 19:25 - 2012-08-01 19:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5955C4F362257FE3
    2012-08-01 19:23 - 2012-08-01 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3C8A475B854FDB1
    2012-08-01 19:20 - 2012-08-01 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D412545A67F4083C
    2012-08-01 19:18 - 2012-08-01 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B050F9C9D882F6A4
    2012-08-01 19:15 - 2012-08-01 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.950F767B185E03B4
    2012-08-01 19:13 - 2012-08-01 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FBD51F87895F6043
    2012-08-01 19:11 - 2012-08-01 19:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58B181379F5F7276
    2012-08-01 19:08 - 2012-08-01 19:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF063EE80E2F420F
    2012-08-01 19:06 - 2012-08-01 19:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65136D1FDCB47772
    2012-08-01 19:03 - 2012-08-01 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F88A215B0FA4F00
    2012-08-01 19:00 - 2012-08-01 19:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6713F9D40F3D00E7
    2012-08-01 18:57 - 2012-08-01 18:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9ABE2014D9CD438
    2012-08-01 18:54 - 2012-08-01 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1AD39D9FC6F4EDA
    2012-08-01 18:51 - 2012-08-01 18:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9E23300116868299
    2012-08-01 18:48 - 2012-08-01 18:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75969E90459225D8
    2012-08-01 18:43 - 2012-08-01 18:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02CBDDB49335DCA2
    2012-08-01 18:40 - 2012-08-01 18:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.74BE45840965E688
    2012-08-01 18:37 - 2012-08-01 18:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA961D6577E38D4D
    2012-08-01 18:35 - 2012-08-01 18:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC281F03A05862D4
    2012-08-01 18:33 - 2012-08-01 18:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79A32A2AC6FAFA63
    2012-08-01 18:27 - 2012-08-01 18:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50CB5C6F78322DAA
    2012-08-01 18:12 - 2012-08-01 18:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5127EF7252E7874
    2012-08-01 18:04 - 2012-08-01 18:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.21A3C9D408CD73DF
    2012-08-01 18:00 - 2012-08-01 18:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B7018D534506B337
    2012-08-01 17:58 - 2012-08-01 17:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5BF3B8834CF1C5B
    2012-08-01 17:55 - 2012-08-01 17:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.37D6430C6EAC5BB1
    2012-08-01 17:53 - 2012-08-01 17:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC3E6FD8FFFA8D55
    2012-08-01 17:50 - 2012-08-01 17:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.93C3436349025B86
    2012-08-01 17:46 - 2012-08-01 17:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E58B55EAB94D4B2C
    2012-08-01 17:40 - 2012-08-01 17:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.150AE20EB6783123
    2012-08-01 17:38 - 2012-08-01 17:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD180896CE71B1A8
    2012-08-01 17:35 - 2012-08-01 17:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B53EF6C9DBDB8AE5
    2012-08-01 17:32 - 2012-08-01 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A19E180FA658C5E
    2012-08-01 17:30 - 2012-08-01 17:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DB2220710F868E1
    2012-08-01 17:27 - 2012-08-01 17:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B40C9070C1D5A1B8
    2012-08-01 17:24 - 2012-08-01 17:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5F52720A18AE7DF
    2012-08-01 17:21 - 2012-08-01 17:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.442F30237FA9B2A6
    2012-08-01 17:19 - 2012-08-01 17:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4493D11F83FEC41B
    2012-08-01 17:17 - 2012-08-01 17:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.053E351A1D7ED66B
    2012-08-01 17:14 - 2012-08-01 17:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB147E03CD9A0CE5
    2012-08-01 17:12 - 2012-08-01 17:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D06977DCFB03A80
    2012-08-01 17:09 - 2012-08-01 17:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9295F5C6D3BFF747
    2012-08-01 17:06 - 2012-08-01 17:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.699976F3B025FF87
    2012-08-01 17:03 - 2012-08-01 17:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB1FF8864FCA4FB
    2012-08-01 17:01 - 2012-08-01 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A91062709B51957
    2012-08-01 16:58 - 2012-08-01 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E574C91D2D1B280
    2012-08-01 16:56 - 2012-08-01 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC68A6D4EA4DEA52
    2012-08-01 16:53 - 2012-08-01 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D294661BC47DB210
    2012-08-01 16:51 - 2012-08-01 16:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C40702460CA71393
    2012-08-01 16:48 - 2012-08-01 16:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BFCDBE48BBB7B76C
    2012-08-01 16:45 - 2012-08-01 16:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8FD09C0BB4A0FCC
    2012-08-01 16:43 - 2012-08-01 16:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.710532FA6C59B690
    2012-08-01 16:40 - 2012-08-01 16:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2523BAC499D736D8
    2012-08-01 16:38 - 2012-08-01 16:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20B4FDC7848D366C
    2012-08-01 16:36 - 2012-08-01 16:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E05B434EBC7028D
    2012-08-01 16:32 - 2012-08-01 16:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D575F5BF31BB199
    2012-08-01 16:30 - 2012-08-01 16:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FC519C414B4F91E
    2012-08-01 16:27 - 2012-08-01 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48E98BA10EB0E3F2
    2012-08-01 16:25 - 2012-08-01 16:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42506981F5494B6E
    2012-08-01 16:23 - 2012-08-01 16:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA855CD8F3B9469E
    2012-08-01 16:20 - 2012-08-01 16:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBD1925FE6EF3598
    2012-08-01 16:18 - 2012-08-01 16:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A50A6317CBE52344
    2012-08-01 16:15 - 2012-08-01 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC86F47F95977A6B
    2012-08-01 16:12 - 2012-08-01 16:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FFC25EAB1DBEB1D0
    2012-08-01 16:09 - 2012-08-01 16:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FCB301ED906D814B
    2012-08-01 16:06 - 2012-08-01 16:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24A2379ADDBD9ACB
    2012-08-01 16:03 - 2012-08-01 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A5F496D65971FFF
    2012-08-01 15:58 - 2012-08-01 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6B514B7AD16A63B
    2012-08-01 15:54 - 2012-08-01 15:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF0EC05AB416631C
    2012-08-01 15:46 - 2012-08-01 15:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.082EBDEC28EF8027
    2012-08-01 15:43 - 2012-08-01 15:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7539C71E6A14CDC3
    2012-08-01 15:40 - 2012-08-01 15:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90B2E54951ADEE0B
    2012-08-01 15:36 - 2012-08-01 15:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA6442CB581DB35A
    C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}
    C:\Users\MattK\AppData\Local\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
  13. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    ComboFix 12-08-04.02 - MattK 08/04/2012 14:30:10.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3455.2178 [GMT -5:00]
    Running from: c:\users\MattK\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{176E9F61-63DF-4D34-90E6-E3332633B2C5}.xps
    c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1908DC03-A80D-49BC-A49F-A75CBE1EA580}.xps
    c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3BF7FD25-BB84-4AB5-95B4-ECDF4015E34B}.xps
    c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{50832FCC-9DD0-4300-8AA5-3DDE71B0CE20}.xps
    c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5F07905C-6639-40A4-BE8C-C58AF9481DD2}.xps
    c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D10B957-D0C5-4E7C-9561-B2F12C0393F1}.xps
    c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{82C87DDB-6635-4F9A-BA44-0CAF7A4442CE}.xps
    c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B23C3A48-A561-42A4-B83A-E9D9E41A6E42}.xps
    c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B7A5F551-A6F4-4E28-A835-4D2C79F9B696}.xps
    c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C3BE4FA7-6596-46EB-B06C-D218CB4005C9}.xps
    c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C7EF9CC1-91FF-477A-B81F-5796A5E51DE8}.xps
    c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EBC8E54E-2D4D-4DA2-960B-DF412A348E4B}.xps
    c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FE43CFE7-F5FB-4DA1-B0C7-BB685D2C4C63}.xps
    c:\windows\sqliteodbc2010.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-03 17:39 . 2012-08-03 17:39 -------- d-----w- C:\FRST
    2012-08-01 23:29 . 2012-02-09 19:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BABE5B67-506C-466A-AB47-5E1AF051BE30}\gapaengine.dll
    2012-08-01 23:29 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F80888A-AA2B-40C9-8636-2F8877AA2061}\mpengine.dll
    2012-08-01 23:28 . 2012-08-01 23:28 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-08-01 23:28 . 2012-08-01 23:28 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-13 18:57 . 2012-07-13 18:57 -------- d-----w- c:\program files (x86)\HDLand
    2012-07-09 21:49 . 2012-07-09 21:49 -------- d-----w- c:\users\MattK\AppData\Local\Diagnostics
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-04 19:19 . 2012-03-31 14:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-04 19:19 . 2011-08-18 16:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-13 08:10 . 2011-08-11 18:45 58957832 ----a-w- c:\windows\system32\MRT.exe
    2012-06-02 22:19 . 2012-06-09 00:31 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-09 00:31 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-09 00:31 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-09 00:31 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-09 00:31 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-09 00:31 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-09 00:31 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-09 00:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:15 . 2012-06-09 00:30 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-18 02:47 . 2012-06-13 08:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
    2012-05-18 02:16 . 2012-06-13 08:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
    2012-05-18 02:06 . 2012-06-13 08:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-05-18 01:59 . 2012-06-13 08:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-05-18 01:59 . 2012-06-13 08:01 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-05-18 01:58 . 2012-06-13 08:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-18 01:58 . 2012-06-13 08:01 237056 ----a-w- c:\windows\system32\url.dll
    2012-05-18 01:56 . 2012-06-13 08:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-05-18 01:55 . 2012-06-13 08:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-18 01:55 . 2012-06-13 08:01 818688 ----a-w- c:\windows\system32\jscript.dll
    2012-05-18 01:54 . 2012-06-13 08:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-05-18 01:51 . 2012-06-13 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-05-18 01:51 . 2012-06-13 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-05-18 01:47 . 2012-06-13 08:01 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-05-17 22:45 . 2012-06-13 08:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-05-17 22:35 . 2012-06-13 08:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-05-17 22:35 . 2012-06-13 08:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29 . 2012-06-13 08:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24 . 2012-06-13 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-05-15 01:32 . 2012-06-12 22:04 3146752 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-18 39408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417904]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
    "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
    R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 136176]
    R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2011-09-30 105672]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-11 1255736]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
    S2 NfsClnt;Client for NFS;c:\windows\system32\nfsclnt.exe [2010-11-20 65536]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
    S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 716872]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    S3 NfsRdr;Client for NFS Redirector;c:\windows\system32\drivers\nfsrdr.sys [2010-11-20 246272]
    S3 RpcXdr;Server for NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys [2010-11-20 104960]
    S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCir64.sys [2007-04-25 37760]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:19]
    .
    2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 22:35]
    .
    2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 22:35]
    .
    2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338972807-2305178636-2376310400-1000Core.job
    - c:\users\MattK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 07:51]
    .
    2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338972807-2305178636-2376310400-1000UA.job
    - c:\users\MattK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 07:51]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 120320]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
    TCP: DhcpNameServer = 10.0.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-04 15:02:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-04 20:02
    .
    Pre-Run: 80,513,949,696 bytes free
    Post-Run: 80,951,267,328 bytes free
    .
    - - End Of File - - 00B275B7BEA89C8FF005F6FE477D8406
  14. Broni

    Broni Malware Annihilator Posts: 46,413   +252

    In your reply #12 you just posted my script instead of posting a log from FRST fix (Fixlog.txt).
    Please post required log.
  15. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    Sorry.......

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01
    Ran by SYSTEM at 2012-08-04 13:58:57 Run:1
    Running from D:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\System32\services.exe.CAEACAAFE787C68F moved successfully.
    C:\Windows\System32\Drivers\sxflhouo.sys moved successfully.
    C:\Windows\System32\services.exe.7E4F39965E21C7F6 moved successfully.
    C:\Windows\System32\services.exe.9111BA2FA11C53DA moved successfully.
    C:\Windows\System32\services.exe.7E3988DAD57C33C2 moved successfully.
    C:\Windows\System32\services.exe.83D86AA65D2882DA moved successfully.
    C:\Windows\System32\services.exe.7AFBF99538297A81 moved successfully.
    C:\Windows\System32\services.exe.B03314A53CAC5343 moved successfully.
    C:\Windows\System32\services.exe.FB9502B747DD947F moved successfully.
    C:\Windows\System32\services.exe.283098B65BFCCD7F moved successfully.
    C:\Windows\System32\services.exe.5DE19A90C14592CB moved successfully.
    C:\Windows\System32\services.exe.33EF03CA7700BD56 moved successfully.
    C:\Windows\System32\services.exe.9AA9E80FB5FA9C79 moved successfully.
    C:\Windows\System32\services.exe.3A37297B7AFB3740 moved successfully.
    C:\Windows\System32\services.exe.321B547DF6B81C41 moved successfully.
    C:\Windows\System32\services.exe.52D1F4A13FB07749 moved successfully.
    C:\Windows\System32\services.exe.CE732EBEDF684671 moved successfully.
    C:\Windows\System32\services.exe.A9E2067CFB24A51B moved successfully.
    C:\Windows\System32\services.exe.5BC22F3B63249298 moved successfully.
    C:\Windows\System32\services.exe.F59426F21092A259 moved successfully.
    C:\Windows\System32\services.exe.D79C72E3A81AB659 moved successfully.
    C:\Windows\System32\services.exe.D09342258975EEDF moved successfully.
    C:\Windows\System32\services.exe.6B3BA0D3DBD2FCD8 moved successfully.
    C:\Windows\System32\services.exe.5FB7481F667A2F54 moved successfully.
    C:\Windows\System32\services.exe.687214882F642C44 moved successfully.
    C:\Windows\System32\services.exe.0A389346A41C4B6B moved successfully.
    C:\Windows\System32\services.exe.8E20DEE647728EEB moved successfully.
    C:\Windows\System32\services.exe.E3AF53DD9B06B235 moved successfully.
    C:\Windows\System32\services.exe.528D5DA1D14332DE moved successfully.
    C:\Windows\System32\services.exe.9DC33A5A0FBA1369 moved successfully.
    C:\Windows\System32\services.exe.AEEB722910C84175 moved successfully.
    C:\Windows\System32\services.exe.B0C99CD8B6EB29C4 moved successfully.
    C:\Windows\System32\services.exe.5960297848E68FC5 moved successfully.
    C:\Windows\System32\services.exe.39DE16FD8384686D moved successfully.
    C:\Windows\System32\services.exe.BAA367B6B64571F1 moved successfully.
    C:\Windows\System32\services.exe.B27628944C12F703 moved successfully.
    C:\Windows\System32\services.exe.D29FC9E61EB1B7C6 moved successfully.
    C:\Windows\System32\services.exe.C1D4ED5D66D65413 moved successfully.
    C:\Windows\System32\services.exe.24DE82605635B81B moved successfully.
    C:\Windows\System32\services.exe.E41E037F0AFCCD4A moved successfully.
    C:\Windows\System32\services.exe.122A5E1E54AE5ED2 moved successfully.
    C:\Windows\System32\services.exe.9742DC30B0311E00 moved successfully.
    C:\Windows\System32\services.exe.7159B463D1C5FE20 moved successfully.
    C:\Windows\System32\services.exe.A525FB6F6319F7EF moved successfully.
    C:\Windows\System32\services.exe.96C3E4BA915F702E moved successfully.
    C:\Windows\System32\services.exe.D64EF27F40D682F7 moved successfully.
    C:\Windows\System32\services.exe.C4985E93A8A5F674 moved successfully.
    C:\Windows\System32\services.exe.DA1735DDB584FAEB moved successfully.
    C:\Windows\System32\services.exe.59A2A60A6311803B moved successfully.
    C:\Windows\System32\services.exe.9A4AC2A8C91DAD65 moved successfully.
    C:\Windows\System32\services.exe.BABD326F42F07624 moved successfully.
    C:\Windows\System32\services.exe.425385496B36D13E moved successfully.
    C:\Windows\System32\services.exe.14523C6E8170B64D moved successfully.
    C:\Windows\System32\services.exe.D011AA9C2F1DDA6D moved successfully.
    C:\Windows\System32\services.exe.EE650F1C034B2962 moved successfully.
    C:\Windows\System32\services.exe.9F152D54FEA96A54 moved successfully.
    C:\Windows\System32\services.exe.EEE1C5962E7C7D18 moved successfully.
    C:\Windows\System32\services.exe.2BB12AAECC3C0573 moved successfully.
    C:\Windows\System32\services.exe.732D2908EB80F490 moved successfully.
    C:\Windows\System32\services.exe.8AD311E264369345 moved successfully.
    C:\Windows\System32\services.exe.7603D803F7FF7E95 moved successfully.
    C:\Windows\System32\services.exe.3D0C0BD1DAEDC287 moved successfully.
    C:\Windows\System32\services.exe.7FAA53174069E117 moved successfully.
    C:\Windows\System32\services.exe.CAAEA68937437AC0 moved successfully.
    C:\Windows\System32\services.exe.164D00AEC9A7F87D moved successfully.
    C:\Windows\System32\services.exe.07E46FBBB0F23A63 moved successfully.
    C:\Windows\System32\services.exe.3CFA7F46FE59DF4A moved successfully.
    C:\Windows\System32\services.exe.34E6064420F94D8E moved successfully.
    C:\Windows\System32\services.exe.4557614E7FBCA38F moved successfully.
    C:\Windows\System32\services.exe.DE447090B88B6140 moved successfully.
    C:\Windows\System32\services.exe.E9FC033005D9CEB7 moved successfully.
    C:\Windows\System32\services.exe.78C93B32663A461C moved successfully.
    C:\Windows\System32\services.exe.5FB51642D65A6AED moved successfully.
    C:\Windows\System32\services.exe.16E0FC74C1EC0332 moved successfully.
    C:\Windows\System32\services.exe.8CFB6835567BB57F moved successfully.
    C:\Windows\System32\services.exe.661AAECD479867FC moved successfully.
    C:\Windows\System32\services.exe.92CA104CB6B20223 moved successfully.
    C:\Windows\System32\services.exe.4DD94C9B17A66FAF moved successfully.
    C:\Windows\System32\services.exe.16686CF02F23027F moved successfully.
    C:\Windows\System32\services.exe.4167AE9B0C050290 moved successfully.
    C:\Windows\System32\services.exe.03B273584CB58979 moved successfully.
    C:\Windows\System32\services.exe.614D4E9243E4F92E moved successfully.
    C:\Windows\System32\services.exe.D3C8733D05F8DD51 moved successfully.
    C:\Windows\System32\services.exe.D00D5357E4AF8B1E moved successfully.
    C:\Windows\System32\services.exe.4BAA7E4BFE0AAC59 moved successfully.
    C:\Windows\System32\services.exe.3F84FFDFFC6BCA91 moved successfully.
    C:\Windows\System32\services.exe.611F6DF78FECF8DF moved successfully.
    C:\Windows\System32\services.exe.4F8E5CB9A7BE3B96 moved successfully.
    C:\Windows\System32\services.exe.85EA4C9C0FF97D4A moved successfully.
    C:\Windows\System32\services.exe.3363AA46023FF692 moved successfully.
    C:\Windows\System32\services.exe.DA9C0FF669B88EC4 moved successfully.
    C:\Windows\System32\services.exe.1D5FA15A6BD25007 moved successfully.
    C:\Windows\System32\services.exe.CCB91B31723180D6 moved successfully.
    C:\Windows\System32\services.exe.C40C90D8BD647F6F moved successfully.
    C:\Windows\System32\services.exe.1C420B175B33DAD4 moved successfully.
    C:\Windows\System32\services.exe.ADD49242DC72885E moved successfully.
    C:\Windows\System32\services.exe.AF6AA2BDD1925292 moved successfully.
    C:\Windows\System32\services.exe.3840E6DC9293A846 moved successfully.
    C:\Windows\System32\services.exe.F5913E98792C7A9D moved successfully.
    C:\Windows\System32\services.exe.3C506211357A9A94 moved successfully.
    C:\Windows\System32\services.exe.53A31E5E79F082D9 moved successfully.
    C:\Windows\System32\services.exe.FAF388D99072CD8B moved successfully.
    C:\Windows\System32\services.exe.A71DFCCD88E0C172 moved successfully.
    C:\Windows\System32\services.exe.A5B1E9CC6DF25639 moved successfully.
    C:\Windows\System32\services.exe.105C604F2EF4E085 moved successfully.
    C:\Windows\System32\services.exe.51A47559531877FB moved successfully.
    C:\Windows\System32\services.exe.E667505CDC044B4E moved successfully.
    C:\Windows\System32\services.exe.20C6A432EE076E48 moved successfully.
    C:\Windows\System32\services.exe.DE186F5347687056 moved successfully.
    C:\Windows\System32\services.exe.3E1AF63FAE598301 moved successfully.
    C:\Windows\System32\services.exe.10950AD09488E3C9 moved successfully.
    C:\Windows\System32\services.exe.727CD3E397711FBD moved successfully.
    C:\Windows\System32\services.exe.FD64AE2A600D9E96 moved successfully.
    C:\Windows\System32\services.exe.61C30F20A5DC977B moved successfully.
    C:\Windows\System32\services.exe.679BFC1BB9030927 moved successfully.
    C:\Windows\System32\services.exe.0014A19341F446C3 moved successfully.
    C:\Windows\System32\services.exe.A0AC70939866BFB9 moved successfully.
    C:\Windows\System32\services.exe.4F70ACD587B17A2D moved successfully.
    C:\Windows\System32\services.exe.A2EA7C9FC2E7156E moved successfully.
    C:\Windows\System32\services.exe.4DEF15AD666AD9FF moved successfully.
    C:\Windows\System32\services.exe.1918A9640383714C moved successfully.
    C:\Windows\System32\services.exe.5402D42734D03253 moved successfully.
    C:\Windows\System32\services.exe.B014E7746B69BB5C moved successfully.
    C:\Windows\System32\services.exe.94929C660C1FD1D4 moved successfully.
    C:\Windows\System32\services.exe.9EF7704FA9D20E1B moved successfully.
    C:\Windows\System32\services.exe.F388D241C2191134 moved successfully.
    C:\Windows\System32\services.exe.A04D9D20D033A5BB moved successfully.
    C:\Windows\System32\services.exe.D9C3C0CD22146FAF moved successfully.
    C:\Windows\System32\services.exe.03FFBFFA76C511AA moved successfully.
    C:\Windows\System32\services.exe.108C453C32538CE9 moved successfully.
    C:\Windows\System32\services.exe.8AB28B14A4258C2A moved successfully.
    C:\Windows\System32\services.exe.AD82583D218B144C moved successfully.
    C:\Windows\System32\services.exe.47FF61110861FD93 moved successfully.
    C:\Windows\System32\services.exe.F2A4DCCD093442F2 moved successfully.
    C:\Windows\System32\services.exe.1078064C81A54B58 moved successfully.
    C:\Windows\System32\services.exe.79D07146B253AB00 moved successfully.
    C:\Windows\System32\services.exe.5A77C38DF3F8DF5B moved successfully.
    C:\Windows\System32\services.exe.450418ED28DDD245 moved successfully.
    C:\Windows\System32\services.exe.6A013C9220DD8DFA moved successfully.
    C:\Windows\System32\services.exe.06EBF1CC5E0B75D4 moved successfully.
    C:\Windows\System32\services.exe.DF7F7AFB4DFA790C moved successfully.
    C:\Windows\System32\services.exe.CE800A2ABA43F24C moved successfully.
    C:\Windows\System32\services.exe.11DA6FD0CE63C16E moved successfully.
    C:\Windows\System32\services.exe.26DD48C1A7C050B6 moved successfully.
    C:\Windows\System32\services.exe.28C471C03152E1B3 moved successfully.
    C:\Windows\System32\services.exe.E3816B138406EF55 moved successfully.
    C:\Windows\System32\services.exe.2A66F14526025BAE moved successfully.
    C:\Windows\System32\services.exe.F20BF6937A603056 moved successfully.
    C:\Windows\System32\services.exe.E91FCF0C3369A279 moved successfully.
    C:\Windows\System32\services.exe.806535E31760765E moved successfully.
    C:\Windows\System32\services.exe.49F559AE5FDEDCB1 moved successfully.
    C:\Windows\System32\services.exe.EE25DCA304633506 moved successfully.
    C:\Windows\System32\services.exe.8C3635234BBE6D9F moved successfully.
    C:\Windows\System32\services.exe.03B4A08F65E6BE9F moved successfully.
    C:\Windows\System32\services.exe.27B1D73589D1C2DA moved successfully.
    C:\Windows\System32\services.exe.2FA2801141B53E39 moved successfully.
    C:\Windows\System32\services.exe.E464B8FC0107FC3E moved successfully.
    C:\Windows\System32\services.exe.E2E27867A9E999F1 moved successfully.
    C:\Windows\System32\services.exe.1541ADBDA750577A moved successfully.
    C:\Windows\System32\services.exe.0328FC39D608ABF1 moved successfully.
    C:\Windows\System32\services.exe.90F7EE4EB1D5E02F moved successfully.
    C:\Windows\System32\services.exe.E4EAAA88BFB5308D moved successfully.
    C:\Windows\System32\services.exe.14410C837950975D moved successfully.
    C:\Windows\System32\services.exe.DF6CF736CA4EA728 moved successfully.
    C:\Windows\System32\services.exe.91D5ACB29237EC45 moved successfully.
    C:\Windows\System32\services.exe.B80E41D62A2707FA moved successfully.
    C:\Windows\System32\services.exe.8D24A5380615DC3E moved successfully.
    C:\Windows\System32\services.exe.CE376ECF4C875275 moved successfully.
    C:\Windows\System32\services.exe.E483E6825B6D8295 moved successfully.
    C:\Windows\System32\services.exe.5BC3413C7D34B109 moved successfully.
    C:\Windows\System32\services.exe.56B3F557EC4182A8 moved successfully.
    C:\Windows\System32\services.exe.71868BE536497452 moved successfully.
    C:\Windows\System32\services.exe.1F90B2F01D11BB6B moved successfully.
    C:\Windows\System32\services.exe.2D8F2C9B40D0859B moved successfully.
    C:\Windows\System32\services.exe.5955C4F362257FE3 moved successfully.
    C:\Windows\System32\services.exe.C3C8A475B854FDB1 moved successfully.
    C:\Windows\System32\services.exe.D412545A67F4083C moved successfully.
    C:\Windows\System32\services.exe.B050F9C9D882F6A4 moved successfully.
    C:\Windows\System32\services.exe.950F767B185E03B4 moved successfully.
    C:\Windows\System32\services.exe.FBD51F87895F6043 moved successfully.
    C:\Windows\System32\services.exe.58B181379F5F7276 moved successfully.
    C:\Windows\System32\services.exe.CF063EE80E2F420F moved successfully.
    C:\Windows\System32\services.exe.65136D1FDCB47772 moved successfully.
    C:\Windows\System32\services.exe.0F88A215B0FA4F00 moved successfully.
    C:\Windows\System32\services.exe.6713F9D40F3D00E7 moved successfully.
    C:\Windows\System32\services.exe.B9ABE2014D9CD438 moved successfully.
    C:\Windows\System32\services.exe.E1AD39D9FC6F4EDA moved successfully.
    C:\Windows\System32\services.exe.9E23300116868299 moved successfully.
    C:\Windows\System32\services.exe.75969E90459225D8 moved successfully.
    C:\Windows\System32\services.exe.02CBDDB49335DCA2 moved successfully.
    C:\Windows\System32\services.exe.74BE45840965E688 moved successfully.
    C:\Windows\System32\services.exe.BA961D6577E38D4D moved successfully.
    C:\Windows\System32\services.exe.EC281F03A05862D4 moved successfully.
    C:\Windows\System32\services.exe.79A32A2AC6FAFA63 moved successfully.
    C:\Windows\System32\services.exe.50CB5C6F78322DAA moved successfully.
    C:\Windows\System32\services.exe.A5127EF7252E7874 moved successfully.
    C:\Windows\System32\services.exe.21A3C9D408CD73DF moved successfully.
    C:\Windows\System32\services.exe.B7018D534506B337 moved successfully.
    C:\Windows\System32\services.exe.C5BF3B8834CF1C5B moved successfully.
    C:\Windows\System32\services.exe.37D6430C6EAC5BB1 moved successfully.
    C:\Windows\System32\services.exe.CC3E6FD8FFFA8D55 moved successfully.
    C:\Windows\System32\services.exe.93C3436349025B86 moved successfully.
    C:\Windows\System32\services.exe.E58B55EAB94D4B2C moved successfully.
    C:\Windows\System32\services.exe.150AE20EB6783123 moved successfully.
    C:\Windows\System32\services.exe.CD180896CE71B1A8 moved successfully.
    C:\Windows\System32\services.exe.B53EF6C9DBDB8AE5 moved successfully.
    C:\Windows\System32\services.exe.3A19E180FA658C5E moved successfully.
    C:\Windows\System32\services.exe.5DB2220710F868E1 moved successfully.
    C:\Windows\System32\services.exe.B40C9070C1D5A1B8 moved successfully.
    C:\Windows\System32\services.exe.A5F52720A18AE7DF moved successfully.
    C:\Windows\System32\services.exe.442F30237FA9B2A6 moved successfully.
    C:\Windows\System32\services.exe.4493D11F83FEC41B moved successfully.
    C:\Windows\System32\services.exe.053E351A1D7ED66B moved successfully.
    C:\Windows\System32\services.exe.FB147E03CD9A0CE5 moved successfully.
    C:\Windows\System32\services.exe.0D06977DCFB03A80 moved successfully.
    C:\Windows\System32\services.exe.9295F5C6D3BFF747 moved successfully.
    C:\Windows\System32\services.exe.699976F3B025FF87 moved successfully.
    C:\Windows\System32\services.exe.2BB1FF8864FCA4FB moved successfully.
    C:\Windows\System32\services.exe.3A91062709B51957 moved successfully.
    C:\Windows\System32\services.exe.7E574C91D2D1B280 moved successfully.
    C:\Windows\System32\services.exe.AC68A6D4EA4DEA52 moved successfully.
    C:\Windows\System32\services.exe.D294661BC47DB210 moved successfully.
    C:\Windows\System32\services.exe.C40702460CA71393 moved successfully.
    C:\Windows\System32\services.exe.BFCDBE48BBB7B76C moved successfully.
    C:\Windows\System32\services.exe.F8FD09C0BB4A0FCC moved successfully.
    C:\Windows\System32\services.exe.710532FA6C59B690 moved successfully.
    C:\Windows\System32\services.exe.2523BAC499D736D8 moved successfully.
    C:\Windows\System32\services.exe.20B4FDC7848D366C moved successfully.
    C:\Windows\System32\services.exe.4E05B434EBC7028D moved successfully.
    C:\Windows\System32\services.exe.5D575F5BF31BB199 moved successfully.
    C:\Windows\System32\services.exe.9FC519C414B4F91E moved successfully.
    C:\Windows\System32\services.exe.48E98BA10EB0E3F2 moved successfully.
    C:\Windows\System32\services.exe.42506981F5494B6E moved successfully.
    C:\Windows\System32\services.exe.AA855CD8F3B9469E moved successfully.
    C:\Windows\System32\services.exe.DBD1925FE6EF3598 moved successfully.
    C:\Windows\System32\services.exe.A50A6317CBE52344 moved successfully.
    C:\Windows\System32\services.exe.AC86F47F95977A6B moved successfully.
    C:\Windows\System32\services.exe.FFC25EAB1DBEB1D0 moved successfully.
    C:\Windows\System32\services.exe.FCB301ED906D814B moved successfully.
    C:\Windows\System32\services.exe.24A2379ADDBD9ACB moved successfully.
    C:\Windows\System32\services.exe.9A5F496D65971FFF moved successfully.
    C:\Windows\System32\services.exe.A6B514B7AD16A63B moved successfully.
    C:\Windows\System32\services.exe.DF0EC05AB416631C moved successfully.
    C:\Windows\System32\services.exe.082EBDEC28EF8027 moved successfully.
    C:\Windows\System32\services.exe.7539C71E6A14CDC3 moved successfully.
    C:\Windows\System32\services.exe.90B2E54951ADEE0B moved successfully.
    C:\Windows\System32\services.exe.BA6442CB581DB35A moved successfully.
    C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0} moved successfully.
    C:\Users\MattK\AppData\Local\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
  16. Broni

    Broni Malware Annihilator Posts: 46,413   +252

    All looks good :)

    Any current issues?

    ==============================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  17. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.04.10
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    MattK :: MATTK-PC [administrator]
    Protection: Enabled
    8/4/2012 10:28:53 PM
    mbam-log-2012-08-04 (22-28-53).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214868
    Time elapsed: 2 minute(s), 53 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  18. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    OTL logfile created on: 8/4/2012 10:35:53 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\MattK\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.37 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 37.11% Memory free
    6.75 Gb Paging File | 4.57 Gb Available in Paging File | 67.78% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 148.95 Gb Total Space | 74.55 Gb Free Space | 50.05% Space Free | Partition Type: NTFS

    Computer Name: MATTK-PC | User Name: MattK | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/04 22:32:45 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\MattK\Desktop\OTL.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/04/04 00:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/02/25 07:01:48 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2011/06/22 14:31:34 | 001,353,232 | ---- | M] (Logitech, Inc.) -- C:\Users\MattK\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
    PRC - [2011/06/22 14:31:30 | 000,351,248 | ---- | M] (Logitech, Inc.) -- C:\Users\MattK\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
    PRC - [2009/11/11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2010/11/20 08:24:58 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nfsclnt.exe -- (NfsClnt)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/12/01 20:45:18 | 000,932,864 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
    SRV:64bit: - [2007/02/06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
    SRV - [2012/08/04 14:19:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/03 13:52:02 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/09/30 14:59:38 | 000,105,672 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
    SRV - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/08/19 10:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 04:27:12 | 000,104,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rpcxdr.sys -- (RpcXdr)
    DRV:64bit: - [2010/11/20 04:26:56 | 000,246,272 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\nfsrdr.sys -- (NfsRdr)
    DRV:64bit: - [2009/12/03 16:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
    DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/04/20 08:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn64.sys -- (HBtnKey)
    DRV:64bit: - [2008/12/01 22:15:04 | 005,000,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2008/04/24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV:64bit: - [2007/09/15 02:51:06 | 000,310,832 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2007/04/25 13:34:12 | 000,037,760 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smscir64.sys -- (SMSCIRDA)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 66 0C B0 5A 58 CC 01 [binary data]
    IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS445
    IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MattK\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MattK\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/15 10:37:45 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\MattK\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MattK\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MattK\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\MattK\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\MattK\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - Extension: YouTube = C:\Users\MattK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\MattK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Skype Click to Call = C:\Users\MattK\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
    CHR - Extension: Gmail = C:\Users\MattK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/08/04 14:48:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
    O3:64bit: - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab (HPVirtualRooms35 Class)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NEP1-267/webex/ieatgpc1.cab (GpcContainer Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D88B283-9202-49F3-ACB3-6A928CF16444}: DhcpNameServer = 10.0.1.1
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/04 22:32:44 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\MattK\Desktop\OTL.exe
    [2012/08/04 22:27:43 | 000,000,000 | ---D | C] -- C:\Users\MattK\AppData\Roaming\Malwarebytes
    [2012/08/04 22:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/04 22:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/04 22:27:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/04 22:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/08/04 22:25:27 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\MattK\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/04 15:02:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/04 14:48:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/04 14:27:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/04 14:27:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/04 14:27:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/04 14:27:39 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/04 14:27:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/04 14:24:54 | 004,724,408 | R--- | C] (Swearware) -- C:\Users\MattK\Desktop\ComboFix.exe
    [2012/08/03 12:39:19 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/01 18:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/08/01 18:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/08/01 18:24:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/07/13 13:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zappiti
    [2012/07/13 13:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDLand
    [2012/07/09 16:49:32 | 000,000,000 | ---D | C] -- C:\Users\MattK\AppData\Local\Diagnostics

    ========== Files - Modified Within 30 Days ==========

    [2012/08/04 22:32:45 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\MattK\Desktop\OTL.exe
    [2012/08/04 22:27:38 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/04 22:25:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\MattK\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/04 22:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/04 22:11:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2338972807-2305178636-2376310400-1000UA.job
    [2012/08/04 22:11:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/04 18:11:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/04 16:00:04 | 000,015,008 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/04 16:00:04 | 000,015,008 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/04 15:57:32 | 000,861,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/04 15:57:32 | 000,720,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/04 15:57:32 | 000,141,730 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/04 15:52:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/04 15:52:13 | 2717,458,432 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/04 14:48:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/04 14:24:54 | 004,724,408 | R--- | M] (Swearware) -- C:\Users\MattK\Desktop\ComboFix.exe
    [2012/08/04 14:07:40 | 000,002,453 | ---- | M] () -- C:\Users\MattK\Desktop\Google Chrome.lnk
    [2012/08/01 18:28:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/08/01 18:28:34 | 000,875,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/08/01 12:11:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2338972807-2305178636-2376310400-1000Core.job
    [2012/07/16 07:33:48 | 000,001,358 | ---- | M] () -- C:\Users\MattK\Desktop\Norton Installation Files.lnk
    [2012/07/13 13:57:14 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Zappiti.exe.lnk

    ========== Files Created - No Company Name ==========

    [2012/08/04 22:27:38 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/04 14:27:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/04 14:27:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/04 14:27:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/04 14:27:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/04 14:27:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/01 18:28:39 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/16 07:33:47 | 000,001,358 | ---- | C] () -- C:\Users\MattK\Desktop\Norton Installation Files.lnk
    [2012/06/14 17:53:00 | 000,517,329 | ---- | C] () -- C:\Users\MattK\Winstons X-Ray for 1.2.4.zip
    [2011/10/07 19:45:55 | 000,000,000 | ---- | C] () -- C:\Users\MattK\AppData\Local\{0DCD54C4-9B81-4C11-9574-FB2D0789C456}
    [2011/08/19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2011/08/11 17:14:36 | 000,875,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/08/11 14:07:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

    ========== LOP Check ==========

    [2012/06/15 08:21:49 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\.minecraft
    [2012/01/04 15:12:22 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\calibre
    [2012/03/30 10:24:18 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\HandBrake
    [2012/01/12 13:13:01 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\Leadertech
    [2012/01/16 14:49:29 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\Obsidium
    [2012/06/10 19:10:10 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\PDAppFlex
    [2011/08/15 07:18:38 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\TightVNC
    [2012/04/19 11:20:49 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\webex
    [2012/08/02 03:03:23 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
  19. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    OTL Extras logfile created on: 8/4/2012 10:35:53 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\MattK\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.37 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 37.11% Memory free
    6.75 Gb Paging File | 4.57 Gb Available in Paging File | 67.78% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 148.95 Gb Total Space | 74.55 Gb Free Space | 50.05% Space Free | Partition Type: NTFS

    Computer Name: MATTK-PC | User Name: MattK | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
    "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{43ED5430-0652-4216-8B5D-4F82E3AB416F}" = calibre
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{FC941376-E950-4B45-8AE0-266994D7887D}" = Zappiti
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "ActiveTouchMeetingClient" = Cisco WebEx Meetings
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "com.adobe.WidgetBrowser" = Adobe Widget Browser
    "HandBrake" = HandBrake 0.9.6
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Scratch" = Scratch
    "SQLite2009 Pro Enterprise Manager_is1" = SQLite2009 Pro Enterprise Manager [2011.05.20]
    "StumbleUponIEToolbar" = StumbleUpon IE Toolbar
    "TightVNC" = TightVNC 2.0.4
    "VLC media player" = VLC media player 2.0.1

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2338972807-2305178636-2376310400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/24/2012 10:02:13 AM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/24/2012 10:02:13 AM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 14181

    Error - 7/24/2012 10:02:13 AM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 14181

    Error - 7/24/2012 10:02:14 AM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/24/2012 10:02:14 AM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 15288

    Error - 7/24/2012 10:02:14 AM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 15288

    Error - 7/29/2012 3:22:17 PM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/29/2012 3:22:17 PM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 451222315

    Error - 7/29/2012 3:22:17 PM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 451222315

    Error - 8/2/2012 7:44:54 AM | Computer Name = MattK-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.
    System
    Error: The RPC server is unavailable. .

    [ System Events ]
    Error - 5/8/2012 11:34:49 PM | Computer Name = MattK-PC | Source = cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 5/11/2012 6:25:56 PM | Computer Name = MattK-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 5:23:57 PM on ?5/?11/?2012 was unexpected.

    Error - 5/11/2012 6:25:58 PM | Computer Name = MATTK-PC | Source = BugCheck | ID = 1001
    Description =

    Error - 5/17/2012 9:11:33 AM | Computer Name = MattK-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 8:10:25 AM on ?5/?17/?2012 was unexpected.

    Error - 5/17/2012 10:12:11 AM | Computer Name = MattK-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:08:23 AM on ?5/?17/?2012 was unexpected.

    Error - 5/18/2012 11:31:25 AM | Computer Name = MattK-PC | Source = bowser | ID = 8003
    Description =

    Error - 6/13/2012 4:34:23 AM | Computer Name = MattK-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Time service terminated with the following error: %%1115

    Error - 6/13/2012 1:44:12 PM | Computer Name = MattK-PC | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 6/14/2012 1:22:59 PM | Computer Name = MattK-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR2.

    Error - 6/14/2012 1:23:01 PM | Computer Name = MattK-PC | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR2.


    < End of report >
  20. Broni

    Broni Malware Annihilator Posts: 46,413   +252

    OTL logs are clean.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  21. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    (On Access scanning disabled!)
    Error obtaining update status for antivirus!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 27
    Java version out of Date!
    Adobe Reader X (10.1.3)
    Google Chrome 20.0.1132.57
    Google Chrome 21.0.1180.60
    Google Chrome VisualElementsManifest.xml..
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  22. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    Farbar Service Scanner Version: 04-08-2012 01
    Ran by MattK (administrator) on 05-08-2012 at 03:51:44
    Running from "C:\Users\MattK\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
  23. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

  24. Mattk11

    Mattk11 Newcomer, in training Topic Starter Posts: 21

    C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan
    C:\FRST\Quarantine\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\n Win64/Sirefef.W trojan
    C:\Users\MattK\Downloads\Andrea_Doria_Vs_The_Cult_Bucci_Bag_Vs_She_Sells_Sanctuary_-_Andrea_Doria_Vs_The_Cult.concert.wma.exe Win32/InstallCore application
  25. Broni

    Broni Malware Annihilator Posts: 46,413   +252

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ======================================

    We have one corrupted registry key affecting Windows updates.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip the file.
    You'll find several files inside.
    Double click on bits.reg file and confirm the prompt.
    Restart computer.
    Post new FSS log.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.