TechSpot

Yet another sirfef virus...just before vacation.

Solved
By Chicagoflyski
Jul 11, 2012
  1. Sadly, my machine got infected with the sirfef virus this morning, just before a 10-day trip to Europe. As a result, the laptop won't be making the trip with me but I'd like to get started on fixing the problem today and tomorrow so I can be closer to a working machine when I get back. So, if you don't hear from me for about 10 days, please forgive me and please keep the thread open as I want to jump on this first thing when I'm back on July 23. My FRST scan is posted below. Many thanks in advance for your help with this.

    Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
    Ran by SYSTEM at 11-07-2012 16:26:43
    Running from G:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [318464 2009-05-14] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-07-21] ()
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-12-22] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2009-12-22] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2009-12-22] (Intel Corporation)
    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1612880 2010-01-27] (Logitech, Inc.)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
    HKLM\...\Run: [stlaml] rundll32.exe "C:\Users\Barry Bloom\AppData\Roaming\stlaml.dll",RicheditStreamOut [140800 2012-07-11] (DT Soft Ltd)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.)
    HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKU\Barry Bloom\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
    HKU\Barry Bloom\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Barry Bloom\...\Run: [Spotify Web Helper] "C:\Users\Barry Bloom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-25] ()
    HKU\Barry Bloom\...\Policies\system: [WallpaperStyle] 2
    HKU\Barry Bloom.V2\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
    HKU\Barry Bloom.V2\...\Run: [RCUI] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe" [x]
    HKU\Barry Bloom.V2\...\Run: [RCHotKey] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe" [x]
    HKU\Barry Bloom.V2\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background [4283256 2011-05-13] (Microsoft Corporation)
    HKU\Barry Bloom.V2\...\Policies\system: [WallpaperStyle] 2
    HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-29] (Hewlett-Packard)
    HKU\Default\...\Policies\system: [WallpaperStyle] 2
    HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-29] (Hewlett-Packard)
    HKU\Default User\...\Policies\system: [WallpaperStyle] 2
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 208.59.247.45 208.59.247.46
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk
    ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
    ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\Users\Barry Bloom\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ======

    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()
    2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [993848 2011-04-18] (Secunia)
    2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [399416 2011-04-18] (Secunia)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
    2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [210144 2011-05-20] ()

    ========================== Drivers (Whitelisted) =============

    3 SMSIVZAM5X64; \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-03-20] (Smith Micro Inc.)
    4 eabfiltr; [x]
    3 iscFlash; \??\C:\Users\BARRYB~1\AppData\Local\Temp\iscflashx64.sys [x]
    3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-11 12:10 - 2012-07-11 12:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB57A93AB8D2FBBC
    2012-07-11 12:05 - 2012-07-11 12:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.214887FE27D1CCB3
    2012-07-11 12:02 - 2012-07-11 12:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94C000235E939FB8
    2012-07-11 11:57 - 2012-07-11 11:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BC2DE011F37F873D
    2012-07-11 11:51 - 2012-07-11 11:51 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Barry Bloom\Downloads\tdsskiller.exe
    2012-07-11 11:50 - 2012-07-11 11:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C5E9C520DFCA49D
    2012-07-11 11:41 - 2012-07-11 11:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D18CE78614CD9B3
    2012-07-11 11:38 - 2012-07-11 11:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28886E99021B4DDC
    2012-07-11 11:34 - 2012-07-11 11:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8169E773A8420F57
    2012-07-11 11:31 - 2012-07-11 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A9FED504373D24B
    2012-07-11 11:28 - 2012-07-11 11:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CA7236CA51C5A522
    2012-07-11 11:24 - 2012-07-11 11:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E127CB94BBFE404E
    2012-07-11 11:19 - 2012-07-11 11:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.18039F551D19EA94
    2012-07-11 11:16 - 2012-07-11 11:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3A68B00C0B32C69
    2012-07-11 11:10 - 2012-07-11 11:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BAE8885DCAEE29E
    2012-07-11 11:07 - 2012-07-11 11:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E50DB400F05CC49
    2012-07-11 11:04 - 2012-07-11 11:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E45AB5EF16A4F5B1
    2012-07-11 10:57 - 2012-07-11 10:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D321DB3A0AACA8F4
    2012-07-11 10:52 - 2012-07-11 10:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C053C16FB801F3AC
    2012-07-11 10:43 - 2012-07-11 10:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.36C621B04502ECF3
    2012-07-11 10:35 - 2012-07-11 10:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4544198BB216FCDC
    2012-07-11 10:32 - 2012-07-11 10:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29D644316F3FEEA7
    2012-07-11 10:29 - 2012-07-11 10:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.45008E5B51034A7E
    2012-07-11 10:24 - 2012-07-11 10:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.37AD25DECF0E1BA2
    2012-07-11 10:06 - 2012-07-11 10:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AD87C1993475FFB8
    2012-07-11 09:46 - 2012-07-11 09:46 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-11 09:46 - 2012-07-11 09:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-11 09:38 - 2012-07-11 09:38 - 12621696 ____A (Microsoft Corporation) C:\Users\Barry Bloom\Downloads\mseinstall(1).exe
    2012-07-11 09:31 - 2012-07-11 09:31 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-11 09:29 - 2012-07-11 09:29 - 00372736 ____A C:\Users\Barry Bloom\AppData\Roaming\mdeat.dll
    2012-07-11 09:29 - 2012-07-11 09:29 - 00000000 ____D C:\Users\Barry Bloom\AppData\Local\{DDAF3A5A-CB7D-11E1-8270-B8AC6F996F26}
    2012-07-11 09:28 - 2012-07-11 09:36 - 00000000 ____D C:\Users\All Users\F4D55F3B03B4DE2D09A16979B4EB2331
    2012-07-11 09:28 - 2012-07-11 09:28 - 00055808 ___AH (FRISK Software International) C:\Windows\SysWOW64\cmmoance.dll
    2012-07-11 09:28 - 2012-07-11 09:27 - 00140800 __ASH (DT Soft Ltd) C:\Users\Barry Bloom\AppData\Roaming\stlaml.dll
    2012-07-11 02:50 - 2012-07-11 02:50 - 00000000 ____D C:\Users\Barry Bloom\AppData\Local\visi_coupon
    2012-07-11 00:44 - 2012-07-11 00:56 - 00000000 ____D C:\Users\Barry Bloom\AppData\Local\FileTypeAssistant
    2012-07-11 00:43 - 2012-07-11 09:08 - 00000284 ____A C:\Windows\Tasks\RGames Updater.job
    2012-07-11 00:43 - 2012-07-11 02:53 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2012-07-11 00:43 - 2012-07-11 00:43 - 00000000 ____D C:\Users\Barry Bloom\AppData\Local\RivalGaming
    2012-07-11 00:43 - 2012-07-11 00:43 - 00000000 ____D C:\Users\All Users\Yahoo!
    2012-07-11 00:43 - 2012-07-11 00:43 - 00000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
    2012-06-25 05:14 - 2012-07-11 11:03 - 00337920 __ASH C:\Users\Barry Bloom\Desktop\Thumbs.db
    2012-06-24 16:54 - 2012-06-24 16:54 - 00000000 ____D C:\Users\Barry Bloom\AppData\Local\Macromedia
    2012-06-21 17:57 - 2012-06-21 17:57 - 00000000 ____D C:\Users\Barry Bloom\Documents\CardMinder
    2012-06-21 13:51 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 13:51 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 13:51 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 13:51 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 13:50 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 13:50 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 13:50 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 13:50 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 13:50 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-16 07:16 - 2012-06-16 07:16 - 00000000 ____D C:\Windows\Hewlett-Packard
    2012-06-14 03:45 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 03:45 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 03:45 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 03:45 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 03:45 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 03:45 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 03:45 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 03:45 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 03:44 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 03:44 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 03:44 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 03:44 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 03:44 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 03:44 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 03:44 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 03:44 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 03:44 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 03:44 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 03:44 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 03:44 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 03:44 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 03:44 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 03:44 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 03:44 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 03:44 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 03:44 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 03:44 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 03:44 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-13 17:19 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 17:19 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 17:19 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 17:19 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 17:19 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 17:19 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-06-13 17:19 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 17:19 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 17:19 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 17:19 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 17:19 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 17:19 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 17:19 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 17:19 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 17:19 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 17:19 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-13 17:19 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 17:19 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


    ============ 3 Months Modified Files ========================

    2012-07-11 12:17 - 2009-07-13 21:13 - 00736408 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-11 12:15 - 2009-12-23 18:03 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-11 12:14 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-07-11 12:12 - 2011-10-19 17:18 - 00009618 ____A C:\Windows\setupact.log
    2012-07-11 12:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-11 12:10 - 2012-07-11 12:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB57A93AB8D2FBBC
    2012-07-11 12:05 - 2012-07-11 12:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.214887FE27D1CCB3
    2012-07-11 12:04 - 2009-07-13 21:08 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-11 12:02 - 2012-07-11 12:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94C000235E939FB8
    2012-07-11 11:57 - 2012-07-11 11:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BC2DE011F37F873D
    2012-07-11 11:51 - 2012-07-11 11:51 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Barry Bloom\Downloads\tdsskiller.exe
    2012-07-11 11:50 - 2012-07-11 11:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C5E9C520DFCA49D
    2012-07-11 11:41 - 2012-07-11 11:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D18CE78614CD9B3
    2012-07-11 11:38 - 2012-07-11 11:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28886E99021B4DDC
    2012-07-11 11:34 - 2012-07-11 11:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8169E773A8420F57
    2012-07-11 11:31 - 2012-07-11 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A9FED504373D24B
    2012-07-11 11:28 - 2012-07-11 11:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CA7236CA51C5A522
    2012-07-11 11:24 - 2012-07-11 11:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E127CB94BBFE404E
    2012-07-11 11:19 - 2012-07-11 11:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.18039F551D19EA94
    2012-07-11 11:16 - 2012-07-11 11:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3A68B00C0B32C69
    2012-07-11 11:10 - 2012-07-11 11:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BAE8885DCAEE29E
    2012-07-11 11:07 - 2012-07-11 11:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E50DB400F05CC49
    2012-07-11 11:04 - 2012-07-11 11:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E45AB5EF16A4F5B1
    2012-07-11 11:03 - 2012-06-25 05:14 - 00337920 __ASH C:\Users\Barry Bloom\Desktop\Thumbs.db
    2012-07-11 10:57 - 2012-07-11 10:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D321DB3A0AACA8F4
    2012-07-11 10:52 - 2012-07-11 10:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C053C16FB801F3AC
    2012-07-11 10:48 - 2012-05-06 16:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-11 10:43 - 2012-07-11 10:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.36C621B04502ECF3
    2012-07-11 10:35 - 2012-07-11 10:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4544198BB216FCDC
    2012-07-11 10:32 - 2012-07-11 10:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29D644316F3FEEA7
    2012-07-11 10:29 - 2012-07-11 10:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.45008E5B51034A7E
    2012-07-11 10:24 - 2012-07-11 10:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.37AD25DECF0E1BA2
    2012-07-11 10:23 - 2009-07-13 20:45 - 00028704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-11 10:23 - 2009-07-13 20:45 - 00028704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-11 10:12 - 2009-12-23 18:03 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-11 10:06 - 2012-07-11 10:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AD87C1993475FFB8
    2012-07-11 09:47 - 2012-01-12 16:21 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-11 09:47 - 2009-10-12 18:29 - 01160767 ____A C:\Windows\WindowsUpdate.log
    2012-07-11 09:46 - 2010-04-05 08:14 - 00750558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-11 09:41 - 2011-11-11 01:23 - 00024080 ____A C:\Windows\PFRO.log
    2012-07-11 09:41 - 2011-07-19 07:40 - 00000356 ____A C:\Windows\Tasks\HPCeeScheduleForBarry Bloom.job
    2012-07-11 09:38 - 2012-07-11 09:38 - 12621696 ____A (Microsoft Corporation) C:\Users\Barry Bloom\Downloads\mseinstall(1).exe
    2012-07-11 09:29 - 2012-07-11 09:29 - 00372736 ____A C:\Users\Barry Bloom\AppData\Roaming\mdeat.dll
    2012-07-11 09:28 - 2012-07-11 09:28 - 00055808 ___AH (FRISK Software International) C:\Windows\SysWOW64\cmmoance.dll
    2012-07-11 09:27 - 2012-07-11 09:28 - 00140800 __ASH (DT Soft Ltd) C:\Users\Barry Bloom\AppData\Roaming\stlaml.dll
    2012-07-11 09:08 - 2012-07-11 00:43 - 00000284 ____A C:\Windows\Tasks\RGames Updater.job
    2012-07-07 07:59 - 2011-10-15 12:18 - 00001893 ____A C:\Users\Public\Desktop\Defraggler.lnk
    2012-07-07 07:59 - 2011-10-15 11:55 - 00000991 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-07-07 07:59 - 2010-11-20 07:12 - 00002129 ____A C:\Users\Barry Bloom\Desktop\SAS 9.2 (English).lnk
    2012-07-07 07:59 - 2010-01-03 17:24 - 00001097 ____A C:\Users\Barry Bloom\Desktop\PDF-Viewer.lnk
    2012-07-07 07:59 - 2009-12-23 18:11 - 00001019 ____A C:\Users\Barry Bloom\Desktop\Bullzip PDF Printer.lnk
    2012-06-29 11:55 - 2012-05-06 16:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-29 11:55 - 2011-05-18 03:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-23 20:08 - 2012-05-06 17:48 - 09815752 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-06-14 04:21 - 2009-07-13 20:45 - 00521592 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-14 03:54 - 2009-12-19 13:45 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-05 19:13 - 2010-04-04 10:08 - 00001040 ____A C:\Users\Barry Bloom\Desktop\Dropbox.lnk
    2012-06-02 14:19 - 2012-06-21 13:51 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 13:51 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 13:51 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 13:50 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 13:50 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 13:51 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 13:50 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-21 13:50 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-21 13:50 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-17 18:47 - 2012-06-14 03:44 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-14 03:44 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-14 03:44 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-14 03:45 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:59 - 2012-06-14 03:44 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:58 - 2012-06-14 03:45 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:58 - 2012-06-14 03:44 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:56 - 2012-06-14 03:44 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-14 03:44 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-14 03:44 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-14 03:44 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-14 03:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-14 03:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-14 03:44 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-14 03:44 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-14 03:44 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-14 03:44 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-14 03:45 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-14 03:44 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-14 03:44 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-14 03:45 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-14 03:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-14 03:44 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-14 03:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-14 03:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-14 03:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-14 03:45 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-14 03:44 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-14 17:32 - 2012-06-13 17:19 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-11 13:36 - 2011-10-31 08:00 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-05-11 13:36 - 2009-12-20 19:20 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-05-06 18:06 - 2010-05-24 08:01 - 00001007 ____A C:\Users\Barry Bloom.V2\Desktop\Bullzip PDF Printer.lnk
    2012-05-04 03:06 - 2012-06-13 17:19 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-13 17:19 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-13 17:19 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-30 21:40 - 2012-06-13 17:19 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-29 18:15 - 2012-04-29 18:15 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-04-27 21:32 - 2012-06-13 17:19 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-04-27 19:55 - 2012-06-13 17:19 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-27 18:22 - 2012-04-27 18:22 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-04-27 18:22 - 2012-04-27 18:22 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-04-27 18:22 - 2012-04-27 18:22 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-04-27 18:22 - 2011-09-21 08:15 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-04-27 18:20 - 2012-04-27 18:19 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\Barry Bloom\Downloads\jxpiinstall(1).exe
    2012-04-25 21:41 - 2012-06-13 17:19 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-13 17:19 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-13 17:19 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-23 21:37 - 2012-06-13 17:19 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-13 17:19 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-13 17:19 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-13 17:19 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-13 17:19 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-13 17:19 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-16 10:23 - 2012-02-17 15:04 - 00002044 ____A C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
    2012-04-15 15:03 - 2012-04-15 15:03 - 00001840 ____A C:\Users\Barry Bloom\Desktop\Spotify.lnk
    2012-04-15 15:02 - 2012-04-15 15:02 - 00085272 ____A (Spotify Ltd) C:\Users\Barry Bloom\Downloads\SpotifySetup.exe


    ZeroAccess:
    C:\Windows\Installer\{ac191d7a-bcc7-9b88-29df-07ad7d2ba41b}
    C:\Windows\Installer\{ac191d7a-bcc7-9b88-29df-07ad7d2ba41b}\@
    C:\Windows\Installer\{ac191d7a-bcc7-9b88-29df-07ad7d2ba41b}\L
    C:\Windows\Installer\{ac191d7a-bcc7-9b88-29df-07ad7d2ba41b}\n
    C:\Windows\Installer\{ac191d7a-bcc7-9b88-29df-07ad7d2ba41b}\U
    C:\Windows\Installer\{ac191d7a-bcc7-9b88-29df-07ad7d2ba41b}\U\00000001.@
    C:\Windows\Installer\{ac191d7a-bcc7-9b88-29df-07ad7d2ba41b}\U\800000cb.@

    ZeroAccess:
    C:\Users\Barry Bloom\AppData\Local\{ac191d7a-bcc7-9b88-29df-07ad7d2ba41b}
    C:\Users\Barry Bloom\AppData\Local\{ac191d7a-bcc7-9b88-29df-07ad7d2ba41b}\@
    C:\Users\Barry Bloom\AppData\Local\{ac191d7a-bcc7-9b88-29df-07ad7d2ba41b}\L
    C:\Users\Barry Bloom\AppData\Local\{ac191d7a-bcc7-9b88-29df-07ad7d2ba41b}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 18%
    Total physical RAM: 3998.96 MB
    Available physical RAM: 3253.5 MB
    Total Pagefile: 3997.11 MB
    Available Pagefile: 3253.3 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:282.08 GB) (Free:39.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:15.82 GB) (Free:2.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: () (Removable) (Total:0.94 GB) (Free:0.89 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 966 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 282 GB 200 MB
    Partition 3 Primary 15 GB 282 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 282 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E RECOVERY NTFS Partition 15 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 965 MB 508 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT Removable 965 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-11 05:06

    ======================= End Of Log ==========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  3. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    Thanks so much. Nice to have a machine that stays on without autorebooting. Not to worry, though. I'm not doing anything on it until you give me the "all clean"...I'm just excited that we're making progress!!

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
    Ran by SYSTEM at 2012-07-11 20:42:26 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\System32\services.exe.DB57A93AB8D2FBBC moved successfully.
    C:\Windows\System32\services.exe.214887FE27D1CCB3 moved successfully.
    C:\Windows\System32\services.exe.94C000235E939FB8 moved successfully.
    C:\Windows\System32\services.exe.BC2DE011F37F873D moved successfully.
    C:\Windows\System32\services.exe.3C5E9C520DFCA49D moved successfully.
    C:\Windows\System32\services.exe.1D18CE78614CD9B3 moved successfully.
    C:\Windows\System32\services.exe.28886E99021B4DDC moved successfully.
    C:\Windows\System32\services.exe.8169E773A8420F57 moved successfully.
    C:\Windows\System32\services.exe.4A9FED504373D24B moved successfully.
    C:\Windows\System32\services.exe.CA7236CA51C5A522 moved successfully.
    C:\Windows\System32\services.exe.E127CB94BBFE404E moved successfully.
    C:\Windows\System32\services.exe.18039F551D19EA94 moved successfully.
    C:\Windows\System32\services.exe.E3A68B00C0B32C69 moved successfully.
    C:\Windows\System32\services.exe.2BAE8885DCAEE29E moved successfully.
    C:\Windows\System32\services.exe.0E50DB400F05CC49 moved successfully.
    C:\Windows\System32\services.exe.E45AB5EF16A4F5B1 moved successfully.
    C:\Windows\System32\services.exe.D321DB3A0AACA8F4 moved successfully.
    C:\Windows\System32\services.exe.C053C16FB801F3AC moved successfully.
    C:\Windows\System32\services.exe.36C621B04502ECF3 moved successfully.
    C:\Windows\System32\services.exe.4544198BB216FCDC moved successfully.
    C:\Windows\System32\services.exe.29D644316F3FEEA7 moved successfully.
    C:\Windows\System32\services.exe.45008E5B51034A7E moved successfully.
    C:\Windows\System32\services.exe.37AD25DECF0E1BA2 moved successfully.
    C:\Windows\System32\services.exe.AD87C1993475FFB8 moved successfully.
    C:\Windows\Installer\{ac191d7a-bcc7-9b88-29df-07ad7d2ba41b} moved successfully.
    C:\Users\Barry Bloom\AppData\Local\{ac191d7a-bcc7-9b88-29df-07ad7d2ba41b} moved successfully.

    ==== End of Fixlog ====
     
  4. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    ComboFix 12-07-11.03 - Barry Bloom 07/11/2012 20:53:43.1.2 - x64
    Running from: c:\users\Barry Bloom\Desktop\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\StartNow Toolbar
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
    c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
    c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
    c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
    c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
    c:\program files (x86)\StartNow Toolbar\Resources\update.xml
    c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
    c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
    c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    c:\program files (x86)\StartNow Toolbar\uninstall.dat
    c:\users\Barry Bloom.V2\AppData\Roaming\.#
    c:\users\Barry Bloom.V2\prf2867.tmp
    c:\users\Barry Bloom.V2\prfA17F.tmp
    c:\users\Barry Bloom\AppData\Local\RivalGaming\RiVAlgaming.dll
    c:\users\Barry Bloom\AppData\Roaming\.#
    c:\users\Barry Bloom\AppData\Roaming\dhigx.dll
    c:\users\Barry Bloom\AppData\Roaming\mdeat.dll
    c:\users\Barry Bloom\AppData\Roaming\Mozilla\Firefox\Profiles\xfmapg4q.default\searchplugins\bing-zugo.xml
    c:\users\Barry Bloom\AppData\Roaming\stlaml.dll
    c:\users\Barry Bloom\g2mdlhlpx.exe
    c:\users\Public\videos\HP MediaSmart Demo.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Updater Service for StartNow Toolbar
    -------\Service_Updater Service for StartNow Toolbar
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-12 00:26 . 2012-07-12 00:26 -------- d-----w- C:\FRST
    2012-07-11 17:46 . 2012-07-11 17:46 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-11 17:46 . 2012-07-11 17:46 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-11 17:31 . 2012-07-11 17:31 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-11 17:29 . 2012-07-11 17:29 -------- d-----w- c:\users\Barry Bloom\AppData\Local\{DDAF3A5A-CB7D-11E1-8270-B8AC6F996F26}
    2012-07-11 17:28 . 2012-07-11 17:28 55808 ---ha-w- c:\windows\SysWow64\cmmoance.dll
    2012-07-11 17:28 . 2012-07-11 17:36 -------- d-----w- c:\programdata\F4D55F3B03B4DE2D09A16979B4EB2331
    2012-07-11 10:50 . 2012-07-11 10:50 -------- d-----w- c:\users\Barry Bloom\AppData\Local\visi_coupon
    2012-07-11 08:44 . 2012-07-11 08:56 -------- d-----w- c:\users\Barry Bloom\AppData\Local\FileTypeAssistant
    2012-07-11 08:43 . 2012-07-11 10:53 -------- d-----w- c:\programdata\Yahoo!
    2012-07-11 08:43 . 2012-07-11 08:43 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
    2012-07-11 08:43 . 2012-07-12 01:03 -------- d-----w- c:\users\Barry Bloom\AppData\Local\RivalGaming
    2012-07-11 08:43 . 2012-07-11 10:53 -------- d-----w- c:\program files (x86)\Yahoo!
    2012-06-25 00:54 . 2012-06-25 00:54 -------- d-----w- c:\users\Barry Bloom\AppData\Local\Macromedia
    2012-06-21 21:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 21:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 21:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 21:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 21:50 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 21:50 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 21:50 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 21:50 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 21:50 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-16 15:16 . 2012-06-16 15:16 -------- d-----w- c:\windows\Hewlett-Packard
    2012-06-14 11:45 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-14 11:45 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-06-14 11:45 . 2012-05-18 02:51 174200 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2012-06-14 11:45 . 2012-05-17 23:21 140920 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
    2012-06-14 11:45 . 2012-05-18 01:57 548864 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
    2012-06-14 11:45 . 2012-05-17 22:31 194560 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
    2012-06-14 01:19 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-11 20:14 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
    2012-06-29 19:55 . 2012-05-07 00:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-29 19:55 . 2011-05-18 11:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-24 04:08 . 2012-05-07 01:48 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-06-18 07:12 . 2012-07-11 17:48 9013136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8084BA4F-F417-4EF7-BE4C-F71F9CF5B1E5}\mpengine.dll
    2012-06-01 11:20 . 2012-06-01 11:20 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
    2012-04-28 02:22 . 2011-09-21 16:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
    2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Barry Bloom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Barry Bloom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Barry Bloom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Barry Bloom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "Spotify Web Helper"="c:\users\Barry Bloom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-25 932528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
    "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    .
    c:\users\Barry Bloom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Barry Bloom\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2012-2-17 77824]
    Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2012-2-17 15360]
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle"= 2
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 257224]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
    R3 iscFlash;iscFlash;c:\users\BARRYB~1\AppData\Local\Temp\iscflashx64.sys [x]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-23 140712]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 113120]
    R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [2009-07-20 7058432]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-03-21 43032]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
    S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-05-18 641464]
    S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 70656]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-22 139264]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-06-20 7680512]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - IPNAT
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-06-16 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 19:55]
    .
    2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 02:03]
    .
    2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 02:03]
    .
    2012-07-11 c:\windows\Tasks\HPCeeScheduleForBarry Bloom.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
    .
    2012-07-12 c:\windows\Tasks\RGames Updater.job
    - c:\users\Barry Bloom\AppData\Local\RivalGaming\Updater.exe [2012-07-11 08:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Barry Bloom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Barry Bloom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Barry Bloom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Barry Bloom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-22 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-22 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-22 365592]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\combofix\CF28197.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://my.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
    IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
    Trusted Zone: google.com
    Trusted Zone: google.com\local
    Trusted Zone: google.com\maps
    Trusted Zone: iastate.edu
    Trusted Zone: intuit.com
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.1 208.59.247.45 208.59.247.46
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.bu.edu/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    DPF: {A8203263-E018-4106-BDBE-8BF6915E8190} - hxxps://download.infotriever.com/bin/ifhelper.cab
    FF - ProfilePath - c:\users\Barry Bloom\AppData\Roaming\Mozilla\Firefox\Profiles\xfmapg4q.default\
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    SafeBoot-Wdf01000.sys
    HKLM-Run-stlaml - c:\users\Barry Bloom\AppData\Roaming\stlaml.dll
    HKLM-Run-dhigx - c:\users\Barry Bloom\AppData\Roaming\dhigx.dll
    AddRemove-febb569a337f725f5f8607711f665d3b - c:\program files (x86)\Java\jre1.5.0_12\bin\javaw.exe
    AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
    c:\program files (x86)\Brother\Brmfcmon\BrMfcmon.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-11 21:15:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-12 01:15
    .
    Pre-Run: 52,375,404,544 bytes free
    Post-Run: 52,235,464,704 bytes free
    .
    - - End Of File - - 0FD496AD72569FB08342F2EE4D550AAB
     
  5. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Looks good :)

    Any current issues?

    ===================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  6. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    Nice!! Rebooting now and will let you know if any issues after I run OTL. Thanks so much!!

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.12.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Barry Bloom :: BARRYBLOOM-PC [administrator]

    7/11/2012 9:47:10 PM
    mbam-log-2012-07-11 (21-47-10).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 238780
    Time elapsed: 7 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  7. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    I am getting two error messages below on reboot. They both come up in little boxes.

    RunDLL (in box frame)
    There was a problem starting C:\Users\BarryBloom\AppData\Roaming\dhigx.dll
    The specified module could not be found.

    RunDLL (in box frame)
    There was a problem starting C:\Users\BarryBloom\AppData\Roaming\stlaml.dll
    The specified module could not be found

    Both have "OK" buttons at the bottom and when I click OK the boxes go away. I have never experienced this before on this machine.

    Here's the OTL Log:

    OTL logfile created on: 7/11/2012 10:03:05 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Barry Bloom\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.91 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 57.83% Memory free
    7.81 Gb Paging File | 6.09 Gb Available in Paging File | 77.93% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 282.08 Gb Total Space | 48.58 Gb Free Space | 17.22% Space Free | Partition Type: NTFS
    Drive D: | 15.82 Gb Total Space | 2.59 Gb Free Space | 16.40% Space Free | Partition Type: NTFS
    Drive H: | 3.77 Gb Total Space | 3.77 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

    Computer Name: BARRYBLOOM-PC | User Name: Barry Bloom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/11 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Barry Bloom\Desktop\OTL.exe
    PRC - [2012/06/24 22:17:52 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/06/24 19:42:58 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    PRC - [2012/05/25 15:07:47 | 000,932,528 | ---- | M] () -- C:\Users\Barry Bloom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Barry Bloom\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/05/18 14:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
    PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
    PRC - [2011/04/19 02:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/01/19 13:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
    PRC - [2009/09/30 11:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
    PRC - [2009/09/29 11:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/07/24 21:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
    PRC - [2009/07/23 14:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/03/30 16:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/11 04:43:27 | 000,103,424 | ---- | M] () -- C:\Users\Barry Bloom\AppData\Roaming\Mozilla\Firefox\Profiles\xfmapg4q.default\extensions\links@rivalgaming.com\components\xpcomponent.dll
    MOD - [2012/06/24 22:17:51 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/06/24 19:42:55 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    MOD - [2012/06/18 10:34:04 | 000,997,888 | ---- | M] () -- C:\Users\Barry Bloom\AppData\Roaming\Mozilla\Firefox\Profiles\xfmapg4q.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
    MOD - [2012/05/25 15:07:47 | 000,932,528 | ---- | M] () -- C:\Users\Barry Bloom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/06/16 13:48:34 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2010/06/16 13:48:32 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2010/06/16 13:48:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2009/07/24 21:24:16 | 000,275,848 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll
    MOD - [2009/07/24 21:24:16 | 000,124,288 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll
    MOD - [2009/07/24 21:24:14 | 000,349,480 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll
    MOD - [2009/07/23 14:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
    MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    MOD - [2008/11/12 16:32:30 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/05/13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/03/23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/06/29 15:55:50 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/24 22:17:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/05/18 14:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
    SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/03/23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/29 11:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
     
  8. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/05/18 14:12:07 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
    DRV:64bit: - [2011/05/13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2011/05/13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
    DRV:64bit: - [2010/06/20 12:46:55 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2010/03/23 15:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/12/22 11:28:31 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV:64bit: - [2009/12/22 11:28:29 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/11/10 07:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2009/11/10 07:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2009/07/22 23:03:54 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2009/07/21 18:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/07/20 19:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/05/20 18:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
    DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/12 22:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/01/09 18:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/03/20 21:03:36 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {32FFA210-F5D7-4372-A473-53E7C3F68BE2}
    IE:64bit: - HKLM\..\SearchScopes\{32FFA210-F5D7-4372-A473-53E7C3F68BE2}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{362748E6-961E-41FA-B443-81E5EFD75453}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    IE - HKLM\..\SearchScopes,DefaultScope = {32FFA210-F5D7-4372-A473-53E7C3F68BE2}
    IE - HKLM\..\SearchScopes\{32FFA210-F5D7-4372-A473-53E7C3F68BE2}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{362748E6-961E-41FA-B443-81E5EFD75453}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
    IE - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..\SearchScopes,DefaultScope = {010A16F8-BB1B-46F6-85D5-8C50DE0D9953}
    IE - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..\SearchScopes\{010A16F8-BB1B-46F6-85D5-8C50DE0D9953}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..\SearchScopes\{32FFA210-F5D7-4372-A473-53E7C3F68BE2}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..\SearchScopes\{362748E6-961E-41FA-B443-81E5EFD75453}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://lf.startnow.com/s/?q={search...s_version=6.1-x64-SP1&iesrc={referrer:source}
    IE - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..\SearchScopes\{83AF7913-4680-453A-8201-745EA10E7B7C}: "URL" = http://www.amazon.com/s?ie=UTF8&tag...aps&link_code=qs&field-keywords={searchTerms}
    IE - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..\SearchScopes\{A7458B46-EEAB-49B2-9431-173477D42D05}: "URL" = http://www.hulu.com/search?query={searchTerms}&ref=os
    IE - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..\SearchScopes\{FCBE97D6-4ADD-4EF0-A3E5-09E40FF5CE1B}: "URL" = http://query.nytimes.com/gst/handler.html?query={searchTerms}&opensearch=1
    IE - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
    FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.80.0
    FF - prefs.js..extensions.enabledItems: btpersonas@brandthunder.com:1.4.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Barry Bloom\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/22 11:53:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/16 14:23:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/24 22:17:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/04 06:02:29 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/22 11:53:39 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Barry Bloom\AppData\Roaming\Move Networks [2010/04/08 14:31:31 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DDAF3A5A-CB7D-11E1-8270-B8AC6F996F26}: C:\Users\Barry Bloom\AppData\Local\{DDAF3A5A-CB7D-11E1-8270-B8AC6F996F26}\ [2012/07/11 13:29:10 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B3B053E1-CBB9-11E1-8270-B8AC6F996F26}: C:\Users\Barry Bloom\AppData\Local\{DDAF3A5A-CB7D-11E1-8270-B8AC6F996F26}\ [2012/07/11 13:29:10 | 000,000,000 | ---D | M]

    [2010/04/15 10:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry Bloom\AppData\Roaming\Mozilla\Extensions
    [2012/07/11 04:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barry Bloom\AppData\Roaming\Mozilla\Firefox\Profiles\xfmapg4q.default\extensions
    [2012/06/29 23:06:42 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Users\Barry Bloom\AppData\Roaming\Mozilla\Firefox\Profiles\xfmapg4q.default\extensions\btpersonas@brandthunder.com
    [2012/07/11 04:43:22 | 000,000,000 | ---D | M] (RivalGaming) -- C:\Users\Barry Bloom\AppData\Roaming\Mozilla\Firefox\Profiles\xfmapg4q.default\extensions\links@rivalgaming.com
    [2012/06/19 08:34:55 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Barry Bloom\AppData\Roaming\Mozilla\Firefox\Profiles\xfmapg4q.default\extensions\support@lastpass.com
    [2012/05/19 17:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/07/01 21:00:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2011/04/28 19:48:32 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
    [2010/04/15 21:59:40 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
    [2012/04/16 14:23:19 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
    [2010/04/08 14:31:31 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\BARRY BLOOM\APPDATA\ROAMING\MOVE NETWORKS
    [2012/06/24 22:17:53 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/04/27 22:22:35 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/06/24 22:17:49 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/06/24 22:17:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/24 22:17:49 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/06/24 22:17:49 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/06/24 22:17:49 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2012/06/24 22:17:49 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/07/11 21:06:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O4:64bit: - HKLM..\Run: [dhigx] "C:\Windows\System32\rundll32.exe" "C:\Users\Barry Bloom\AppData\Roaming\dhigx.dll",SetSingleInstanceA File not found
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4:64bit: - HKLM..\Run: [stlaml] rundll32.exe "C:\Users\Barry Bloom\AppData\Roaming\stlaml.dll",RicheditStreamOut File not found
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001..\Run: [Spotify Web Helper] C:\Users\Barry Bloom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
    O4 - Startup: C:\Users\Barry Bloom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Barry Bloom\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Barry Bloom.V2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Barry Bloom\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Barry Bloom.V2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
    O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
    O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
    O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..Trusted Domains: google.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..Trusted Domains: google.com ([local] * in Trusted sites)
    O15 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..Trusted Domains: google.com ([maps] * in Trusted sites)
    O15 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..Trusted Domains: iastate.edu ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..Trusted Domains: intuit.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.bu.edu/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
    O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {A8203263-E018-4106-BDBE-8BF6915E8190} https://download.infotriever.com/bin/ifhelper.cab (InforbitHelper Class)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
    O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 208.59.247.45 208.59.247.46
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E37F6B5-F28C-4F4E-8921-74B6C6FB7E09}: DhcpNameServer = 192.168.1.1 208.59.247.45 208.59.247.46
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED3B826A-19B6-446C-B8DB-A00C9F83C938}: DhcpNameServer = 10.23.133.20 10.23.137.14 10.23.137.15 204.70.127.128 204.70.127.127
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/11 22:01:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Barry Bloom\Desktop\OTL.exe
    [2012/07/11 21:46:22 | 000,000,000 | ---D | C] -- C:\Users\Barry Bloom\AppData\Roaming\Malwarebytes
    [2012/07/11 21:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/11 21:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/11 21:46:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/11 21:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/11 21:15:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/11 21:06:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/11 20:50:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/11 20:50:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/11 20:50:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/11 20:50:18 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/11 20:49:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/11 20:47:09 | 004,576,462 | R--- | C] (Swearware) -- C:\Users\Barry Bloom\Desktop\ComboFix.exe
    [2012/07/11 20:26:31 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/11 13:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/11 13:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/11 13:31:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/07/11 13:29:10 | 000,000,000 | ---D | C] -- C:\Users\Barry Bloom\AppData\Local\{DDAF3A5A-CB7D-11E1-8270-B8AC6F996F26}
    [2012/07/11 13:28:42 | 000,055,808 | -H-- | C] (FRISK Software International) -- C:\Windows\SysWow64\cmmoance.dll
    [2012/07/11 13:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3B03B4DE2D09A16979B4EB2331
    [2012/07/11 06:50:34 | 000,000,000 | ---D | C] -- C:\Users\Barry Bloom\AppData\Local\visi_coupon
    [2012/07/11 04:44:46 | 000,000,000 | ---D | C] -- C:\Users\Barry Bloom\AppData\Local\FileTypeAssistant
    [2012/07/11 04:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2012/07/11 04:43:15 | 000,000,000 | ---D | C] -- C:\Users\Barry Bloom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivalGaming
    [2012/07/11 04:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
    [2012/07/11 04:43:11 | 000,000,000 | ---D | C] -- C:\Users\Barry Bloom\AppData\Local\RivalGaming
    [2012/07/11 04:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
    [2012/06/24 20:54:00 | 000,000,000 | ---D | C] -- C:\Users\Barry Bloom\AppData\Local\Macromedia
    [2012/06/21 21:57:13 | 000,000,000 | ---D | C] -- C:\Users\Barry Bloom\Documents\CardMinder
    [2012/06/16 11:16:35 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
    [1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/11 22:12:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/11 22:08:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RGames Updater.job
    [2012/07/11 22:06:13 | 000,028,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/11 22:06:13 | 000,028,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/11 22:01:47 | 000,736,408 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/11 22:01:47 | 000,619,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/11 22:01:47 | 000,104,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/11 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Barry Bloom\Desktop\OTL.exe
    [2012/07/11 21:59:52 | 000,022,472 | ---- | M] () -- C:\Users\Barry Bloom\Desktop\Capture 2.JPG
    [2012/07/11 21:59:16 | 000,018,563 | ---- | M] () -- C:\Users\Barry Bloom\Desktop\Capture.JPG
    [2012/07/11 21:57:51 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/11 21:57:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/11 21:57:17 | 3144,908,800 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/11 21:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/11 21:46:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/11 21:06:23 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/11 20:47:22 | 004,576,462 | R--- | M] (Swearware) -- C:\Users\Barry Bloom\Desktop\ComboFix.exe
    [2012/07/11 13:47:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/11 13:46:41 | 000,750,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/11 13:41:20 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBarry Bloom.job
    [2012/07/11 13:28:42 | 000,055,808 | -H-- | M] (FRISK Software International) -- C:\Windows\SysWow64\cmmoance.dll
    [2012/07/08 23:46:49 | 001,766,252 | ---- | M] () -- C:\Users\Barry Bloom\Desktop\DSC_0045.JPG
    [2012/07/07 11:59:15 | 000,002,129 | ---- | M] () -- C:\Users\Barry Bloom\Desktop\SAS 9.2 (English).lnk
    [2012/07/07 11:59:15 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
    [2012/07/07 11:59:15 | 000,001,097 | ---- | M] () -- C:\Users\Barry Bloom\Desktop\PDF-Viewer.lnk
    [2012/07/07 11:59:15 | 000,001,019 | ---- | M] () -- C:\Users\Barry Bloom\Desktop\Bullzip PDF Printer.lnk
    [2012/07/07 11:59:15 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/22 14:21:25 | 001,292,202 | ---- | M] () -- C:\Users\Barry Bloom\Desktop\BU Lodging-Technology 6.21.12.JPG
    [2012/06/21 10:32:38 | 000,429,909 | ---- | M] () -- C:\Users\Barry Bloom\Desktop\Bloom Ring Appraisal.pdf
    [2012/06/14 08:21:40 | 000,521,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/11 21:59:51 | 000,022,472 | ---- | C] () -- C:\Users\Barry Bloom\Desktop\Capture 2.JPG
    [2012/07/11 21:59:13 | 000,018,563 | ---- | C] () -- C:\Users\Barry Bloom\Desktop\Capture.JPG
    [2012/07/11 21:46:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/11 20:50:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/11 20:50:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/11 20:50:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/11 20:50:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/11 20:50:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/11 13:46:48 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/11 04:43:12 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RGames Updater.job
    [2012/07/07 11:59:07 | 001,766,252 | ---- | C] () -- C:\Users\Barry Bloom\Desktop\DSC_0045.JPG
    [2012/06/25 09:14:51 | 000,429,909 | ---- | C] () -- C:\Users\Barry Bloom\Desktop\Bloom Ring Appraisal.pdf
    [2012/06/22 14:21:25 | 001,292,202 | ---- | C] () -- C:\Users\Barry Bloom\Desktop\BU Lodging-Technology 6.21.12.JPG
    [2012/02/17 18:37:29 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
    [2012/01/31 09:40:40 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2011/08/29 21:21:08 | 000,220,892 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/07/25 12:11:34 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7040.DAT
    [2011/04/17 20:58:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2010/11/27 20:21:00 | 000,004,096 | -H-- | C] () -- C:\Users\Barry Bloom\AppData\Local\keyfile3.drm
    [2010/11/19 16:04:30 | 000,000,837 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/11/19 16:04:29 | 000,001,462 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2010/11/19 15:34:40 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\tcpdeam.dll
    [2010/11/19 15:34:40 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\tcpdencr.dll
    [2010/06/21 19:40:59 | 000,000,166 | ---- | C] () -- C:\Users\Barry Bloom\webct_upload_applet.properties

    ========== LOP Check ==========

    [2011/05/12 10:33:54 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\.anki
    [2010/07/06 12:44:10 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\.matplotlib
    [2009/12/20 23:46:14 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\Amazon
    [2011/08/31 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\ASAP Utilities
    [2011/07/08 15:21:43 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\Cisco
    [2012/07/11 21:59:05 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\Dropbox
    [2009/12/23 23:02:08 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\eFax Messenger
    [2010/06/16 17:49:45 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\EndNote
    [2010/05/19 11:12:59 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\FileOpen
    [2012/02/17 19:08:29 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\Fujitsu
    [2011/07/24 14:01:05 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\GARMIN
    [2011/06/16 21:55:23 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\Inspector
    [2010/05/10 09:50:41 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\Leadertech
    [2010/05/22 14:25:09 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\LibX
    [2010/06/05 15:33:12 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\MyPersonalIndex
    [2009/12/23 23:35:00 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\PDF Writer
    [2012/02/18 22:02:41 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\PFU
    [2011/05/13 22:02:14 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\SANYO
    [2011/02/03 18:20:04 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\SAS
    [2011/02/03 19:47:33 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\SAS Institute Inc
    [2010/06/20 13:02:19 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\Scientific Software
    [2010/05/19 16:38:22 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\Seagate
    [2012/06/10 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\Spotify
    [2009/12/23 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\Tracker Software
    [2010/05/12 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom\AppData\Roaming\Windows Live Writer
    [2010/07/06 13:23:47 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\.anki
    [2010/07/06 12:44:10 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\.matplotlib
    [2009/12/20 23:46:14 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\Amazon
    [2010/07/02 10:13:36 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\Cisco
    [2010/07/20 12:33:58 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\Dropbox
    [2009/12/23 23:02:08 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\eFax Messenger
    [2010/06/16 17:49:45 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\EndNote
    [2010/05/19 11:12:59 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\FileOpen
    [2010/05/10 09:50:41 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\Leadertech
    [2010/05/22 14:25:09 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\LibX
    [2010/06/05 15:33:12 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\MyPersonalIndex
    [2009/12/23 23:35:00 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\PDF Writer
    [2009/12/23 21:58:03 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\Research In Motion
    [2010/06/20 13:02:19 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\Scientific Software
    [2010/05/19 16:38:22 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\Seagate
    [2009/12/23 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\Tracker Software
    [2010/05/12 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\Barry Bloom.V2\AppData\Roaming\Windows Live Writer
    [2012/07/11 22:08:00 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\RGames Updater.job
    [2012/07/11 16:04:12 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:B801D4E2

    < End of report >
     
  9. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Both errors should be gone after running following fix.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O4:64bit: - HKLM..\Run: [dhigx] "C:\Windows\System32\rundll32.exe" "C:\Users\Barry Bloom\AppData\Roaming\dhigx.dll",SetSingleInstanceA File not found
      O4:64bit: - HKLM..\Run: [stlaml] rundll32.exe "C:\Users\Barry Bloom\AppData\Roaming\stlaml.dll",RicheditStreamOut File not found
      O4 - Startup: C:\Users\Barry Bloom.V2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
      O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
      O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
      O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
      O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
      O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
      O15 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..Trusted Domains: google.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..Trusted Domains: google.com ([local] * in Trusted sites)
      O15 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..Trusted Domains: google.com ([maps] * in Trusted sites)
      O15 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..Trusted Domains: iastate.edu ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..Trusted Domains: intuit.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-1776865559-1656542232-3877568454-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
      O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
      @Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:B801D4E2
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  10. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    Forgot to post this one...will continue with the steps above in the meantime.

    OTL Extras logfile created on: 7/11/2012 10:03:05 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Barry Bloom\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.91 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 57.83% Memory free
    7.81 Gb Paging File | 6.09 Gb Available in Paging File | 77.93% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 282.08 Gb Total Space | 48.58 Gb Free Space | 17.22% Space Free | Partition Type: NTFS
    Drive D: | 15.82 Gb Total Space | 2.59 Gb Free Space | 16.40% Space Free | Partition Type: NTFS
    Drive H: | 3.77 Gb Total Space | 3.77 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

    Computer Name: BARRYBLOOM-PC | User Name: Barry Bloom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 1
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{0997FDC0-C036-4A77-A874-1EDBCF67FBFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{74A399A6-1DDC-4F3E-8E02-F787879946AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
    "{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
    "{42A7D971-15B3-441C-B0C9-DFB7591BAFDC}" = PDF-XChange Viewer
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{601B8608-C901-428C-8125-53585CA54124}" = Microsoft Camera Codec Pack
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
    "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
    "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "5F4DD0919B4763856B77AD385DEEEFCDF01784A8" = ENE CIR Receiver Driver
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1080
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "LSI Soft Modem" = LSI HDA Modem
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "SP6" = Logitech SetPoint 6.0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
    "{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1ABA2AF6-A2BB-486C-A7CB-FCF34C135D92}" = Cisco AnyConnect VPN Client
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
    "{30F9800A-02C1-4B3A-B6D5-BA62601E4DDD}" = VZAccess Manager
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{37EBB600-EAA2-012B-AD89-000000000000}" = TurboTax 2009 wiliper
    "{3818E081-EAA2-012B-AD94-000000000000}" = TurboTax 2009 WinBizFedFormset
    "{3830D551-EAA2-012B-AD9A-000000000000}" = TurboTax 2009 WinBizReleaseEngine
    "{383CBC31-EAA2-012B-AD9D-000000000000}" = TurboTax 2009 WinBizTaxSupport
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3C5A81D1-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{4313E16C-811B-469F-8815-6EB98085F8B2}" = SlingBoxWatchYourTVAnyWhere
    "{44A69352-33DD-405E-ADB8-2D768643BBAE}_is1" = AnyBizSoft PDF to Word (Build 3.0.0)
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
    "{45E5D641-3C82-4F95-92FB-AE5459DF2988}" = HP User Guides 0146
    "{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite DCP-7040
    "{48D66137-C7A6-4890-8316-534CFF3688EA}" = Garmin City Navigator North America NT 2012.10 Update
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5866F83F-5347-4324-A15E-070502A65866}" = TurboTax 2010 WinBizReleaseEngine
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5B21E6C6-04C8-4131-8556-08CC6CCE1DE0}_is1" = MyPersonalIndex 3.0.0
    "{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
    "{6334BBB0-8A2E-4679-B845-9CE27E72DBDA}" = TurboTax 2010 WinBizTaxSupport
    "{6346B2AE-0DBB-45A3-9ECA-D23CAC27AB7E}" = TurboTax 2011 wiliper
    "{6503D8CE-272E-492B-BA45-72044323341E}" = Xacti Simple Uploader
    "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6ADC1384-4E79-44D5-BB9A-F1DB4038C79E}" = TurboTax 2011 wmaiper
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{701A44AB-17FC-4100-BC2D-FB0CAF9EC220}" = SAS Universal Viewer 1.1
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75210106-92D4-45A9-B2B7-EC9E901DF334}_is1" = BackupOutlook
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8720C829-3BD5-4CC5-AD1F-AD54FB928DCB}" = TurboTax 2011 wcoiper
    "{872ADF4E-8F51-41B7-8553-ACD5771BCC90}_is1" = AnyBizSoft PDF to Word (Build 2.5.3)
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F281AD-18C7-4A49-A4F8-52FE2F2AD876}" = SAS OnlineDoc 9.2 for Windows
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90F6051D-A69F-4159-9203-7E20430E1056}" = HP MediaSmart SlingPlayer
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1BC9F13-59FE-43E4-8498-DF5A721196C5}" = BlackBerry USB Drivers
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-1033-F400-BA7E-000000000005}" = Adobe Acrobat X Standard - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AE3795EC-AE7F-474E-B5A7-D693AA068039}" = Stata 11
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B3076A28-345A-4d89-90A3-B68866C0DFB8}" = eFax Messenger 4.3
    "{B67B329A-8F51-466B-A2C1-E58FFE8F7C33}" = ATLAS.ti Demo
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{BB586E51-4876-4BB2-91EC-5CB3D0C38145}" = CardMinder V4.1
    "{BD099F53-03B0-4663-900F-D87E3408C0DC}" = SAS Drivers for ODBC
    "{BF90863B-BF23-4293-89F0-19EF85E2B170}" = ScanSnap Organizer
    "{C3ADD937-FD5F-4CC6-AE15-AEDEE2A20165}" = TurboTax 2010 wrapper
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CC08084A-3CB3-44C5-8D9B-04E2E299612A}" = ScanSnap
    "{CC9F8196-49FC-4C78-A342-97604035DA7E}" = SAS Enterprise Guide 4.2
    "{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DCCDDA68-581E-4A68-96B6-D61BBB195605}" = SAS 9.2
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E6C0F926-446B-4450-8D15-4405A9431EB7}" = TurboTax 2010 WinBizFedFormset
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
    "{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FB410000-0002-0000-0000-074957833700}" = ABBYY FineReader for ScanSnap (TM) 4.1
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "1d8476e4fcca11dab0f6f685d746a93a" = SAS/SECURE Java 9.2
    "6ac75c7530cfebfc1fddd4df53dc3f56" = SAS Power and Sample Size 3.1
    "Active@ KillDisk FREE Suite" = Active@ KillDisk FREE Suite
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
    "Anki" = Anki
    "ASAP Utilities_is1" = ASAP Utilities
    "Audacity_is1" = Audacity 1.2.6
    "BookSmart® 2.5.1 2.5.1" = BookSmart® 2.5.1 2.5.1
    "cff19b08e7a5c9dc36cfff14acae4c3e" = SAS Package Reader 9.2
    "d512c678901db9d321c85ecf7c30ae2e" = SAS Deployment Tester - Client 1.3
    "FastStone Photo Resizer" = FastStone Photo Resizer 3.0
    "febb569a337f725f5f8607711f665d3b" = SAS Versioned Jar Repository 9.2
    "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
    "Homepage Protection" = Homepage Protection
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "MailStore Home_is1" = MailStore Home 4.2.0.5431
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 13.0.1 (x86 en-GB)" = Mozilla Firefox 13.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Picasa 3" = Picasa 3
    "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
    "Savings Bond Wizard" = Savings Bond Wizard
    "Secunia PSI" = Secunia PSI (2.0.0.3003)
    "StartNow Toolbar" = StartNow Toolbar
    "thinkorswim" = thinkorswim
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2011" = TurboTax 2011
    "TurboTax Business 2009" = TurboTax Business 2009
    "TurboTax Business 2010" = TurboTax Business 2010
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1776865559-1656542232-3877568454-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
    "Amazon Kindle For PC" = Amazon Kindle For PC v1.1
    "Dropbox" = Dropbox
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "LastPass" = LastPass (uninstall only)
    "Move Media Player" = Move Media Player
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/11/2012 4:00:41 PM | Computer Name = BarryBloom-PC | Source = WinMgmt | ID = 4
    Description =

    Error - 7/11/2012 4:00:42 PM | Computer Name = BarryBloom-PC | Source = WinMgmt | ID = 4
    Description =

    Error - 7/11/2012 4:00:42 PM | Computer Name = BarryBloom-PC | Source = WinMgmt | ID = 4
    Description =

    Error - 7/11/2012 4:00:44 PM | Computer Name = BarryBloom-PC | Source = WinMgmt | ID = 4
    Description =

    Error - 7/11/2012 4:00:44 PM | Computer Name = BarryBloom-PC | Source = WinMgmt | ID = 4
    Description =

    Error - 7/11/2012 4:00:44 PM | Computer Name = BarryBloom-PC | Source = WinMgmt | ID = 4
    Description =

    Error - 7/11/2012 4:00:45 PM | Computer Name = BarryBloom-PC | Source = WinMgmt | ID = 4
    Description =

    Error - 7/11/2012 4:00:47 PM | Computer Name = BarryBloom-PC | Source = WinMgmt | ID = 4
    Description =

    Error - 7/11/2012 4:02:21 PM | Computer Name = BarryBloom-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 7/11/2012 4:16:12 PM | Computer Name = BarryBloom-PC | Source = Intuit Update Service | ID = 0
    Description = Service cannot be started. The service process could not connect to
    the service controller

    [ Cisco AnyConnect VPN Client Events ]
    Error - 7/11/2012 8:40:27 PM | Computer Name = BarryBloom-PC | Source = vpnagent | ID = 67108866
    Description = Function: CFilterVistaImpl::ensureBFEServiceStarted File: .\FilterVistaImpl.cpp
    Line:
    529 Invoked Function: OpenService Return Code: 1060 (0x00000424) Description: The
    specified service does not exist as an installed service.

    Error - 7/11/2012 8:40:27 PM | Computer Name = BarryBloom-PC | Source = vpnagent | ID = 67108866
    Description = Function: CFilterVistaImpl::Register File: .\FilterVistaImpl.cpp Line:
    2047 Invoked Function: CFilterVistaImpl::ensureBFEServiceStarted Return Code: -33423351
    (0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED

    Error - 7/11/2012 8:40:27 PM | Computer Name = BarryBloom-PC | Source = vpnagent | ID = 67108866
    Description = Function: CHostConfigMgr::CHostConfigMgr File: .\HostConfigMgr.cpp Line:
    114 Invoked Function: CFilterMgr::Register Return Code: -33423351 (0xFE020009) Description:
    FILTERCOMMONIMPL_ERROR_UNEXPECTED

    Error - 7/11/2012 8:40:27 PM | Computer Name = BarryBloom-PC | Source = vpnagent | ID = 67108866
    Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
    _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

    File:
    C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
    No such file or directory

    Error - 7/11/2012 8:43:22 PM | Computer Name = BarryBloom-PC | Source = vpnagent | ID = 67108866
    Description = Function: CFilterVistaImpl::ensureBFEServiceStarted File: .\FilterVistaImpl.cpp
    Line:
    529 Invoked Function: OpenService Return Code: 1060 (0x00000424) Description: The
    specified service does not exist as an installed service.

    Error - 7/11/2012 8:43:22 PM | Computer Name = BarryBloom-PC | Source = vpnagent | ID = 67108866
    Description = Function: CFilterVistaImpl::Register File: .\FilterVistaImpl.cpp Line:
    2047 Invoked Function: CFilterVistaImpl::ensureBFEServiceStarted Return Code: -33423351
    (0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED

    Error - 7/11/2012 8:43:22 PM | Computer Name = BarryBloom-PC | Source = vpnagent | ID = 67108866
    Description = Function: CHostConfigMgr::CHostConfigMgr File: .\HostConfigMgr.cpp Line:
    114 Invoked Function: CFilterMgr::Register Return Code: -33423351 (0xFE020009) Description:
    FILTERCOMMONIMPL_ERROR_UNEXPECTED

    Error - 7/11/2012 8:43:22 PM | Computer Name = BarryBloom-PC | Source = vpnagent | ID = 67108866
    Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
    _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

    File:
    C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
    No such file or directory

    Error - 7/11/2012 9:06:04 PM | Computer Name = BarryBloom-PC | Source = vpnagent | ID = 67108866
    Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
    _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

    File:
    C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
    No such file or directory

    Error - 7/11/2012 9:57:36 PM | Computer Name = BarryBloom-PC | Source = vpnagent | ID = 67108866
    Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
    _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

    File:
    C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
    No such file or directory

    [ Hewlett-Packard Events ]
    Error - 6/29/2012 4:00:50 PM | Computer Name = BarryBloom-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3998 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

    Error - 7/5/2012 8:54:13 AM | Computer Name = BarryBloom-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/6/2012 3:15:20 PM | Computer Name = BarryBloom-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3998 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

    Error - 7/11/2012 4:34:24 PM | Computer Name = BarryBloom-PC | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2146233087 at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Message:
    Invalid class StackTrace: at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Source:
    System.Management Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3998 Ram
    Utilization: 40 TargetSite: Void ThrowWithExtendedInfo(System.Management.ManagementStatus)


    Error - 7/11/2012 4:34:24 PM | Computer Name = BarryBloom-PC | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2146233087HPSFMsgr.exe at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Message:
    Invalid class StackTrace: at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Source:
    System.Management Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3998 Ram
    Utilization: 40 TargetSite: Void ThrowWithExtendedInfo(System.Management.ManagementStatus)


    Error - 7/11/2012 8:39:07 PM | Computer Name = BarryBloom-PC | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2146233087 at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Message:
    Invalid class StackTrace: at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Source:
    System.Management Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3998 Ram
    Utilization: 40 TargetSite: Void ThrowWithExtendedInfo(System.Management.ManagementStatus)


    Error - 7/11/2012 8:39:07 PM | Computer Name = BarryBloom-PC | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2146233087HPSFMsgr.exe at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Message:
    Invalid class StackTrace: at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Source:
    System.Management Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3998 Ram
    Utilization: 40 TargetSite: Void ThrowWithExtendedInfo(System.Management.ManagementStatus)


    Error - 7/11/2012 8:47:38 PM | Computer Name = BarryBloom-PC | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2146233087 at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Message:
    Invalid class StackTrace: at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Source:
    System.Management Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3998 Ram
    Utilization: 40 TargetSite: Void ThrowWithExtendedInfo(System.Management.ManagementStatus)


    Error - 7/11/2012 8:47:41 PM | Computer Name = BarryBloom-PC | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2146233087HPSFMsgr.exe at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Message:
    Invalid class StackTrace: at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Source:
    System.Management Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3998 Ram
    Utilization: 40 TargetSite: Void ThrowWithExtendedInfo(System.Management.ManagementStatus)


    Error - 7/11/2012 10:02:04 PM | Computer Name = BarryBloom-PC | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2146233087 at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Message:
    Invalid class StackTrace: at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Source:
    System.Management Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3998 Ram
    Utilization: 40 TargetSite: Void ThrowWithExtendedInfo(System.Management.ManagementStatus)


    [ System Events ]
    Error - 7/11/2012 9:03:40 PM | Computer Name = BarryBloom-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 7/11/2012 9:04:44 PM | Computer Name = BarryBloom-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/11/2012 9:04:59 PM | Computer Name = BarryBloom-PC | Source = Service Control Manager | ID = 7024
    Description = The HomeGroup Listener service terminated with service-specific error
    %%-2147023143.

    Error - 7/11/2012 9:05:00 PM | Computer Name = BarryBloom-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/11/2012 9:06:16 PM | Computer Name = BarryBloom-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/11/2012 9:06:28 PM | Computer Name = BarryBloom-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    luafv

    Error - 7/11/2012 9:08:32 PM | Computer Name = BarryBloom-PC | Source = Service Control Manager | ID = 7000
    Description = The HP Support Assistant Service service failed to start due to the
    following error: %%31

    Error - 7/11/2012 9:35:12 PM | Computer Name = BarryBloom-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.

    Error - 7/11/2012 9:57:54 PM | Computer Name = BarryBloom-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    luafv

    Error - 7/11/2012 9:58:27 PM | Computer Name = BarryBloom-PC | Source = DCOM | ID = 10010
    Description =


    < End of report >
     
  11. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dhigx deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\stlaml deleted successfully.
    C:\Users\Barry Bloom.V2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk moved successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Fill Forms\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Fill Forms\ not found.
    Registry key HKEY_USERS\S-1-5-21-1776865559-1656542232-3877568454-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1776865559-1656542232-3877568454-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\local\ not found.
    Registry key HKEY_USERS\S-1-5-21-1776865559-1656542232-3877568454-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\maps\ not found.
    Registry key HKEY_USERS\S-1-5-21-1776865559-1656542232-3877568454-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\iastate.edu\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1776865559-1656542232-3877568454-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1776865559-1656542232-3877568454-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    Starting removal of ActiveX control Web-Based Email Tools
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
    ADS C:\ProgramData\Temp:B801D4E2 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Barry Bloom
    ->Temp folder emptied: 3109 bytes
    ->Temporary Internet Files folder emptied: 17704065 bytes
    ->Java cache emptied: 28363551 bytes
    ->FireFox cache emptied: 63200378 bytes
    ->Flash cache emptied: 5217246 bytes

    User: Barry Bloom.V2
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 5436804 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 528178 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 133696 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 27663759 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 141.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Barry Bloom
    ->Java cache emptied: 0 bytes

    User: Barry Bloom.V2

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Barry Bloom
    ->Flash cache emptied: 492 bytes

    User: Barry Bloom.V2
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07112012_223338

    Files\Folders moved on Reboot...
    C:\Users\Barry Bloom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Barry Bloom\AppData\Local\Temp\VGXCCC.tmp moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Barry Bloom\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\Barry Bloom\AppData\Local\Temp\VGXCCC.tmp not found!

    Registry entries deleted on Reboot...
     
     
  12. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Secunia PSI (2.0.0.3003)
    SAS/SECURE Java 9.2
    Java(TM) 6 Update 31
    Adobe Flash Player 11.3.300.262
    Adobe Reader X (10.1.3)
    Mozilla Firefox (x86 en-GB..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
     
  13. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    Farbar Service Scanner Version: 08-07-2012
    Ran by Barry Bloom (administrator) on 11-07-2012 at 22:44:03
    Running from "C:\Users\Barry Bloom\Desktop"
    Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  14. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    Still working, but wanted to let you know that I got the following message when I tried to run OTL and TFC (I believe...might have been other programs).

    Cisco AnyConnect VPN Client (in box around window)
    The VPN client agent was unable to create the interprocess communication depot.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    That's fine as long as both programs worked.
     
  16. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    Wow...that was quite a long proceess with ESET. The computer rebooted sometime overnight so I had to restart it again this morning. Log below:

    C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir Win32/Toolbar.Zugo.A application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Users\Barry Bloom\AppData\Local\RivalGaming\RiVAlgaming.dll.vir a variant of Win32/Adware.Gamevance.CG application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Users\Barry Bloom\AppData\Roaming\mdeat.dll.vir a variant of Win32/Medfos.AJ trojan cleaned by deleting - quarantined
    C:\Users\Barry Bloom\AppData\Local\RivalGaming\Uninstaller.exe a variant of Win32/Adware.Gamevance.CJ application cleaned by deleting - quarantined
    C:\Users\Barry Bloom\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll probably a variant of Win32/Adware.Gamevance.CI application cleaned by deleting - quarantined
    C:\Users\Barry Bloom\AppData\Roaming\Mozilla\Firefox\Profiles\xfmapg4q.default\extensions\links@rivalgaming.com\components\xpcomponent.dll probably a variant of Win32/Adware.Gamevance.CI application cleaned by deleting (after the next restart) - quarantined
    C:\Windows\System32\cmmoance.dll Win32/PSW.Papras.CE trojan cleaned by deleting - quarantined
     
  17. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================================

    We have one registry key corrupted affecting Windows updates.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip the file.
    You'll find several files inside.
    Double click on bits.reg file and confirm the prompt.
    Restart computer.
    Post new FSS log.
     
  18. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    Continued thanks!! Hopefully we can have this all done in the next two hours BEFORE I leave for my trip. Broni, you are amazing!

    Farbar Service Scanner Version: 08-07-2012
    Ran by Barry Bloom (administrator) on 12-07-2012 at 12:08:40
    Running from "C:\Users\Barry Bloom\Desktop"
    Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  19. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    Broni, thanks again for your help and expertise. I'm heading out for my trip but am NOT taking the laptop with me. I'll be back on July 24 and hopefully we can ensure that it's completely clean then. All the best. Barry
     
  20. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Good news on your return....

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  21. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    Thanks again, Broni. Back and back in action.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Barry Bloom
    ->Temp folder emptied: 525 bytes
    ->Temporary Internet Files folder emptied: 262098 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 7690297 bytes
    ->Flash cache emptied: 492 bytes

    User: Barry Bloom.V2
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5152196 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 183661 bytes

    Total Files Cleaned = 13.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Barry Bloom
    ->Flash cache emptied: 0 bytes

    User: Barry Bloom.V2
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Barry Bloom
    ->Java cache emptied: 0 bytes

    User: Barry Bloom.V2

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb

    System Restore Service not available.

    OTL by OldTimer - Version 3.2.54.0 log created on 07232012_155726

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Barry Bloom\AppData\Local\Temp\etilqs_iqlyjLGcZhHhaiH not found!
    File\Folder C:\Users\Barry Bloom\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File\Folder C:\Users\Barry Bloom\AppData\Local\Temp\VGX2A3A.tmp not found!
    C:\Windows\temp\MpCmdRun.log moved successfully.
    File\Folder C:\Windows\temp\TMP0000005BAD10B56628D7A622 not found!

    PendingFileRenameOperations files...
    File C:\Users\Barry Bloom\AppData\Local\Temp\etilqs_iqlyjLGcZhHhaiH not found!
    File C:\Users\Barry Bloom\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\Barry Bloom\AppData\Local\Temp\VGX2A3A.tmp not found!
    File C:\Windows\temp\MpCmdRun.log not found!
    File C:\Windows\temp\TMP0000005BAD10B56628D7A622 not found!

    Registry entries deleted on Reboot...
     
  22. Broni

    Broni Malware Annihilator Posts: 47,022   +255

     
  23. Chicagoflyski

    Chicagoflyski TS Rookie Topic Starter Posts: 16

    Thanks again for your amazing help, Broni. All seems to be working well.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.