TechSpot

ZeroAccess Trojan

Solved
By verity25
Jul 1, 2012
  1. Hello,

    I seem to be infected with the above trojan; I have tried to remove it with McAfee but it says it can't remove it. Any help please.

    Verity25
  2. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================

    What Windows version is it?
  3. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Window 7 HP
  4. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  5. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Here is the log file in 2 parts

    Part 1

    Scan result of Farbar Recovery Scan Tool Version: 01-07-2012
    Ran by SYSTEM at 02-07-2012 18:01:35
    Running from J:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe [4042568 2010-09-30] (O&O Software GmbH)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
    HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [Turbo Key] "C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe" [1874432 2009-11-24] (ASUSTeK Computer Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-05-07] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "D:\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [x]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "D:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [x]
    HKU\Alan\...\Run: [NextSTART] C:\Program Files (x86)\Winstep\nextstart.exe autostart [7789184 2012-03-28] (Winstep Software Technologies)
    HKU\Alan\...\Run: [Workshelf] C:\Program Files (x86)\Winstep\workshelf.exe autostart [19256448 2012-03-28] (Winstep Software Technologies)
    HKU\Alan\...\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" [4480456 2012-05-31] (Binary Fortress Software)
    HKU\Alan\...\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash [487424 2011-05-03] (Gadwin Systems, Inc)
    HKU\Alan\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [109336 2012-06-16] (Siber Systems)
    HKU\Alan\...\Run: [Ipsos Panel Plus] C:\Users\Alan\AppData\Local\Ipsos Panel Plus\service\IpsosPanelPlusService.exe [122960 2012-06-14] (Ipsos)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    AppInit_DLLs: C:\Users\Alan\AppData\Roaming\Avanquest\PowerDesk\FileMonitor64.dll
    Tcpip\..\Interfaces\{7656D45F-1F58-478B-8574-9DE899BF6757}: [NameServer]192.168.1.1
    Startup: C:\Users\Alan\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

    ==================== Services (Whitelisted) ======

    2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.)
    2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
    2 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe /service [4660664 2012-01-07] ()
    2 LVPrcS64; "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [191000 2009-10-06] (Logitech Inc.)
    2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
    2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-03-22] (McAfee, Inc.)
    4 McOobeSv; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
    2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
    2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
    4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
    2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-10-24] (Nalpeiron Ltd.)
    2 OODefragAgent; "C:\Program Files\OO Software\Defrag\oodag.exe" [3140424 2010-09-30] (O&O Software GmbH)
    3 RoxMediaDB11; "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe" [1128944 2009-05-19] (Sonic Solutions)
    2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [5876008 2010-01-07] (Wacom Technology, Corp.)
    2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe" [2028864 2011-12-08] (TuneUp Software)
    2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127784 2009-11-23] (Wacom Technology, Corp.)
    2 IpsosLSPService; C:\Program Files (x86)\IpsosLSPService\IpsosLSPService.exe [x]
    2 nuragoLSPService; C:\Program Files (x86)\nuragoLSPService\nuragoLSPService.exe [x]

    ========================== Drivers (Whitelisted) =============

    1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-03] ()
    1 AsUpIO; C:\Windows\SysWow64\Drivers\AsUpIO.sys [13368 2009-07-05] ()
    3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
    3 chdrvr01; C:\Windows\System32\Drivers\chdrvr01.sys [251224 2011-05-20] (CH Products)
    3 chdrvr02; C:\Windows\System32\Drivers\chdrvr02.sys [13016 2011-05-20] (CH Products)
    3 chdrvr03; C:\Windows\System32\Drivers\chdrvr03.sys [17496 2011-05-20] (CH Products)
    3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
    3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
    3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
    3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
    1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
    3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
    0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
    3 Revoflt; C:\Windows\System32\Drivers\Revoflt.sys [31800 2009-12-30] (VS Revo Group)
    3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2010-10-07] (TuneUp Software)
    3 mfeavfk01; [x]
    3 wacomvhid; C:\Windows\System32\DRIVERS\wacomvhid.sys [x]
    2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-02 18:01 - 2012-07-02 18:01 - 00000000 ____D C:\FRST
    2012-07-01 08:49 - 2012-07-01 10:01 - 00000000 ____D C:\Users\All Users\Esellerate
    2012-07-01 08:22 - 2012-07-01 08:23 - 00000000 ____D C:\Users\Alan\AppData\Roaming\GetRightToGo
    2012-07-01 08:19 - 2012-07-01 08:19 - 00367272 ____A (RegNow.com) C:\Users\Alan\Downloads\Download_9.0.0.912sdasetup-regnow_201_Trial.exe
    2012-07-01 07:40 - 2011-02-28 03:09 - 03021244 ____A C:\Users\Alan\Downloads\AS_ALCATRAZ_FSX_100.zip
    2012-07-01 00:50 - 2012-05-15 00:00 - 03314590 ____A C:\Users\Alan\Downloads\FSC92Update.zip
    2012-06-30 11:14 - 2010-03-28 02:58 - 00093696 ____A C:\Windows\SysWOW64\sevCmd3.oca
    2012-06-30 11:14 - 2009-11-29 04:15 - 00000282 ____A C:\Windows\SysWOW64\sevXPCtl.dep
    2012-06-30 11:14 - 2009-11-29 04:14 - 00000282 ____A C:\Windows\SysWOW64\sevEin20.dep
    2012-06-30 11:14 - 2009-11-29 04:13 - 00000552 ____A C:\Windows\SysWOW64\sevClb20.dep
    2012-06-30 11:14 - 2009-11-29 04:13 - 00000549 ____A C:\Windows\SysWOW64\sevCmd3.dep
    2012-06-30 11:14 - 2009-11-29 04:11 - 00294400 ____A (Tools & Components) C:\Windows\SysWOW64\sevEin20.ocx
    2012-06-30 11:14 - 2009-11-28 07:17 - 00233472 ____A (Tools & Components) C:\Windows\SysWOW64\sevXPCtl.ocx
    2012-06-30 11:14 - 2009-11-28 07:16 - 00141824 ____A (Tools & Components) C:\Windows\SysWOW64\sevCmd3.ocx
    2012-06-30 11:14 - 2009-11-28 07:14 - 00115712 ____A (Tools & Components) C:\Windows\SysWOW64\sevClb20.ocx
    2012-06-30 11:14 - 2006-05-31 07:35 - 00190464 ____A (Tools & Components) C:\Windows\SysWOW64\sevImLib.dll
    2012-06-30 11:14 - 2002-07-26 06:02 - 00026000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CTL3D.dll
    2012-06-30 11:14 - 1998-07-05 16:00 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\STDFTDE.DLL
    2012-06-30 11:14 - 1998-07-05 13:00 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMDE.DLL
    2012-06-30 11:14 - 1998-06-24 08:57 - 00057880 ____A (Outrider Systems, Inc.) C:\Windows\SysWOW64\SPIN32.OCX
    2012-06-30 09:10 - 2012-06-30 09:10 - 00000000 ____D C:\Users\Alan\Documents\WoS3
    2012-06-30 09:10 - 2012-06-30 09:10 - 00000000 ____D C:\Users\Alan\AppData\Local\WoS3
    2012-06-29 07:29 - 2012-06-29 07:29 - 00000000 ____D C:\Aerosoft
    2012-06-29 03:36 - 2012-07-02 07:41 - 3477190656 ____A C:\Users\Alan\Downloads\Railworks3.iso
    2012-06-29 03:26 - 2012-06-29 03:53 - 00000000 ____D C:\Users\Alan\Downloads\World Of Subways Vol.3 London Underground [MULTI2][PCDVD][RELOADED][WwW.GamesTorrents.CoM]
    2012-06-29 01:56 - 2012-06-29 01:56 - 00000000 ____D C:\Users\Public\Documents\Adobe
    2012-06-26 08:15 - 2012-06-26 08:15 - 00065562 ____A C:\Users\Public\Documents\NETGEAR_DGN2200.cfg
    2012-06-25 12:43 - 2012-07-02 08:48 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-25 12:43 - 2012-07-02 07:11 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-25 12:43 - 2012-06-25 12:44 - 00000000 ____D C:\Users\Alan\AppData\Local\Google
    2012-06-25 12:43 - 2012-06-25 12:44 - 00000000 ____D C:\Program Files (x86)\Google
    2012-06-23 12:40 - 2012-06-23 12:40 - 00000000 ____D C:\Users\Alan\Documents\My Garmin
    2012-06-23 12:40 - 2012-06-23 12:40 - 00000000 ____D C:\Users\Alan\AppData\Local\Garmin
    2012-06-23 12:39 - 2012-06-23 12:39 - 00000000 ____D C:\Users\Alan\AppData\Local\GARMIN_Corp
    2012-06-23 08:46 - 2012-06-23 08:46 - 00000021 ____A C:\Windows\SurCode.INI
    2012-06-23 08:46 - 2012-06-23 08:46 - 00000000 ____D C:\Users\All Users\PACE Anti-Piracy
    2012-06-23 08:46 - 2012-06-23 08:46 - 00000000 ____D C:\Users\Alan\AppData\Roaming\PACE Anti-Piracy
    2012-06-23 08:46 - 2012-06-23 08:46 - 00000000 ____D C:\Users\Alan\AppData\Local\PACE Anti-Piracy
    2012-06-23 08:46 - 2012-06-23 08:46 - 00000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy
    2012-06-23 08:27 - 2012-06-23 08:27 - 00000000 ____A C:\Users\Alan\AppData\Local\history.txt
    2012-06-23 05:29 - 2012-06-23 05:29 - 00363856 ____A C:\Windows\Minidump\062312-20326-01.dmp
    2012-06-23 05:28 - 2012-06-23 05:28 - 594361677 ____A C:\Windows\MEMORY.DMP
    2012-06-23 05:03 - 2012-06-23 05:03 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Ipsos Panel Plus
    2012-06-23 05:03 - 2012-06-23 05:03 - 00000000 ____D C:\Users\Alan\AppData\Local\Ipsos Panel Plus
    2012-06-22 13:50 - 2012-06-22 13:50 - 00000000 ____D C:\Program Files\Adobe
    2012-06-22 13:49 - 2012-06-22 13:49 - 00000000 ____D C:\Users\All Users\ALM
    2012-06-22 13:45 - 2012-06-22 13:45 - 00000000 ____D C:\Users\Alan\Adobe Flash Builder 4.6
    2012-06-22 13:39 - 2012-06-22 13:39 - 00000000 ____D C:\Program Files (x86)\My Company Name
    2012-06-22 13:39 - 2011-10-16 18:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdralw2k.sys
    2012-06-22 13:39 - 2011-10-16 18:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdr4_xp.sys
    2012-06-22 12:52 - 2012-06-05 08:39 - 02674800 ____A (Sysinternals - www.sysinternals.com) C:\Users\Alan\Desktop\procexp.exe
    2012-06-22 10:24 - 2012-06-22 10:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2012-06-22 10:24 - 2012-06-22 10:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2012-06-22 10:24 - 2012-06-22 10:24 - 00000000 ____D C:\Users\Alan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2012-06-22 10:24 - 2012-06-22 10:24 - 00000000 ____D C:\Program Files (x86)\Adobe Download Assistant
    2012-06-22 07:59 - 2012-06-23 08:16 - 00000000 ____D C:\Program Files (x86)\Better Explorer
    2012-06-22 07:59 - 2012-06-22 07:59 - 00000000 ____D C:\Users\Alan\AppData\Local\IsolatedStorage
    2012-06-22 07:47 - 2012-06-22 07:47 - 00000000 ____D C:\Users\Alan\AppData\Local\VS Revo Group
    2012-06-22 07:47 - 2012-06-22 07:47 - 00000000 ____D C:\Program Files\VS Revo Group
    2012-06-22 07:47 - 2009-12-30 02:21 - 00031800 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
    2012-06-21 08:22 - 2012-06-21 08:22 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-06-21 08:22 - 2012-06-21 08:22 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-06-21 08:22 - 2012-06-21 08:22 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-06-21 08:22 - 2012-06-21 08:22 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-06-21 08:22 - 2012-06-21 08:22 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-06-21 08:22 - 2012-06-21 08:22 - 00000000 ____D C:\Program Files\Java
    2012-06-21 08:20 - 2012-06-21 08:20 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-06-21 08:20 - 2012-06-21 08:20 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-06-21 08:20 - 2012-06-21 08:20 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-21 08:20 - 2012-06-21 08:20 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-21 08:20 - 2012-06-21 08:20 - 00000000 ____D C:\Program Files (x86)\Java
    2012-06-21 07:27 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 07:27 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 07:27 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 07:27 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 07:27 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 07:27 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 07:27 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 07:27 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 07:27 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-20 10:46 - 2012-06-20 10:47 - 00000000 ____D C:\Program Files\iTunes
    2012-06-20 10:46 - 2012-06-20 10:47 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-06-20 10:46 - 2012-06-20 10:46 - 00000000 ____D C:\Program Files\iPod
    2012-06-19 08:14 - 2012-06-19 08:14 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Canon
    2012-06-17 02:15 - 2012-06-17 02:15 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Adobe Mini Bridge CS5
    2012-06-16 02:18 - 2012-06-16 02:18 - 00000000 ____D C:\Users\Alan\AppData\Local\Macromedia
    2012-06-16 01:33 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-16 01:33 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-16 01:33 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-16 01:33 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-16 01:33 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-16 01:33 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-16 01:33 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-16 01:33 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-16 01:33 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-16 01:33 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-16 01:33 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-16 01:25 - 2012-07-02 08:50 - 00002788 ____A C:\Windows\setupact.log
    2012-06-16 01:25 - 2012-07-02 07:11 - 00092190 ____A C:\Windows\PFRO.log
    2012-06-15 09:43 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-15 09:43 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-15 09:43 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-15 09:43 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-15 09:43 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-15 09:43 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-15 09:43 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-15 09:43 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-15 09:43 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-15 09:43 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-15 09:43 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-15 09:43 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-15 09:43 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-15 09:43 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-15 09:43 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-15 09:43 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-15 09:43 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-06-15 09:43 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-15 09:43 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-15 09:43 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-15 09:43 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-15 09:43 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-15 09:43 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-15 09:43 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-06-15 09:43 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-15 09:43 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-15 09:43 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-15 09:43 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-15 09:43 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-15 09:43 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-15 09:27 - 2012-06-15 09:27 - 00000000 ____D C:\Users\All Users\DAEMON Tools Pro
    2012-06-15 09:27 - 2012-06-15 09:27 - 00000000 ____D C:\Users\Alan\AppData\Roaming\DAEMON Tools Pro
    2012-06-15 09:25 - 2012-06-15 09:25 - 00000000 ____D C:\Program Files (x86)\Atheros Communications Inc
    2012-06-15 09:22 - 2012-06-15 09:25 - 00000000 ____D C:\Program Files (x86)\ASUS
    2012-06-15 09:22 - 2009-09-29 19:33 - 00024576 ___RA () C:\Windows\SysWOW64\AsIO.dll
    2012-06-15 09:22 - 2009-08-03 18:28 - 00013440 ___RA C:\Windows\SysWOW64\Drivers\AsIO.sys
    2012-06-15 09:22 - 2008-01-04 04:34 - 00011832 ____A C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
    2012-06-15 09:22 - 2008-01-04 04:34 - 00010216 ____A C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
    2012-06-15 09:20 - 2012-06-15 09:20 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
    2012-06-15 09:20 - 2011-04-20 01:24 - 00169584 ____A (Atheros Communications, Inc.) C:\Windows\System32\Drivers\L1C62x64.sys
    2012-06-15 09:18 - 2012-06-15 09:18 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
    2012-06-15 09:18 - 2012-06-15 09:18 - 00000000 ____D C:\Program Files\Realtek
    2012-06-15 09:17 - 2011-06-28 03:15 - 02905832 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
    2012-06-15 09:17 - 2011-06-28 02:08 - 01698408 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
    2012-06-15 09:17 - 2011-06-27 22:31 - 03115112 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
    2012-06-15 09:17 - 2011-06-27 21:17 - 02428520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
    2012-06-15 09:17 - 2011-06-27 03:19 - 00092264 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInst64.dll
    2012-06-15 09:17 - 2011-06-26 22:45 - 03768152 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
    2012-06-15 09:17 - 2011-06-26 22:44 - 02604376 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
    2012-06-15 09:17 - 2011-06-23 19:11 - 01474048 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
    2012-06-15 09:17 - 2011-06-13 03:04 - 01560680 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
    2012-06-15 09:17 - 2011-06-10 01:35 - 00603472 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT64.dll
    2012-06-15 09:17 - 2011-06-02 22:11 - 01805928 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
    2012-06-15 09:17 - 2011-05-30 17:42 - 01756264 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll
    2012-06-15 09:17 - 2011-05-30 17:42 - 01568360 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll
    2012-06-15 09:17 - 2011-05-30 17:42 - 01486952 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll
    2012-06-15 09:17 - 2011-05-30 17:42 - 00728680 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll
    2012-06-15 09:17 - 2011-05-30 17:42 - 00712296 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll
    2012-06-15 09:17 - 2011-05-30 17:42 - 00693352 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll
    2012-06-15 09:17 - 2011-05-30 17:42 - 00491112 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll
    2012-06-15 09:17 - 2011-05-30 17:42 - 00432744 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll
    2012-06-15 09:17 - 2011-05-30 17:42 - 00428648 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll
    2012-06-15 09:17 - 2011-05-30 17:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll
    2012-06-15 09:17 - 2011-05-30 17:42 - 00242792 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll
    2012-06-15 09:17 - 2011-05-30 17:42 - 00241768 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll
    2012-06-15 09:17 - 2011-05-23 01:12 - 01245288 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
    2012-06-15 09:17 - 2011-05-04 23:24 - 02085440 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
    2012-06-15 09:17 - 2011-05-04 22:15 - 00220512 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll
    2012-06-15 09:17 - 2011-05-04 22:14 - 00081248 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll
    2012-06-15 09:17 - 2011-05-04 22:14 - 00078176 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll
    2012-06-15 09:17 - 2011-05-01 22:27 - 03308376 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
    2012-06-15 09:17 - 2011-05-01 22:27 - 00426328 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
    2012-06-15 09:17 - 2011-05-01 22:27 - 00136024 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
    2012-06-15 09:17 - 2011-05-01 22:27 - 00118104 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
    2012-06-15 09:17 - 2011-05-01 22:27 - 00074072 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
    2012-06-15 09:17 - 2010-11-17 19:49 - 00121744 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
    2012-06-15 09:17 - 2010-11-07 15:31 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
    2012-06-15 09:17 - 2010-11-07 15:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
    2012-06-15 09:17 - 2010-11-07 15:31 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
    2012-06-15 09:17 - 2010-11-07 15:31 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
    2012-06-15 09:17 - 2010-11-07 15:31 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
    2012-06-15 09:17 - 2010-11-07 15:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
    2012-06-15 09:17 - 2010-11-03 02:31 - 00332392 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
    2012-06-15 09:17 - 2010-11-03 02:30 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
    2012-06-15 09:17 - 2010-10-02 21:46 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll
    2012-06-15 09:17 - 2010-09-26 17:34 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
    2012-06-15 09:17 - 2010-07-22 00:48 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
    2012-06-15 09:17 - 2010-07-22 00:37 - 00200800 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
    2012-06-15 09:17 - 2010-05-06 01:34 - 00334680 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
    2012-06-15 09:17 - 2009-11-23 17:55 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
    2012-06-15 09:17 - 2009-11-23 17:55 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
    2012-06-15 09:17 - 2009-11-23 17:55 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
    2012-06-15 09:17 - 2009-11-23 17:55 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
    2012-06-15 09:17 - 2009-11-18 02:42 - 02197264 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
    2012-06-15 09:17 - 2009-11-17 02:12 - 00108960 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
    2012-06-15 09:15 - 2012-06-15 09:25 - 00001769 ____A C:\Windows\Language_trs.ini
    2012-06-15 09:15 - 2012-06-15 09:15 - 00026533 ____A C:\Windows\Ascd_tmp.ini
    2012-06-15 08:19 - 2012-06-29 03:05 - 00003710 ____A C:\Users\Alan\AppData\Local\slot1.mm1
    2012-06-15 07:37 - 2009-11-29 20:38 - 68039036 ____A (Intel Corporation ) C:\Users\Alan\ITDirector_Setup.exe
    2012-06-15 04:05 - 2012-07-02 07:13 - 00000000 ___RD C:\Users\Alan\Dropbox
    2012-06-15 04:02 - 2012-07-02 07:13 - 00000000 ____D C:\Users\Alan\AppData\Roaming\Dropbox
  6. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Part 2

    ============ 3 Months Modified Files ========================

    2012-07-02 08:55 - 2012-03-08 06:30 - 01947253 ____A C:\Windows\WindowsUpdate.log
    2012-07-02 08:51 - 2009-07-13 21:13 - 00782922 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-02 08:51 - 2009-07-13 20:45 - 00023424 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-02 08:51 - 2009-07-13 20:45 - 00023424 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-02 08:50 - 2012-06-16 01:25 - 00002788 ____A C:\Windows\setupact.log
    2012-07-02 08:48 - 2012-06-25 12:43 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-02 07:41 - 2012-06-29 03:36 - 3477190656 ____A C:\Users\Alan\Downloads\Railworks3.iso
    2012-07-02 07:19 - 2012-03-15 05:45 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
    2012-07-02 07:11 - 2012-06-25 12:43 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-02 07:11 - 2012-06-16 01:25 - 00092190 ____A C:\Windows\PFRO.log
    2012-07-02 07:11 - 2012-03-13 02:54 - 00215115 ____A C:\Windows\System32\oodbs.lor
    2012-07-02 07:11 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-01 08:19 - 2012-07-01 08:19 - 00367272 ____A (RegNow.com) C:\Users\Alan\Downloads\Download_9.0.0.912sdasetup-regnow_201_Trial.exe
    2012-07-01 06:47 - 2012-05-10 07:23 - 00000400 ____A C:\Windows\System32\Wacom_Tablet.dat
    2012-06-29 03:05 - 2012-06-15 08:19 - 00003710 ____A C:\Users\Alan\AppData\Local\slot1.mm1
    2012-06-29 01:40 - 2012-04-23 02:34 - 00022080 ____A C:\Users\Alan\Documents\PerfectEffectsConduit.log
    2012-06-29 01:40 - 2012-04-23 02:34 - 00009768 ____A C:\Users\Alan\Documents\PerfectLayersConduit.log
    2012-06-29 01:40 - 2012-04-23 02:34 - 00006936 ____A C:\Users\Alan\Documents\PerfectPortraitConduit.log
    2012-06-29 01:40 - 2012-03-09 10:57 - 00007966 ____A C:\Users\Alan\Documents\PhotoFrameConduit.log
    2012-06-29 01:40 - 2012-03-09 10:57 - 00007754 ____A C:\Users\Alan\Documents\GenuineFractalsConduit.log
    2012-06-29 01:40 - 2012-03-09 10:57 - 00007622 ____A C:\Users\Alan\Documents\FocalPointConduit.log
    2012-06-26 08:15 - 2012-06-26 08:15 - 00065562 ____A C:\Users\Public\Documents\NETGEAR_DGN2200.cfg
    2012-06-26 07:41 - 2012-05-18 14:12 - 00001189 ____A C:\Windows\System32\Pen_Tablet.dat
    2012-06-23 08:46 - 2012-06-23 08:46 - 00000021 ____A C:\Windows\SurCode.INI
    2012-06-23 08:27 - 2012-06-23 08:27 - 00000000 ____A C:\Users\Alan\AppData\Local\history.txt
    2012-06-23 05:29 - 2012-06-23 05:29 - 00363856 ____A C:\Windows\Minidump\062312-20326-01.dmp
    2012-06-23 05:28 - 2012-06-23 05:28 - 594361677 ____A C:\Windows\MEMORY.DMP
    2012-06-22 13:59 - 2012-03-08 09:43 - 00129080 ____A C:\Users\Alan\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-22 13:59 - 2009-07-13 20:45 - 05087472 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-21 08:22 - 2012-06-21 08:22 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-06-21 08:22 - 2012-06-21 08:22 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-06-21 08:22 - 2012-06-21 08:22 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-06-21 08:22 - 2012-06-21 08:22 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-06-21 08:22 - 2012-06-21 08:22 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-06-21 08:20 - 2012-06-21 08:20 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-06-21 08:20 - 2012-06-21 08:20 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-06-21 08:20 - 2012-06-21 08:20 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-21 08:20 - 2012-06-21 08:20 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-21 08:20 - 2012-04-05 05:34 - 00687600 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-06-21 08:10 - 2012-03-15 05:45 - 00006284 ____A C:\Windows\System32\lvcoinst.log
    2012-06-21 07:48 - 2012-04-05 05:04 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-21 07:48 - 2012-03-09 10:34 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-15 09:25 - 2012-06-15 09:15 - 00001769 ____A C:\Windows\Language_trs.ini
    2012-06-15 09:15 - 2012-06-15 09:15 - 00026533 ____A C:\Windows\Ascd_tmp.ini
    2012-06-15 07:15 - 2012-03-08 07:13 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-05 08:39 - 2012-06-22 12:52 - 02674800 ____A (Sysinternals - www.sysinternals.com) C:\Users\Alan\Desktop\procexp.exe
    2012-06-02 14:19 - 2012-06-21 07:27 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 07:27 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 07:27 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 07:27 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 07:27 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 07:27 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 07:27 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 06:19 - 2012-06-21 07:27 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 06:15 - 2012-06-21 07:27 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-19 02:06 - 2012-05-19 02:06 - 00000000 ____A C:\Windows\setuperr.log
    2012-05-17 07:02 - 2012-05-17 07:02 - 00000000 ____A C:\Users\Alan\AppData\Local\jv16PT_temp.tmp
    2012-05-17 07:02 - 2012-03-09 10:57 - 00002327 ____A C:\Users\Alan\Documents\License.xbin
    2012-05-15 00:00 - 2012-07-01 00:50 - 03314590 ____A C:\Users\Alan\Downloads\FSC92Update.zip
    2012-05-14 20:01 - 2012-06-15 09:43 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 19:59 - 2012-06-15 09:43 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 19:03 - 2012-06-15 09:43 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 19:00 - 2012-06-15 09:43 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-14 17:32 - 2012-06-15 09:43 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-11 10:53 - 2012-05-11 10:53 - 00006684 ____A C:\Users\Public\Documents\fsx.cfg.txt
    2012-05-11 08:30 - 2012-05-11 08:02 - 00044335 ____A C:\Windows\SysWOW64\unins000.dat
    2012-05-11 08:29 - 2012-05-11 08:02 - 00789050 ____A C:\Windows\SysWOW64\unins000.exe
    2012-05-09 10:06 - 2012-05-09 10:06 - 00215644 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-05-06 01:57 - 2012-05-06 01:56 - 00000625 ____A C:\Users\Public\Documents\OPTIMIZE.reg
    2012-05-04 03:06 - 2012-06-15 09:43 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-15 09:43 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-15 09:43 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-03 07:22 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-05-01 10:39 - 2012-03-23 04:13 - 00002648 ____A C:\Windows\System32\GacelaLSPServiceOff.ini
    2012-04-30 21:40 - 2012-06-16 01:33 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-27 19:55 - 2012-06-15 09:43 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:41 - 2012-06-15 09:43 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-15 09:43 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-15 09:43 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 08:53 - 2012-03-16 14:22 - 00764302 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-04-24 08:44 - 2012-04-24 08:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-04-23 21:37 - 2012-06-16 01:33 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-16 01:33 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-16 01:33 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-16 01:33 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-16 01:33 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-16 01:33 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-19 21:42 - 2012-06-15 09:43 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-04-19 21:42 - 2012-06-15 09:43 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-04-19 21:42 - 2012-06-15 09:43 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-04-19 21:42 - 2012-06-15 09:43 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-04-19 21:42 - 2012-06-15 09:43 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-04-19 21:42 - 2012-06-15 09:43 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-04-19 21:42 - 2012-06-15 09:43 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-04-19 21:42 - 2012-06-15 09:43 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-04-19 21:00 - 2012-06-15 09:43 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-04-19 21:00 - 2012-06-15 09:43 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-04-19 20:57 - 2012-06-15 09:43 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-04-19 20:57 - 2012-06-15 09:43 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-04-19 20:57 - 2012-06-15 09:43 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-04-19 20:56 - 2012-06-15 09:43 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-04-19 20:56 - 2012-06-15 09:43 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-04-19 20:56 - 2012-06-15 09:43 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-04-19 19:45 - 2012-06-15 09:43 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-04-19 19:16 - 2012-06-15 09:43 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-04-18 11:56 - 2012-04-18 11:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
    2012-04-18 11:56 - 2012-04-18 11:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
    2012-04-17 09:07 - 2009-07-13 18:34 - 00000553 ____A C:\Windows\win.ini
    2012-04-16 21:31 - 2012-06-16 01:33 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-04-16 20:34 - 2012-06-16 01:33 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-04-16 11:29 - 2012-03-20 04:24 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-04-16 11:29 - 2012-03-20 04:24 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-04-16 11:29 - 2012-03-20 04:24 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-04-16 11:29 - 2012-03-20 04:24 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-04-07 04:31 - 2012-06-16 01:33 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-16 01:33 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-05 21:22 - 2012-04-05 21:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-04-05 18:23 - 2012-04-05 18:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
    2012-04-05 18:22 - 2012-04-05 18:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-04-05 18:21 - 2012-02-14 19:18 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-04-05 18:20 - 2011-04-19 18:07 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-04-05 18:16 - 2012-04-05 18:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-04-05 18:16 - 2012-04-05 18:16 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-04-05 18:16 - 2012-04-05 18:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-04-05 18:14 - 2012-04-05 18:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-04-05 18:14 - 2012-04-05 18:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-04-05 18:14 - 2012-04-05 18:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-04-05 18:14 - 2012-04-05 18:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-04-05 18:13 - 2011-04-19 17:59 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-04-05 18:10 - 2012-04-05 18:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-04-05 18:00 - 2011-04-19 17:27 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
    2012-04-05 17:54 - 2011-04-19 17:49 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-04-05 17:50 - 2012-04-05 17:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-04-05 17:35 - 2012-04-05 17:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
    2012-04-05 17:34 - 2012-04-05 17:34 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-04-05 17:34 - 2012-04-05 17:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
    2012-04-05 17:34 - 2012-02-14 18:34 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-04-05 17:30 - 2012-04-05 17:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-04-05 17:29 - 2012-04-05 17:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-04-05 17:29 - 2012-04-05 17:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
    2012-04-05 17:25 - 2012-04-05 17:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-04-05 17:23 - 2012-04-05 17:23 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-04-05 17:22 - 2012-02-14 18:29 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-04-05 17:21 - 2012-04-05 17:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-04-05 17:11 - 2012-04-05 17:11 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-04-05 17:11 - 2012-04-05 17:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-04-05 17:10 - 2012-04-05 17:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-04-05 17:10 - 2012-04-05 17:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-04-05 17:09 - 2012-04-05 17:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-04-05 17:09 - 2012-04-05 17:09 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-04-05 17:09 - 2012-02-14 18:12 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-04-05 17:09 - 2011-04-19 17:21 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-04-05 17:09 - 2011-04-19 17:21 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-04-05 17:06 - 2012-04-05 17:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-04-05 13:34 - 2012-04-05 13:34 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-04-05 13:34 - 2012-04-05 13:34 - 00074752 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-04-05 13:34 - 2012-04-05 13:34 - 00064512 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-04-05 13:33 - 2012-04-05 13:33 - 16457216 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-04-05 13:33 - 2012-04-05 13:33 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-04-05 13:33 - 2012-04-05 13:33 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-04-05 13:32 - 2012-04-05 13:32 - 13007872 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-04-05 01:50 - 2012-04-05 01:50 - 00093696 ____A C:\Users\Alan\AppData\Roaming\ezpinst.exe
    2012-04-05 01:50 - 2012-04-05 01:50 - 00082048 ____A (VSO Software) C:\Windows\System32\Drivers\pcouffin.sys
    2012-04-05 01:50 - 2012-04-05 01:50 - 00082048 ____A (VSO Software) C:\Users\Alan\AppData\Roaming\pcouffin.sys
    2012-04-05 01:50 - 2012-04-05 01:50 - 00007176 ____A C:\Users\Alan\AppData\Roaming\pcouffin.cat
    2012-04-05 01:50 - 2012-04-05 01:50 - 00000034 ____A C:\Users\Alan\AppData\Roaming\pcouffin.log
    2012-04-05 01:50 - 2012-04-05 01:50 - 00000014 ____A C:\Windows\SysWOW64\systeminfo3.dll

    ZeroAccess:
    C:\Windows\Installer\{8358e914-1635-37a8-1458-419ac6f00862}
    C:\Windows\Installer\{8358e914-1635-37a8-1458-419ac6f00862}\@
    C:\Windows\Installer\{8358e914-1635-37a8-1458-419ac6f00862}\L
    C:\Windows\Installer\{8358e914-1635-37a8-1458-419ac6f00862}\U
    C:\Windows\Installer\{8358e914-1635-37a8-1458-419ac6f00862}\L\00000004.@
    C:\Windows\Installer\{8358e914-1635-37a8-1458-419ac6f00862}\L\55490ac4
    C:\Windows\Installer\{8358e914-1635-37a8-1458-419ac6f00862}\U\00000004.@
    C:\Windows\Installer\{8358e914-1635-37a8-1458-419ac6f00862}\U\000000cb.@
    C:\Windows\Installer\{8358e914-1635-37a8-1458-419ac6f00862}\U\80000000.@
    C:\Windows\Installer\{8358e914-1635-37a8-1458-419ac6f00862}\U\80000032.@
    C:\Windows\Installer\{8358e914-1635-37a8-1458-419ac6f00862}\U\80000064.@

    ZeroAccess:
    C:\Users\Alan\AppData\Local\{8358e914-1635-37a8-1458-419ac6f00862}
    C:\Users\Alan\AppData\Local\{8358e914-1635-37a8-1458-419ac6f00862}\@
    C:\Users\Alan\AppData\Local\{8358e914-1635-37a8-1458-419ac6f00862}\L
    C:\Users\Alan\AppData\Local\{8358e914-1635-37a8-1458-419ac6f00862}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 10%
    Total physical RAM: 8191.12 MB
    Available physical RAM: 7313.37 MB
    Total Pagefile: 8189.27 MB
    Available Pagefile: 7309.8 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:162.91 GB) (Free:53.75 GB) NTFS
    2 Drive d: (FSX) (Fixed) (Total:74.53 GB) (Free:52.42 GB) NTFS
    3 Drive e: (Graphics) (Fixed) (Total:97.66 GB) (Free:54.93 GB) NTFS
    4 Drive f: (Games) (Fixed) (Total:97.66 GB) (Free:81.59 GB) NTFS
    5 Drive g: (Flightsims) (Fixed) (Total:107.43 GB) (Free:78.9 GB) NTFS
    6 Drive I: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    7 Drive j: () (Removable) (Total:7.45 GB) (Free:3.62 GB) FAT32
    8 Drive k: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:53.64 GB) NTFS
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 74 GB 1024 KB
    Disk 2 Online 7629 MB 0 B
    Disk 3 Online 465 GB 1024 KB

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 162 GB 101 MB
    Partition 0 Extended 302 GB 163 GB
    Partition 3 Logical 97 GB 163 GB
    Partition 4 Logical 97 GB 260 GB
    Partition 5 Logical 107 GB 358 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 162 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Graphics NTFS Partition 97 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F Games NTFS Partition 97 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 5
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 G Flightsims NTFS Partition 107 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 74 GB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 D FSX NTFS Partition 74 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7629 MB 16 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 J FAT32 Removable 7629 MB Healthy

    ==================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 31 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K FreeAgent D NTFS Partition 465 GB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-06-29 04:58

    ======================= End Of Log ==========================
  7. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
  8. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Here is the log file

    Farbar Recovery Scan Tool Version: 03-07-2012
    Ran by SYSTEM at 2012-07-03 16:47:55
    Running from J:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
  9. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  10. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Here is the fixlog...

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 03-07-2012
    Ran by SYSTEM at 2012-07-04 10:49:42 Run:1
    Running from J:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{8358e914-1635-37a8-1458-419ac6f00862} moved successfully.
    C:\Users\Alan\AppData\Local\{8358e914-1635-37a8-1458-419ac6f00862} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  11. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    ....and here is the Combofix log...

    ComboFix 12-07-02.01 - Alan 07/04/2012 11:10:33.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8191.6701 [GMT 1:00]
    Running from: c:\users\Alan\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Windows12111_ConfigRepository.bin
    c:\users\Alan\AppData\Local\Temp\AQOle32.dll
    c:\users\Alan\AppData\Local\Temp\AQShell32.dll
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\SysWow64\ijl11.dll
    c:\windows\SysWow64\muzapp.exe
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
    c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-04 10:38 . 2012-07-04 10:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-04 09:36 . 2012-07-04 09:36 -------- d-----w- c:\windows\Sun
    2012-07-03 19:26 . 2012-05-25 16:09 29312 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll
    2012-07-03 02:01 . 2012-07-03 02:01 -------- d-----w- C:\FRST
    2012-07-02 17:15 . 2012-07-02 17:15 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-01 16:49 . 2012-07-02 19:27 -------- d-----w- c:\programdata\Esellerate
    2012-07-01 16:22 . 2012-07-01 16:23 -------- d-----w- c:\users\Alan\AppData\Roaming\GetRightToGo
    2012-06-30 19:14 . 1998-06-24 16:57 57880 ----a-w- c:\windows\SysWow64\SPIN32.OCX
    2012-06-30 19:14 . 2009-11-28 15:17 233472 ----a-w- c:\windows\SysWow64\sevXPCtl.ocx
    2012-06-30 19:14 . 2006-05-31 15:35 190464 ----a-w- c:\windows\SysWow64\sevImLib.dll
    2012-06-30 19:14 . 2009-11-29 12:11 294400 ----a-w- c:\windows\SysWow64\sevEin20.ocx
    2012-06-30 19:14 . 2009-11-28 15:16 141824 ----a-w- c:\windows\SysWow64\sevCmd3.ocx
    2012-06-30 19:14 . 2009-11-28 15:14 115712 ----a-w- c:\windows\SysWow64\sevClb20.ocx
    2012-06-30 19:14 . 1998-07-06 00:00 6656 ----a-w- c:\windows\SysWow64\STDFTDE.DLL
    2012-06-30 19:14 . 2010-03-28 10:58 93696 ----a-w- c:\windows\SysWow64\sevCmd3.oca
    2012-06-30 19:14 . 2002-07-26 14:02 26000 ----a-w- c:\windows\SysWow64\CTL3D.dll
    2012-06-30 19:14 . 1998-07-05 21:00 14336 ----a-w- c:\windows\SysWow64\MSCOMDE.DLL
    2012-06-30 17:10 . 2012-06-30 17:10 -------- d-----w- c:\users\Alan\AppData\Local\WoS3
    2012-06-29 15:29 . 2012-06-29 15:29 -------- d-----w- C:\Aerosoft
    2012-06-25 20:43 . 2012-06-25 20:44 -------- d-----w- c:\users\Alan\AppData\Local\Google
    2012-06-25 20:43 . 2012-06-25 20:44 -------- d-----w- c:\program files (x86)\Google
    2012-06-23 20:40 . 2012-06-23 20:40 -------- d-----w- c:\users\Alan\AppData\Local\Garmin
    2012-06-23 20:39 . 2012-06-23 20:39 -------- d-----w- c:\users\Alan\AppData\Local\GARMIN_Corp
    2012-06-23 16:46 . 2012-06-23 16:46 -------- d-----w- c:\users\Alan\AppData\Roaming\PACE Anti-Piracy
    2012-06-23 16:46 . 2012-06-23 16:46 -------- d-----w- c:\programdata\PACE Anti-Piracy
    2012-06-23 16:46 . 2012-06-23 16:46 -------- d-----w- c:\users\Alan\AppData\Local\PACE Anti-Piracy
    2012-06-23 16:46 . 2012-06-23 16:46 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
    2012-06-23 14:32 . 2012-06-23 14:32 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-06-23 14:32 . 2012-06-23 14:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-06-23 14:32 . 2012-06-23 14:32 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-06-23 13:03 . 2012-06-23 13:03 -------- d-----w- c:\users\Alan\AppData\Roaming\Ipsos Panel Plus
    2012-06-23 13:03 . 2012-06-23 13:03 -------- d-----w- c:\users\Alan\AppData\Local\Ipsos Panel Plus
    2012-06-22 21:49 . 2012-06-22 21:49 -------- d-----w- c:\programdata\ALM
    2012-06-22 21:45 . 2012-06-22 21:45 -------- d-----w- c:\users\Alan\Adobe Flash Builder 4.6
    2012-06-22 21:39 . 2011-10-17 02:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
    2012-06-22 21:39 . 2011-10-17 02:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
    2012-06-22 21:39 . 2012-06-22 21:39 -------- d-----w- c:\program files (x86)\My Company Name
    2012-06-22 18:24 . 2012-06-22 18:24 -------- d-----w- c:\users\Alan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2012-06-22 18:24 . 2012-06-22 18:24 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
    2012-06-22 18:24 . 2012-06-22 18:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2012-06-22 15:59 . 2012-06-22 15:59 -------- d-----w- c:\users\Alan\AppData\Local\IsolatedStorage
    2012-06-22 15:59 . 2012-06-23 16:16 -------- d-----w- c:\program files (x86)\Better Explorer
    2012-06-22 15:47 . 2012-06-22 15:47 -------- d-----w- c:\users\Alan\AppData\Local\VS Revo Group
    2012-06-22 15:47 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-06-22 15:47 . 2012-06-22 15:47 -------- d-----w- c:\program files\VS Revo Group
    2012-06-21 16:22 . 2012-06-21 16:22 839096 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-21 16:22 . 2012-06-21 16:22 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-06-21 16:22 . 2012-06-21 16:22 -------- d-----w- c:\program files\Java
    2012-06-21 16:21 . 2012-06-21 16:21 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-06-21 16:20 . 2012-06-21 16:20 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-06-21 16:20 . 2012-06-21 16:20 -------- d-----w- c:\program files (x86)\Java
    2012-06-21 15:27 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 15:27 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 15:27 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 15:27 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 15:27 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 15:27 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 15:27 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 15:27 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 15:27 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-20 18:46 . 2012-06-20 18:46 -------- d-----w- c:\program files\iPod
    2012-06-20 18:46 . 2012-06-20 18:47 -------- d-----w- c:\program files\iTunes
    2012-06-20 18:46 . 2012-06-20 18:47 -------- d-----w- c:\program files (x86)\iTunes
    2012-06-19 16:14 . 2012-06-19 16:14 -------- d-----w- c:\users\Alan\AppData\Roaming\Canon
    2012-06-17 10:15 . 2012-06-17 10:15 -------- d-----w- c:\users\Alan\AppData\Roaming\Adobe Mini Bridge CS5
    2012-06-16 10:18 . 2012-06-16 10:18 -------- d-----w- c:\users\Alan\AppData\Local\Macromedia
    2012-06-16 10:14 . 2012-06-16 10:14 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-16 10:14 . 2012-06-16 10:14 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-16 09:33 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-16 09:33 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-16 09:33 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-16 09:33 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-16 09:33 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-16 09:33 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-16 09:33 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-16 09:33 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-16 09:33 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-15 17:27 . 2012-06-15 17:27 -------- d-----w- c:\users\Alan\AppData\Roaming\DAEMON Tools Pro
    2012-06-15 17:27 . 2012-06-15 17:27 -------- d-----w- c:\programdata\DAEMON Tools Pro
    2012-06-15 17:25 . 2012-06-15 17:25 -------- d-----w- c:\programdata\ASUS OC Profiles
    2012-06-15 17:25 . 2012-06-15 17:25 -------- d-----w- c:\program files (x86)\Atheros Communications Inc
    2012-06-15 17:22 . 2009-09-30 03:33 24576 ----a-r- c:\windows\SysWow64\AsIO.dll
    2012-06-15 17:22 . 2009-08-04 02:28 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
    2012-06-15 17:22 . 2012-06-15 17:25 -------- d-----w- c:\program files (x86)\ASUS
    2012-06-15 17:22 . 2008-01-04 12:34 11832 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
    2012-06-15 17:22 . 2008-01-04 12:34 10216 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
    2012-06-15 17:21 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-06-15 17:21 . 2001-09-05 03:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-06-15 17:21 . 2001-09-05 03:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-06-15 17:21 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-06-15 17:20 . 2011-04-20 09:24 169584 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
    2012-06-15 17:20 . 2012-06-15 17:20 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
    2012-06-15 17:18 . 2012-06-15 17:18 -------- d-----w- c:\program files\Realtek
    2012-06-15 17:18 . 2012-06-15 17:18 -------- d-----w- c:\windows\SysWow64\RTCOM
    2012-06-15 15:37 . 2009-11-30 04:38 68039036 ----a-w- c:\users\Alan\ITDirector_Setup.exe
    2012-06-15 12:05 . 2012-07-04 09:51 -------- d-----r- c:\users\Alan\Dropbox
    2012-06-15 12:02 . 2012-07-04 09:51 -------- d-----w- c:\users\Alan\AppData\Roaming\Dropbox
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-21 16:20 . 2012-04-05 13:34 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-06-21 15:48 . 2012-04-05 13:04 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-21 15:48 . 2012-03-09 18:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-17 15:02 . 2012-05-17 15:02 0 ----a-w- c:\users\Alan\AppData\Local\jv16PT_temp.tmp
    2012-05-11 16:29 . 2012-05-11 16:02 789050 ----a-w- c:\windows\SysWow64\unins000.exe
    2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2012-04-16 19:29 . 2012-03-20 12:24 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-04-16 19:29 . 2012-03-20 12:24 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-04-16 19:29 . 2012-03-20 12:24 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-04-16 19:29 . 2012-03-20 12:24 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-04-06 02:21 . 2012-02-15 03:18 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-04-06 02:20 . 2011-04-20 02:07 1067520 ----a-w- c:\windows\system32\aticfx64.dll
    2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
    2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13 . 2011-04-20 01:59 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
    2012-04-06 02:00 . 2011-04-20 01:27 64000 ----a-w- c:\windows\system32\coinst.dll
    2012-04-06 01:54 . 2011-04-20 01:49 7479296 ----a-w- c:\windows\system32\atidxx64.dll
    2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
    2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-04-06 01:34 . 2012-02-15 02:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
    2012-04-06 01:22 . 2012-02-15 02:29 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-04-06 01:09 . 2011-04-20 01:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-04-06 01:09 . 2011-04-20 01:21 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-04-06 01:09 . 2012-02-15 02:12 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-04-05 21:34 . 2012-04-05 21:34 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-04-05 21:34 . 2012-04-05 21:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-04-05 21:34 . 2012-04-05 21:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-04-05 21:33 . 2012-04-05 21:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-04-05 21:33 . 2012-04-05 21:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-04-05 21:33 . 2012-04-05 21:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
    2012-04-05 21:32 . 2012-04-05 21:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 94208 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NextSTART"="c:\program files (x86)\Winstep\nextstart.exe" [2012-03-28 7789184]
    "Workshelf"="c:\program files (x86)\Winstep\workshelf.exe" [2012-03-28 19256448]
    "DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-05-31 4480456]
    "Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-06-16 109336]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
    "BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-05-07 1073312]
    .
    c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    "OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "Adobe Acrobat Speed Launcher"="d:\adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 116648]
    R2 IpsosLSPService;IpsosLSPService;c:\program files (x86)\IpsosLSPService\IpsosLSPService.exe [x]
    R2 nuragoLSPService;nuragoLSPService;c:\program files (x86)\nuragoLSPService\nuragoLSPService.exe [x]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 116648]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
    R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
    R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
    R3 RoxMediaDB11;RoxMediaDB11;c:\program files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-05-20 1128944]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-08 1255736]
    R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
    S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
    S2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [2012-01-07 4660664]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-10-24 66560]
    S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-09-30 3140424]
    S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 5556520]
    S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-01-07 5876008]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864]
    S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
    S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
    S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\DRIVERS\chdrvr01.sys [2011-05-20 251224]
    S3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\DRIVERS\chdrvr02.sys [2011-05-20 13016]
    S3 chdrvr03;chdrvr03;c:\windows\system32\DRIVERS\chdrvr03.sys [2011-05-20 17496]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-04-05 82048]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-06-20 14:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 20:43]
    .
    2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 20:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 97792 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 97792 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 97792 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:32 97792 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-09-30 4042568]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.talktalk.net/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Free YouTube to iPod Converter - c:\users\Alan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{7656D45F-1F58-478B-8574-9DE899BF6757}: NameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\1pj8m3af.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - www.talktalk.co.uk
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-FS2Crew 2010: Default 737 Voice Commander Edition SP1 - 0:\microsoft\unFS2Crew2010_FSX_Default737.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
    "ImagePath"="c:\program files (x86)\Winstep\WsxService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:83,46,05,f7,18,10,e7,71,b6,1c,e8,e5,a5,03,b1,28,7a,2f,48,e2,b9,
    6d,a1,cf,d5,88,29,1f,b1,5f,54,da,5e,b1,46,4f,60,be,1c,ed,f2,ef,a6,f5,83,4f,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG14.00.00.01PROFESSIONAL"="950C0CCDAF9215803A5631C8B292D7EFE70BE0CA860367A21CC47BAE1430540D00F8DB37A314B6640B01C0C530647DA1F92E0CA6853298111A74CE69B0976679631F244DC27A814BD9155CBC5ED24C61CFB301529A12DA58E631957CB30A276F6B93419E08EF92F7FABA2FD16C6B3DDC82F553ABCBB0282FFEA3739D1734ACCD9AF1045804643E16151E544DA07C01A6FBCF8EB4B35FABAEB17AFDA76A09BFD74658AFD05A8B89AF236EDE1E541B7AB2FC233112FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B555A6A0AC4980AC793319A57CBEB881CCE6130D1BDB97F637C0BC5D710A5E5F15F508416F258937A79457631A9670AFA299D1FA605943C6F03EFAE83E12D3E438CF2D6833A8A91F391852CE06836D767D5DF857D8C1A22DD26AB1FE10162DB41627C2FB80A1AC1CD0C426B37CEA221AA7775A4D21E16B261443064D806C081972D462490F0D36675DE982207195D6685CCF5D4E096A29AC5E6A3445DA4F545E8452BDE2484FB9BF447C2CE70BB0A431CEF2F80D1271BDC0CE26881BA15DD6D5F6C0169EC7B003E95B93FBA2A3CAFAC7A114BC83F56FDB6878E0664887192A576960C316615B2FA9706B5D2AC9D91D03EF05C7EB9EC20A2C61A6C20AF668B8BBED9A31281ADFAFCB4465D11F403521BEC5C14F48ACACA518032BAAE10B96445F8C77DE77A9B0C91E88026B637D19715BA3E39E5CF1D15E3DCB443915145162A5BFA85FE97F25987266EBD39DAB27CD3CFEAF11AEF7BC372F1EE9A2AB172BFA7376005928BD798A21F96EC7BB2A63C8C8C1081A8D7ADA0888CEBC2DF2CC9BC93294F3882237CCDE0453F817EA0BB549ECC876BC8766FBFD6429FBB27DA1FA624F6F1FBC0AF7222C797620269D14EA0A1863A713F1E15617E3EA10A19FB588A63D5441D8D4BB61DDE45A9B6C8C40B2993ED86CC9634405A7ACC502FAF1DE68517100BDD3BCF555AFAB6CC5F7B23FA2D95660B924B9968358655FFD5652241E6D65279A3AC1C9AD35B98CA0E6CDF13203DC29A875151BB223BBD2585E624296DD967082A9A2937E53FC0FCFEEE170BD1FD1D0F5A7D7C45AD960AD06D086AA9ED5077646D5E95EBD42683A9A57B703868DB7F082B82BB9A19E8871A000E681695F3CC7D5075EEC4992734CECFD58AA3000960E53B87CD6966AEC146651F11E0C5640E8C9188EB45DA517735651929944FEF928114E792B2B88C701B8C0D90E036A9F50DCF64E5E1F2FD3558BD77BB42DE3722F0AB019FAB4185D159E5B11132BA26C67EE28B249963A2A08E3A76897BD5D1287ACAE11BC6C8E6F23C0C3539FC7563E8F804495052D25A219DB6DF510A76FF10C10A95E1C6FB1C8EFEE2F1CDD7E342B9B3B7395D7B4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:83,46,05,f7,18,10,e7,71,b6,1c,e8,e5,a5,03,b1,28,7a,2f,48,e2,b9,
    6d,a1,cf,d5,88,29,1f,b1,5f,54,da,5e,b1,46,4f,60,be,1c,ed,f2,ef,a6,f5,83,4f,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Winstep\WsxService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-04 11:45:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-04 10:45
    .
    Pre-Run: 56,198,746,112 bytes free
    Post-Run: 56,839,507,968 bytes free
    .
    - - End Of File - - 145D3C19B7FA66F6F831DFD2E7068FED
     
  12. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Looks good :)

    How is computer doing?

    =======================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Here is the MBAM log....

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.04.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Alan :: ALAN-PC [administrator]

    7/4/2012 18:42:37
    mbam-log-2012-07-04 (18-42-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 219452
    Time elapsed: 3 minute(s), 24 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  14. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    ...and the otl logs...

    OTL Extras logfile created on: 7/4/2012 18:49:55 - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Alan\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 82.95% Memory free
    16.00 Gb Paging File | 13.69 Gb Available in Paging File | 85.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 162.91 Gb Total Space | 58.89 Gb Free Space | 36.15% Space Free | Partition Type: NTFS
    Drive D: | 97.66 Gb Total Space | 54.93 Gb Free Space | 56.24% Space Free | Partition Type: NTFS
    Drive E: | 97.66 Gb Total Space | 81.60 Gb Free Space | 83.56% Space Free | Partition Type: NTFS
    Drive F: | 107.43 Gb Total Space | 78.97 Gb Free Space | 73.51% Space Free | Partition Type: NTFS
    Drive H: | 74.53 Gb Total Space | 52.05 Gb Free Space | 69.84% Space Free | Partition Type: NTFS
    Drive I: | 465.76 Gb Total Space | 60.15 Gb Free Space | 12.92% Space Free | Partition Type: NTFS
    Drive J: | 1.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive N: | 7.45 Gb Total Space | 3.62 Gb Free Space | 48.68% Space Free | Partition Type: FAT32

    Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- D:\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- D:\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
    "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
    "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
    "{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8027B1DD-D875-4315-8FE9-B2CFDD1BB8F1}" = O&O Defrag Professional
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BBA6F77-4A79-4E90-BD82-E24669ACF221}" = Adobe Photoshop Lightroom 3.4.1 64-bit
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95140000-0080-0409-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bit
    "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit
    "98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
    "BC7539F791AC3D28E46D2D6FE03A37D6A20DAF59" = Windows Driver Package - Roxio Technology (USB28xxBGA) Media (04/16/2009 5.2009.0416.0)
    "CanonMyPrinter" = Canon My Printer
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
    "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
    "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
    "{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F95C156-BE36-4D73-B22F-BDE3538B09A8}" = FS Recorder 2.01 for FSX
    "{20708FD5-E94D-4097-A21E-E28564CDBC06}" = PMDG 737 8900 NGX
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = Roxio Easy VHS to DVD Content
    "{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}" = Garmin BaseCamp
    "{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
    "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
    "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
    "{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
    "{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Easy VHS to DVD
    "{35FB2819-E6E6-496C-BF43-C60CA67589D6}" = FlightSim Commander
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3D294F77-AD11-45A5-B56B-E0D9C63C21FF}" = World of Subways Vol. 3
    "{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
    "{424230DD-0906-47C3-8646-980393CD569E}" = Roxio Video Capture USB
    "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
    "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
    "{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
    "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
    "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
    "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
    "{59679381-3F22-4A40-A7AD-890242D74DF4}" = Perfect Photo Suite 6
    "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
    "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
    "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
    "{6228F997-1ADC-4F11-B8EB-62C12B14417A}" = Kindlean
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
    "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
    "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
    "{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}" = Garmin WebUpdater
    "{6D592E30-11EC-11E0-859C-0013D3D69929}" = Vegas Pro 10.0
    "{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{714E340C-07FF-4764-BD2A-A5F4AA680F8B}" = Ipsos Panel Plus
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{78456F0E-278E-4C0D-8B64-2B0151248CA3}" = Active Sky Advanced
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Easy VHS to DVD
    "{79E06DF1-24FE-11E1-913F-F04DA23A5C58}" = DVD Architect Studio 5.0
    "{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
    "{7D5F8291-24FE-11E1-BCE5-F04DA23A5C58}" = MSVCRT Redists
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
    "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
    "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
    "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
    "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
    "{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9C7C8A6-22A5-2012-8E5A-F77D709A9489}_is1" = Active Sky 2012
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{B6D0F294-B844-4FAF-9993-FAC10E9E0F94}" = AlacrityPC
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B7057895-A93D-44D6-B87A-D3C1FCF28E01}" = FS Flight Keeper
    "{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}" = Turbo Key
    "{B8D92680-34AC-4B76-8D95-7E95B11B5121}" = Perfect Effects 3 Free
    "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
    "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
    "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
    "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
    "{D186EE99-F905-4F87-B188-01D60D8FF1B3}" = Just Flight - Traffic X
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
    "{D7782BD1-CD9A-0A73-083F-CB9779A17825}" = Adobe® Content Viewer
    "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DED0C604-C479-4F8D-B48C-1D1F4D545C91}" = PowerDesk 8
    "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
    "{E40D6E16-6D7D-4AF3-9E13-B3A308571E81}" = Roxio Easy VHS to DVD
    "{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
    "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
    "{EACCC991-8E8C-4397-8854-349506741FC9}" = FileMaker Pro 11
    "{EACCC991-8E8C-4397-8854-349506741FC9}_FileMaker" = FileMaker Pro 11
    "{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher
    "{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
    "{F8829029-57C4-4260-A427-41BB3991DAD5}" = RedShift 5.1
    "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
    "{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
    "Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AI RoboForm" = RoboForm 7-7-8-8 (All Users)
    "Alter Ego_is1" = Alter Ego
    "B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 4.0.1
    "Better Explorer" = Better Explorer
    "Better Explorer Beta 1" = Better Explorer Beta 1
    "Between the Worlds 1.00" = Between the Worlds 1.00
    "Call of Duty" = Call of Duty
    "Canon MP610 series User Registration" = Canon MP610 series User Registration
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "CHControlManager_is1" = CH Control Manager Software
    "CleanMem" = CleanMem
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.dmp.contentviewer" = Adobe® Content Viewer
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.adobe.WidgetBrowser" = Adobe Widget Browser
    "DVA ACARS 2" = Delta Virtual Airlines ACARS 2.2
    "DVA FS2006 B737" = Delta Virtual Airlines 737 (FSX)
    "DVA FS2006 B737NG" = Delta Virtual Airlines 737NG (FSX)
    "DVA FS2006 CRJ" = Delta Virtual Airlines CRJ (FSX)
    "DVAOnlineKit" = Online Flying Kit (FS)
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Elizabeth Find MD - Diagnosis Mystery 1.00" = Elizabeth Find MD - Diagnosis Mystery 1.00
    "Falcon BMS 4.32" = Falcon BMS 4.32
    "ffdshow_is1" = ffdshow v1.1.3572 [2010-09-13]
    "FlightBeam San Francisco International FSX 2.0.1_is1" = FlightBeam San Francisco International FSX 2.0.1
    "Football Manager 2011" = Football Manager 2011
    "Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.17.221
    "FreeArc" = FreeArc 0.666
    "FreeCommander_is1" = FreeCommander 2009.02b
    "FS2Crew 2010: Default 737 Voice Commander Edition SP1" = FS2Crew 2010: Default 737 Voice Commander Edition SP1
    "FS2Crew 2010: Default FSX 737 Voice Commander Edition" = FS2Crew 2010: Default FSX 737 Voice Commander Edition
    "FSDreamTeam Dallas/Fort Worth International FSX/P3D_is1" = FSDreamTeam Dallas/Fort Worth International FSX/P3D 2.0.3
    "FSDreamTeam Fort Lauderdale-Hollywood FSX/P3D_is1" = FSDreamTeam Fort Lauderdale-Hollywood FSX/P3D 1.4.1
    "FSDreamTeam JFK FSX/P3D_is1" = FSDreamTeam JFK FSX/P3D 1.2.5
    "FSDreamTeam Las Vegas McCarran FSX/P3D_is1" = FSDreamTeam Las Vegas McCarran FSX/P3D 1.1.1
    "FSDreamTeam Los Angeles International FSX/P3D_is1" = FSDreamTeam Los Angeles International FSX/P3D 1.4.2
    "FSDreamTeam OHareX 2.1_is1" = FSDreamTeam OHareX 2.0
    "FSFlyingSchool 2010" = FSFlyingSchool 2010
    "FSWidgets Electronic Flight Bag for FSX_is1" = FSWidgets - EFB for FSX
    "FSX Booster" = FSX Booster 4.6.0.0
    "Gadwin PrintScreen" = Gadwin PrintScreen
    "I am an Air Traffic Controller3" = I am an Air Traffic Controller3
    "Image Rescue 4_is1" = Image Rescue 4
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
    "jv16 PowerTools 2011" = jv16 PowerTools 2012
    "Legacy 7.5" = Legacy 7.5
    "Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "MainApp.exe_is1" = CloneDVD 4.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "McAfee Security Scan" = McAfee Security Scan Plus
    "MediaNavigation.CDLabelPrint" = CD-LabelPrint
    "Mozilla Firefox 13.0.1 (x86 en-GB)" = Mozilla Firefox 13.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
    "MSC" = McAfee AntiVirus Plus
    "Mystery Case Files Dire Grove Collectors Edition (Updated) 1.1.5" = Mystery Case Files Dire Grove Collectors Edition (Updated) 1.1.5
    "OpenAL" = OpenAL
    "Pen Tablet Driver" = Pen Tablet
    "Portforward Static IP Address" = Portforward Static IP Address 1.0.47
    "Radar Contact v4.2_is1" = Radar Contact Version 4.2
    "Radar Contact v4.3_is1" = Radar Contact Version 4.3
    "Real Color KLAX" = Real Color KLAX
    "Real Color MIAMI" = Real Color MIAMI
    "SimplatesX - Real IFR Approach Plates (Part 1 of 8)_is1" = SimplatesX - Real IFR Approach Plates for Use with Flight Simul
    "SimplatesX - Real IFR Approach Plates (Part 2 of 8)_is1" = SimplatesX - Real IFR Approach Plates for Use with Flight Simul
    "SimplatesX - Real IFR Approach Plates (Part 3 of 8)_is1" = SimplatesX - Real IFR Approach Plates for Use with Flight Simul
    "SimplatesX - Real IFR Approach Plates (Part 4 of 8)_is1" = SimplatesX - Real IFR Approach Plates for Use with Flight Simul
    "SimplatesX - Real IFR Approach Plates (Part 5 of 8)_is1" = SimplatesX - Real IFR Approach Plates for Use with Flight Simul
    "SimplatesX - Real IFR Approach Plates (Part 6 of 8)_is1" = SimplatesX - Real IFR Approach Plates for Use with Flight Simul
    "SimplatesX - Real IFR Approach Plates (Part 7 of 8)_is1" = SimplatesX - Real IFR Approach Plates for Use with Flight Simul
    "SimplatesX - Real IFR Approach Plates (Part 8 of 8)_is1" = SimplatesX - Real IFR Approach Plates for Use with Flight Simul
    "SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
    "TrueCrypt" = TrueCrypt
    "TuneUp Utilities 2011" = TuneUp Utilities 2011
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.1
    "Wacom Tablet Driver" = Wacom Tablet
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "WinRAR archiver" = WinRAR archiver
    "Winstep Xtreme_is1" = Winstep Xtreme 11.10
    "Xtreme FSX PC" = Xtreme FSX PC 2.6.0.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "KLAS add-on for Tower! 2011" = KLAS add-on for Tower! 2011
    "Tower! 2011 SP2" = Tower! 2011 SP2

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/1/2012 11:02:09 | Computer Name = Alan-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 13.0.1.4548 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 940 Start
    Time: 01cd579a2f12a71c Termination Time: 188 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: a6afcce5-c38d-11e1-98a5-5404a695ac17

    Error - 7/1/2012 12:02:43 | Computer Name = Alan-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mcagent.exe, version: 11.0.669.0, time
    stamp: 0x4f6a7b54 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0xcb4 Faulting
    application start time: 0x01cd579878c863be Faulting application path: C:\Program
    Files\McAfee.com\Agent\mcagent.exe Faulting module path: unknown Report Id: 30762c26-c396-11e1-98a5-5404a695ac17

    Error - 7/1/2012 12:24:16 | Computer Name = Alan-PC | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 754 Start
    Time: 01cd57986fc5ce5d Termination Time: 315 Application Path: C:\Windows\Explorer.EXE

    Report
    Id: 30d30761-c399-11e1-98a5-5404a695ac17

    Error - 7/2/2012 11:12:15 | Computer Name = Alan-PC | Source = TabletServiceWacom | ID = 0
    Description =

    Error - 7/2/2012 13:08:53 | Computer Name = Alan-PC | Source = TabletServiceWacom | ID = 0
    Description =

    Error - 7/2/2012 16:45:27 | Computer Name = Alan-PC | Source = VSS | ID = 8194
    Description =

    Error - 7/3/2012 12:06:25 | Computer Name = Alan-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: WoS3.exe, version: 0.0.0.0, time stamp:
    0x4da3191b Faulting module name: Game.vPlugin, version: 0.0.0.0, time stamp: 0x4dbfcf62
    Exception
    code: 0xc0000005 Fault offset: 0x00041893 Faulting process id: 0x16e0 Faulting application
    start time: 0x01cd5934a5748375 Faulting application path: E:\LU3\Bin\WoS3.exe Faulting
    module path: E:\LU3\Bin\Game.vPlugin Report Id: 09f6ea1a-c529-11e1-957d-5404a695ac17

    Error - 7/3/2012 15:01:07 | Computer Name = Alan-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: WoS3.exe, version: 0.0.0.0, time stamp:
    0x4da3191b Faulting module name: NxCharacter.dll, version: 2.8.3.21, time stamp:
    0x4b6665d9 Exception code: 0x40000015 Fault offset: 0x00008785 Faulting process id:
    0x174c Faulting application start time: 0x01cd59364a5b465f Faulting application path:
    E:\LU3\Bin\WoS3.exe Faulting module path: E:\LU3\Bin\NxCharacter.dll Report Id: 71bc7868-c541-11e1-957d-5404a695ac17

    Error - 7/3/2012 15:05:07 | Computer Name = Alan-PC | Source = VSS | ID = 8194
    Description =

    Error - 7/4/2012 06:50:49 | Computer Name = Alan-PC | Source = TabletServiceWacom | ID = 0
    Description =

    [ System Events ]
    Error - 7/4/2012 06:08:46 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7003
    Description = The McAfee Personal Firewall Service service depends the following
    service: MpsSvc. This service might not be installed.

    Error - 7/4/2012 06:26:51 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/4/2012 06:36:18 | Computer Name = Alan-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 7/4/2012 06:39:02 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/4/2012 06:40:29 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7000
    Description = The IpsosLSPService service failed to start due to the following error:
    %%2

    Error - 7/4/2012 06:40:29 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7000
    Description = The nuragoLSPService service failed to start due to the following
    error: %%2

    Error - 7/4/2012 06:40:40 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/4/2012 06:50:36 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7000
    Description = The IpsosLSPService service failed to start due to the following error:
    %%2

    Error - 7/4/2012 06:50:38 | Computer Name = Alan-PC | Source = Service Control Manager | ID = 7000
    Description = The nuragoLSPService service failed to start due to the following
    error: %%2

    Error - 7/4/2012 07:25:56 | Computer Name = Alan-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.


    < End of report >
  15. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    ...and otl...Part 1

    OTL logfile created on: 7/4/2012 18:49:55 - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Alan\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 82.95% Memory free
    16.00 Gb Paging File | 13.69 Gb Available in Paging File | 85.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 162.91 Gb Total Space | 58.89 Gb Free Space | 36.15% Space Free | Partition Type: NTFS
    Drive D: | 97.66 Gb Total Space | 54.93 Gb Free Space | 56.24% Space Free | Partition Type: NTFS
    Drive E: | 97.66 Gb Total Space | 81.60 Gb Free Space | 83.56% Space Free | Partition Type: NTFS
    Drive F: | 107.43 Gb Total Space | 78.97 Gb Free Space | 73.51% Space Free | Partition Type: NTFS
    Drive H: | 74.53 Gb Total Space | 52.05 Gb Free Space | 69.84% Space Free | Partition Type: NTFS
    Drive I: | 465.76 Gb Total Space | 60.15 Gb Free Space | 12.92% Space Free | Partition Type: NTFS
    Drive J: | 1.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive N: | 7.45 Gb Total Space | 3.62 Gb Free Space | 48.68% Space Free | Partition Type: FAT32

    Computer Name: ALAN-PC | User Name: Alan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/01 15:45:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Downloads\OTL.exe
    PRC - [2012/06/16 10:38:30 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2012/06/14 03:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/31 11:37:24 | 000,550,872 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
    PRC - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    PRC - [2012/03/28 16:04:32 | 019,256,448 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\WorkShelf.exe
    PRC - [2012/03/28 14:52:14 | 007,789,184 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\Nextstart.exe
    PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/10/24 21:15:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
    PRC - [2011/05/03 10:18:01 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
    PRC - [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\WsxService.exe
    PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2009/08/19 12:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/15 16:36:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/15 16:11:22 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/11 14:38:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/11 14:38:29 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/02/22 09:41:36 | 001,085,376 | ---- | M] () -- C:\Program Files (x86)\Winstep\wodTelnetDLX.dll
    MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/04/06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/03/22 19:30:56 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2012/01/07 09:16:52 | 004,660,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe -- (GsServer)
    SRV:64bit: - [2011/12/08 17:31:40 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
    SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)
    SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV:64bit: - [2010/09/30 13:30:10 | 003,140,424 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
    SRV:64bit: - [2010/08/30 15:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
    SRV:64bit: - [2010/01/07 12:43:48 | 005,876,008 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
    SRV:64bit: - [2009/11/23 15:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
    SRV:64bit: - [2009/11/23 15:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
    SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/06/16 11:14:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
    SRV - [2012/03/19 14:33:46 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/12/08 17:37:14 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2011/12/08 17:31:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
    SRV - [2011/10/24 21:15:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
    SRV - [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files (x86)\Winstep\WsxService.exe -- (Winstep Xtreme Service)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/08/19 12:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/20 05:35:38 | 001,128,944 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/04/06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/04/05 10:50:01 | 000,082,048 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2012/03/19 18:08:14 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
    DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/06/02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/06/02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
    DRV:64bit: - [2011/06/02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
    DRV:64bit: - [2011/05/20 22:04:32 | 000,017,496 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr03.sys -- (chdrvr03)
    DRV:64bit: - [2011/05/20 22:04:30 | 000,013,016 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr02.sys -- (chdrvr02)
    DRV:64bit: - [2011/05/20 22:04:28 | 000,251,224 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr01.sys -- (chdrvr01)
    DRV:64bit: - [2011/04/20 10:24:54 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/10/07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam E3500(UVC)
    DRV:64bit: - [2009/10/07 09:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/09/17 12:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2009/08/20 17:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2007/02/16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV - [2010/10/07 14:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.net/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD DA 14 02 F8 01 CD 01 [binary data]
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{DBD3889A-CEEC-4C46-B625-F16FC6E38363}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.startup.homepage: "www.talktalk.co.uk"
    FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=mcafee&p="
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsnffpl.dll ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@IpsosPanelPlus@ipsosinteractive.com: C:\Users\Alan\AppData\Local\Ipsos Panel Plus\toolbar_ff\plugins\npIpsosCommPlugin.dll (IDM)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/03/14 16:33:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/06/16 10:39:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/07/01 09:50:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/07/04 10:24:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 11:14:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\IpsosPanelPlus@ipsosinteractive.com: C:\Users\Alan\AppData\Local\Ipsos Panel Plus\toolbar_ff\ [2012/06/23 14:03:21 | 000,000,000 | ---D | M]

    [2012/03/10 20:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions
    [2012/07/04 10:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\1pj8m3af.default\extensions
    [2012/06/25 22:01:45 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\1pj8m3af.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2012/03/15 13:05:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\1pj8m3af.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012/05/17 12:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/03/14 16:33:12 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
    [2012/06/23 14:03:21 | 000,000,000 | ---D | M] (Ipsos Panel Plus) -- C:\USERS\ALAN\APPDATA\LOCAL\IPSOS PANEL PLUS\TOOLBAR_FF
    [2012/03/15 20:33:30 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1PJ8M3AF.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    [2012/03/24 12:53:48 | 000,052,154 | ---- | M] () (No name found) -- C:\USERS\ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1PJ8M3AF.DEFAULT\EXTENSIONS\GMAILTHIS@LAZYRUSSIAN.COM.XPI
    [2012/07/04 10:28:08 | 000,087,157 | ---- | M] () (No name found) -- C:\USERS\ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1PJ8M3AF.DEFAULT\EXTENSIONS\PRINTEDIT@DW-DEV.XPI
    [2012/06/16 11:14:02 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/16 11:14:00 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/06/16 11:14:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/16 11:14:00 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/06/16 11:14:00 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/06/15 10:50:00 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2012/06/16 11:14:00 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2012/06/16 11:14:00 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/07/04 11:40:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120703202601.dll (McAfee, Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120703202601.dll (McAfee, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
    O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
    O4 - HKCU..\Run: [NextSTART] C:\Program Files (x86)\Winstep\nextstart.exe (Winstep Software Technologies)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKCU..\Run: [Workshelf] C:\Program Files (x86)\Winstep\workshelf.exe (Winstep Software Technologies)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Alan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
    O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
  16. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Part 2..

    ()
    O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Alan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
    O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7656D45F-1F58-478B-8574-9DE899BF6757}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7656D45F-1F58-478B-8574-9DE899BF6757}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76998984-8385-479B-8628-CC8DE8FA38B4}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{829DE177-0153-4889-B4F9-5F6C98028393}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/10 17:54:54 | 000,000,000 | ---- | M] () - I:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011/04/06 14:58:59 | 000,000,044 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (OODBS)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/04 18:41:27 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Malwarebytes
    [2012/07/04 18:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/04 18:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/04 18:41:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/04 18:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/04 11:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2012/07/04 11:50:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/04 11:08:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/04 11:08:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/04 11:08:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/04 11:06:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/04 11:06:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/04 10:36:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/07/03 20:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSC
    [2012/07/03 03:01:30 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/02 18:15:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/07/01 17:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Esellerate
    [2012/07/01 17:22:12 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\GetRightToGo
    [2012/06/30 20:14:13 | 000,057,880 | ---- | C] (Outrider Systems, Inc.) -- C:\Windows\SysWow64\SPIN32.OCX
    [2012/06/30 20:14:10 | 000,233,472 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevXPCtl.ocx
    [2012/06/30 20:14:10 | 000,190,464 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevImLib.dll
    [2012/06/30 20:14:06 | 000,294,400 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevEin20.ocx
    [2012/06/30 20:14:03 | 000,141,824 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevCmd3.ocx
    [2012/06/30 20:14:01 | 000,115,712 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevClb20.ocx
    [2012/06/30 20:14:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\STDFTDE.DLL
    [2012/06/30 20:14:00 | 000,026,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CTL3D.dll
    [2012/06/30 20:14:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMDE.DLL
    [2012/06/30 18:10:36 | 000,000,000 | ---D | C] -- C:\Users\Alan\Documents\WoS3
    [2012/06/30 18:10:36 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\WoS3
    [2012/06/29 16:29:28 | 000,000,000 | ---D | C] -- C:\Aerosoft
    [2012/06/29 13:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
    [2012/06/29 10:56:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
    [2012/06/25 21:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2012/06/25 21:43:41 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Google
    [2012/06/25 21:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/06/23 21:40:08 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Garmin
    [2012/06/23 21:40:06 | 000,000,000 | ---D | C] -- C:\Users\Alan\Documents\My Garmin
    [2012/06/23 21:39:51 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\GARMIN_Corp
    [2012/06/23 17:46:51 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\PACE Anti-Piracy
    [2012/06/23 17:46:51 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\PACE Anti-Piracy
    [2012/06/23 17:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
    [2012/06/23 17:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
    [2012/06/23 14:03:23 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Ipsos Panel Plus
    [2012/06/23 14:03:21 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ipsos Panel Plus
    [2012/06/23 14:03:20 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Ipsos Panel Plus
    [2012/06/22 22:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2012/06/22 22:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
    [2012/06/22 22:45:45 | 000,000,000 | ---D | C] -- C:\Users\Alan\Adobe Flash Builder 4.6
    [2012/06/22 22:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
    [2012/06/22 22:39:55 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
    [2012/06/22 22:39:55 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
    [2012/06/22 22:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
    [2012/06/22 22:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
    [2012/06/22 21:52:53 | 002,674,800 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Alan\Desktop\procexp.exe
    [2012/06/22 19:24:56 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/06/22 19:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
    [2012/06/22 19:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
    [2012/06/22 16:59:50 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\IsolatedStorage
    [2012/06/22 16:59:26 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Better Explorer
    [2012/06/22 16:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Better Explorer
    [2012/06/22 16:47:40 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\VS Revo Group
    [2012/06/22 16:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    [2012/06/22 16:47:36 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
    [2012/06/22 16:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2012/06/21 17:22:13 | 000,839,096 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
    [2012/06/21 17:22:12 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
    [2012/06/21 17:22:12 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
    [2012/06/21 17:22:09 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
    [2012/06/21 17:22:09 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
    [2012/06/21 17:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/06/21 17:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/06/21 17:20:55 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
    [2012/06/21 17:20:55 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2012/06/21 17:20:49 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2012/06/21 17:20:49 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2012/06/21 17:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2012/06/21 16:27:42 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
    [2012/06/21 16:27:42 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
    [2012/06/21 16:27:42 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
    [2012/06/21 16:27:28 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
    [2012/06/21 16:27:28 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
    [2012/06/21 16:27:28 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
    [2012/06/21 16:27:17 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
    [2012/06/21 16:27:17 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
    [2012/06/20 19:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/06/20 19:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/06/20 19:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/06/20 19:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/06/19 17:14:36 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Canon
    [2012/06/17 11:15:29 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Adobe Mini Bridge CS5
    [2012/06/16 11:18:59 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Macromedia
    [2012/06/16 10:33:11 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/06/16 10:33:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/06/16 10:33:07 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
    [2012/06/16 10:33:02 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2012/06/16 10:33:01 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2012/06/15 18:43:40 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/06/15 18:43:38 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/06/15 18:43:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/06/15 18:43:35 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/06/15 18:43:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/06/15 18:43:33 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/06/15 18:43:32 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/06/15 18:43:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
    [2012/06/15 18:43:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
    [2012/06/15 18:43:28 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
    [2012/06/15 18:43:20 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012/06/15 18:43:18 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012/06/15 18:43:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012/06/15 18:27:33 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\DAEMON Tools Pro
    [2012/06/15 18:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
    [2012/06/15 18:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
    [2012/06/15 18:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Ethernet Utility
    [2012/06/15 18:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros Communications Inc
    [2012/06/15 18:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    [2012/06/15 18:22:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
    [2012/06/15 18:20:25 | 000,169,584 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
    [2012/06/15 18:20:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
    [2012/06/15 18:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2012/06/15 18:18:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
    [2012/06/15 18:17:43 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
    [2012/06/15 18:17:41 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
    [2012/06/15 18:17:41 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
    [2012/06/15 18:17:41 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
    [2012/06/15 18:17:41 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
    [2012/06/15 18:17:41 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
    [2012/06/15 18:17:41 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
    [2012/06/15 18:17:40 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
    [2012/06/15 18:17:40 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
    [2012/06/15 18:17:40 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
    [2012/06/15 18:17:40 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
    [2012/06/15 18:17:37 | 001,805,928 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
    [2012/06/15 18:17:37 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
    [2012/06/15 18:17:36 | 003,115,112 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
    [2012/06/15 18:17:35 | 002,428,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
    [2012/06/15 18:17:35 | 001,245,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
    [2012/06/15 18:17:34 | 001,560,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
    [2012/06/15 18:17:33 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
    [2012/06/15 18:17:33 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
    [2012/06/15 18:17:33 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
    [2012/06/15 18:17:33 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
    [2012/06/15 18:17:32 | 001,474,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
    [2012/06/15 18:17:32 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
    [2012/06/15 18:17:32 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
    [2012/06/15 18:17:32 | 000,092,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
    [2012/06/15 18:17:27 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
    [2012/06/15 18:17:27 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
    [2012/06/15 18:17:27 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
    [2012/06/15 18:17:27 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
    [2012/06/15 18:17:27 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
    [2012/06/15 18:17:26 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
    [2012/06/15 18:17:25 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
    [2012/06/15 18:17:25 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
    [2012/06/15 18:17:24 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
    [2012/06/15 18:17:24 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
    [2012/06/15 18:17:22 | 000,603,472 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
    [2012/06/15 18:17:17 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
    [2012/06/15 18:17:16 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
    [2012/06/15 18:17:15 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
    [2012/06/15 18:17:15 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
    [2012/06/15 18:17:15 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
    [2012/06/15 18:17:14 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
    [2012/06/15 18:17:14 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
    [2012/06/15 18:17:14 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
    [2012/06/15 18:17:14 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
    [2012/06/15 18:17:14 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
    [2012/06/15 18:17:13 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
    [2012/06/15 18:17:13 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
    [2012/06/15 18:17:13 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
    [2012/06/15 18:17:12 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
    [2012/06/15 18:17:11 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
    [2012/06/15 18:17:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
    [2012/06/15 18:17:06 | 001,698,408 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
    [2012/06/15 16:37:57 | 068,039,036 | ---- | C] (Intel Corporation ) -- C:\Users\Alan\ITDirector_Setup.exe
    [2012/06/15 13:05:51 | 000,000,000 | R--D | C] -- C:\Users\Alan\Dropbox
    [2012/06/15 13:02:50 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    [2012/06/15 13:02:07 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Dropbox
    [2012/04/05 10:50:01 | 000,082,048 | ---- | C] (VSO Software) -- C:\Users\Alan\AppData\Roaming\pcouffin.sys
    [1 C:\Users\Alan\AppData\Local\*.tmp files -> C:\Users\Alan\AppData\Local\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/04 18:48:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/04 18:41:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/04 12:08:22 | 000,000,042 | ---- | M] () -- C:\Windows\oodjobd.INI
    [2012/07/04 11:58:11 | 000,023,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/04 11:58:11 | 000,023,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/04 11:50:35 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/04 11:50:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/04 11:50:21 | 000,224,047 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
    [2012/07/04 11:40:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/02 17:51:09 | 000,782,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/02 17:51:09 | 000,667,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/02 17:51:09 | 000,125,938 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/02 16:19:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
    [2012/07/01 15:47:46 | 000,000,400 | ---- | M] () -- C:\Windows\SysNative\Wacom_Tablet.dat
    [2012/06/29 12:05:14 | 000,003,710 | ---- | M] () -- C:\Users\Alan\AppData\Local\slot1.mm1
    [2012/06/26 17:15:02 | 000,065,562 | ---- | M] () -- C:\Users\Public\Documents\NETGEAR_DGN2200.cfg
    [2012/06/26 16:41:41 | 000,001,189 | ---- | M] () -- C:\Windows\SysNative\Pen_Tablet.dat
    [2012/06/23 17:46:52 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
    [2012/06/23 14:28:58 | 594,361,677 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/06/22 22:59:33 | 005,087,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/21 17:22:02 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
    [2012/06/21 17:22:02 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
    [2012/06/21 17:22:02 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
    [2012/06/21 17:22:02 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
    [2012/06/21 17:22:01 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
    [2012/06/21 17:20:42 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2012/06/21 17:20:42 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2012/06/21 17:20:42 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2012/06/21 17:20:41 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
    [2012/06/21 17:20:41 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2012/06/21 16:48:59 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/06/21 16:48:59 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/06/15 18:25:49 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
    [2012/06/15 18:15:53 | 000,026,533 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
    [2012/06/15 13:03:04 | 000,001,047 | ---- | M] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/06/05 17:39:38 | 002,674,800 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Alan\Desktop\procexp.exe
    [1 C:\Users\Alan\AppData\Local\*.tmp files -> C:\Users\Alan\AppData\Local\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/04 18:41:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/04 12:08:22 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
    [2012/07/04 11:08:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/04 11:08:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/04 11:08:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/04 11:08:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/04 11:08:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/30 20:14:01 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\sevXPCtl.dep
    [2012/06/30 20:14:01 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\sevEin20.dep
    [2012/06/30 20:14:00 | 000,093,696 | ---- | C] () -- C:\Windows\SysWow64\sevCmd3.oca
    [2012/06/30 20:14:00 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\sevClb20.dep
    [2012/06/30 20:14:00 | 000,000,549 | ---- | C] () -- C:\Windows\SysWow64\sevCmd3.dep
    [2012/06/26 17:15:01 | 000,065,562 | ---- | C] () -- C:\Users\Public\Documents\NETGEAR_DGN2200.cfg
    [2012/06/25 21:43:46 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/25 21:43:45 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/23 17:46:52 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
    [2012/06/23 14:28:58 | 594,361,677 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/06/23 12:21:11 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
    [2012/06/22 22:42:00 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
    [2012/06/22 22:42:00 | 000,002,485 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
    [2012/06/22 22:40:14 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
    [2012/06/22 22:37:24 | 000,001,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    [2012/06/22 19:24:54 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
    [2012/06/15 18:22:14 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2012/06/15 18:22:14 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2012/06/15 18:22:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2012/06/15 18:22:11 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2012/06/15 18:15:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/06/15 18:15:39 | 000,026,533 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012/06/15 17:19:44 | 000,003,710 | ---- | C] () -- C:\Users\Alan\AppData\Local\slot1.mm1
    [2012/06/15 14:14:30 | 000,001,534 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1 64-bit.lnk
    [2012/06/15 13:03:04 | 000,001,047 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/05/11 17:02:05 | 000,789,050 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
    [2012/05/11 17:02:05 | 000,044,335 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
    [2012/05/09 19:06:48 | 000,215,644 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012/04/05 10:50:41 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo3.dll
    [2012/04/05 10:50:01 | 000,093,696 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\ezpinst.exe
    [2012/04/05 10:50:01 | 000,007,176 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\pcouffin.cat
    [2012/04/05 10:50:01 | 000,001,167 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\pcouffin.inf
    [2012/03/24 18:59:30 | 000,000,319 | ---- | C] () -- C:\Windows\CODUO.ini
    [2012/03/24 18:55:52 | 000,000,709 | ---- | C] () -- C:\Windows\COD.INI
    [2012/03/21 17:59:58 | 000,000,080 | ---- | C] () -- C:\Users\Alan\AppData\Local\X-Plane Installer.prf
    [2012/03/17 18:41:55 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
    [2012/03/17 14:09:04 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2012/03/16 23:24:37 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2012/03/16 23:22:31 | 000,764,302 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/03/16 12:39:34 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\CleanMem.ini
    [2012/03/16 12:11:32 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
    [2012/03/16 10:59:05 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
    [2012/03/15 20:51:51 | 000,000,008 | -H-- | C] () -- C:\Users\Alan\AppData\Local\L8457789110
    [2012/03/11 18:14:40 | 000,000,022 | -HS- | C] () -- C:\Users\Alan\AppData\Roaming\Sys2662.Config.Repository.bin
    [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/03/08 15:43:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/06/07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
    [2011/06/07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2011/06/07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2011/06/07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011/06/07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2010/12/02 01:32:00 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\FS2AUDIO.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 1297 bytes -> C:\ProgramData\Microsoft:vaur4TsubZronI4NZe2o
    @Alternate Data Stream - 1278 bytes -> C:\ProgramData\Microsoft:rsh3Cvck8UbK0oZH
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D0668210
    @Alternate Data Stream - 1120 bytes -> C:\ProgramData\Microsoft:MvnIZtLt4U1xueYgRltG5m

    < End of report >
  17. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    You didn't answer my question:
    [​IMG]

    =======================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      @Alternate Data Stream - 1297 bytes -> C:\ProgramData\Microsoft:vaur4TsubZronI4NZe2o
      @Alternate Data Stream - 1278 bytes -> C:\ProgramData\Microsoft:rsh3Cvck8UbK0oZH
      @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D0668210
      @Alternate Data Stream - 1120 bytes -> C:\ProgramData\Microsoft:MvnIZtLt4U1xueYgRltG5m
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    ===========================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
    2. Please download Farbar Service Scanner(FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.
    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  18. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Here is the OTL log...

    All processes killed
    ========== OTL ==========
    ADS C:\ProgramData\Microsoft:vaur4TsubZronI4NZe2o deleted successfully.
    ADS C:\ProgramData\Microsoft:rsh3Cvck8UbK0oZH deleted successfully.
    ADS C:\ProgramData\TEMP:D0668210 deleted successfully.
    ADS C:\ProgramData\Microsoft:MvnIZtLt4U1xueYgRltG5m deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Alan
    ->Temp folder emptied: 367915 bytes
    ->Temporary Internet Files folder emptied: 35038089 bytes
    ->Java cache emptied: 52116 bytes
    ->FireFox cache emptied: 204869673 bytes
    ->Flash cache emptied: 63230 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56478 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 119357895 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 106304 bytes
    RecycleBin emptied: 456 bytes

    Total Files Cleaned = 343.00 mb


    [EMPTYJAVA]

    User: Alan
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Alan
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07052012_162900

    Files\Folders moved on Reboot...
    C:\Users\Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{BEADC72B-7639-4C79-AC04-251F112E6A28}.tmp moved successfully.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    PendingFileRenameOperations files...
    File C:\Users\Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\Alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{BEADC72B-7639-4C79-AC04-251F112E6A28}.tmp not found!
    [2009/10/07 02:47:22 | 000,109,080 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj01.dll : Unable to obtain MD5
    [2009/10/07 02:46:36 | 000,131,608 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj02.dll : Unable to obtain MD5

    Registry entries deleted on Reboot...
  19. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Security check log...

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee AntiVirus Plus
    McAfee Security Scan Plus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    TuneUp Utilities 2011
    TuneUp Utilities Language Pack (en-US)
    TuneUp Utilities 2011
    Java(TM) 7 Update 5
    Out of date Java installed!
    Adobe Flash Player 11.3.300.262
    Adobe Reader X (10.1.3)
    Mozilla Firefox (x86 en-GB..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
  20. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    FSS log...

    Farbar Service Scanner Version: 02-07-2012
    Ran by Alan (administrator) on 05-07-2012 at 16:39:24
    Running from "C:\Users\Alan\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  21. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    ...and here is the ESET log...

    E:\LU3\rld-wos3.iso a variant of Win32/Packed.VMProtect.AAD trojan deleted (after the next restart) - quarantined
    I:\GoodSync\Applications\Family Tree Maker 2009-ISO\Family Tree Maker 2012 Essentials - KeyGen.rar MSIL/Hoax.FakeKG.A application deleted - quarantined
    I:\GoodSync\EBooks\Kindle eBooks Collection feb. 2011.zip a variant of Win32/BHO.OEG trojan deleted - quarantined
    I:\GoodSync\EBooks\over 10000 Ebooks collection mar. 2012 by JOHN\Ebook collection january 2012\Ebook collection january 2012\FreeArc-0.666-win32.exe a variant of Win32/BHO.OEG trojan deleted - quarantined
    I:\System Volume Information\_restore{08DCE0D4-9BAF-41A5-B2C0-E0D26A6AF890}\RP39\A0003556.exe a variant of MSIL/Agent.NCF trojan cleaned by deleting - quarantined
    I:\System Volume Information\_restore{08DCE0D4-9BAF-41A5-B2C0-E0D26A6AF890}\RP50\A0004484.exe a variant of MSIL/Agent.NCF trojan cleaned by deleting - quarantined
  22. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  23. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    So far computer is working fine, here is the OTL log...

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Alan
    ->Temp folder emptied: 236230 bytes
    ->Temporary Internet Files folder emptied: 36341 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 68901857 bytes
    ->Flash cache emptied: 1066 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 119361720 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 34759 bytes
    RecycleBin emptied: 3746458 bytes

    Total Files Cleaned = 183.00 mb


    [EMPTYFLASH]

    User: Alan
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Alan
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.1 log created on 07062012_153648

    Files\Folders moved on Reboot...
    C:\Users\Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Windows\temp\logishrd\LVPrcInj01.dll not found!
    File\Folder C:\Windows\temp\logishrd\LVPrcInj02.dll not found!

    PendingFileRenameOperations files...
    File C:\Users\Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Windows\temp\logishrd\LVPrcInj01.dll not found!
    File C:\Windows\temp\logishrd\LVPrcInj02.dll not found!

    Registry entries deleted on Reboot...
  24. Broni

    Broni Malware Annihilator Posts: 46,728   +254

    Yes!! [​IMG]
    Good luck and stay safe :)
  25. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Just wanted to say thanks for your help; system running fine now, and thanks for the tips.:)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.