Solved Infected by Sirefef.AB Sirefef.W and Sirefef Virus - cannot begin removal process

[guitar1969]

Hello: I have been battling this virus for a few days now, and not sure what to do. Running Microsoft Security Esentials, Malwarebytes, TDSSKiller, etc but no luck - MSE will find the vitruses and supposedly removes them but It keeps coming back. I could not find any strange processes running in Task Manager. Its knocked out my firewall -cannot start service. At this point every few minutes or so, I keep getting a crash message - "Windows Has Encountered a Critical Problem and will restart automatically in a minute. Please save your work" and then my system reboots.

Problem is I cannot complete the First 5 steps TechSpot is requesting (Logs) to get help. It errors out every few minutes whether I am in normal mode, Safe Mode with Networking, and even Safe Mode Command Prompt.

I appreciate any help you can provide, but not sure where to start.

thanks,
Michael

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

What Windows version is it?

 

[guitar1969]

Sorry - Its Windows 7 Profeassional - 64 bit. I was able to run Farbar Recover Scan Tool off the USB since it didn't require booting to the C drive and it looks like that is a good starting point. Here is the Log:

Scan result of Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 14-08-2012 17:21:03
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-01-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickBooksDB21] C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -n QB_MJHDESKTOP_21 -qs -gd ALL -gk all -gp 4096 -gu all -ch 256M -c 128M -x tcpip(BroadcastListener=NO;port=55343) -ti 0 -ec simple -qi -qw -tl 120 -oe C:\PROGRA~3\Intuit\QUICKB~2\DBSTAR~1.LOG -y [6642 2012-08-14] ()
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Classic .NET AppPool\...\Run: [HPADVISOR] [x]
HKU\Default\...\Run: [HPADVISOR] [x]
HKU\Default User\...\Run: [HPADVISOR] [x]
HKU\DefaultAppPool\...\Run: [HPADVISOR] [x]
HKU\MichaelH\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\MichaelH\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-04-12] (Google Inc.)
HKU\MichaelH\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\MichaelH\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\MichaelH\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
==================== Services (Whitelisted) ======
4 ACT! Scheduler; "C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe" [81920 2009-08-24] (Sage Software, Inc.)
4 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-01] (Creative Technology Ltd)
4 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd)
2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2011-01-26] (Microsoft Corporation)
4 GladFileMonSvc; "C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe" [29552 2012-03-15] (Gladinet, INC)
2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375208 2012-07-12] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147368 2012-07-12] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-01-11] (LogMeIn, Inc.)
4 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2009-08-14] (Alcatel-Lucent)
4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MSMQ; C:\Windows\System32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
2 MSSQL$ACT7; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sACT7 [29261152 2011-03-17] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [29261152 2011-03-17] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
4 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [275752 2008-01-22] (Nero AG)
4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [142424 2009-09-10] (Nuance Communications, Inc.)
4 QuickBooksDB21; C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB21 [679936 2010-04-27] (Intuit, Inc.)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
3 AX88772; C:\Windows\System32\Drivers\AX88772.sys [73216 2009-06-10] (ASIX Electronics Corp.)
3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2011-04-25] (Citrix Systems, Inc.)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-01-11] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-01-11] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-01-11] (LogMeIn, Inc.)
3 MQAC; C:\Windows\System32\Drivers\MQAC.sys [189440 2009-07-13] (Microsoft Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339744 2009-07-31] (NVIDIA Corporation)
3 radpms; C:\Windows\System32\Drivers\radpms.sys [14944 2011-01-11] (LogMeIn, Inc.)
3 ZMGHPAudioSrv; C:\Windows\System32\drivers\zmghpau.sys [47616 2010-04-16] (ZOOM)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 LMIRfsClientNP; [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-08-14 17:20 - 2012-08-14 17:21 - 00000000 ____D C:\FRST
2012-08-14 16:04 - 2012-08-14 16:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9B19C9BED4F6A6F2
2012-08-14 16:04 - 2012-08-14 16:04 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pgmzcjmp.sys
2012-08-14 15:55 - 2012-08-14 15:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34C1CD250D31E74E
2012-08-14 15:20 - 2012-08-14 15:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A702D4890DC61F29
2012-08-14 15:15 - 2012-08-14 15:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD4BC52665E6A4EB
2012-08-14 15:11 - 2012-08-14 15:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.127787D1D68F72FF
2012-08-14 15:03 - 2012-08-14 15:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A1C369FE083CABF
2012-08-14 14:33 - 2012-08-14 14:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F3A511A3B15439D5
2012-08-14 14:07 - 2012-08-14 14:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66C22FBAAA4F16D9
2012-08-14 13:59 - 2012-08-14 13:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.172BEC2B3684BA16
2012-08-14 13:49 - 2012-08-14 16:03 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-14 13:49 - 2012-08-14 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-14 11:17 - 2012-08-14 11:17 - 00000127 ____A C:\Users\MichaelH\Desktop\The Medano Beach Club Cabo - Cabo San Lucas, Baja, Mexico.url
2012-08-13 17:01 - 2012-08-13 17:01 - 00000173 ____A C:\Users\MichaelH\Desktop\How to Install Windows 7 Without the Disc PCWorld.url
2012-08-13 15:59 - 2012-08-13 15:59 - 00000000 ____D C:\Users\MichaelH\AppData\Local\Hewlett-Packard_Company
2012-08-13 14:37 - 2012-08-13 14:37 - 00033717 ____A C:\ComboFix.txt
2012-08-13 14:00 - 2012-08-13 14:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D120627AB4C7843
2012-08-13 13:54 - 2012-08-13 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.270A0E90EE7CBDD8
2012-08-13 13:49 - 2012-08-13 13:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C7F4740C933F5E2E
2012-08-13 13:44 - 2012-08-13 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3BA7E26C6493D08
2012-08-13 13:38 - 2012-08-13 13:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66FF89CB21A6F11F
2012-08-13 13:33 - 2012-08-13 13:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5ECD976F4188BA4C
2012-08-13 13:22 - 2012-08-13 13:22 - 00000000 ____D C:\found.000
2012-08-13 13:07 - 2012-08-13 13:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A473E812725399C
2012-08-13 11:35 - 2012-08-13 11:35 - 19132512 ____A (SUPERAntiSpyware.com) C:\Users\MichaelH\Desktop\SUPERAntiSpyware.exe
2012-08-10 16:59 - 2012-08-10 16:59 - 00000160 ____A C:\Users\MichaelH\Desktop\BuySpry.url
2012-08-02 16:48 - 2012-08-02 16:48 - 00000051 ____A C:\Users\MichaelH\Desktop\TegraZone - Download The Best Android Games For Your Tegra Device.URL
2012-07-31 11:19 - 2012-08-01 12:29 - 00000211 ____A C:\Users\MichaelH\Desktop\Asus Transformer TF700 - xda-developers.url
2012-07-30 11:03 - 2012-08-02 13:51 - 00000000 ____D C:\Users\MichaelH\Documents\Calibre Library
2012-07-30 11:03 - 2012-08-02 13:11 - 00000000 ____D C:\Users\MichaelH\AppData\Roaming\calibre
2012-07-30 11:03 - 2012-07-30 11:03 - 00000962 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-07-30 11:02 - 2012-07-30 11:11 - 00000000 ____D C:\Program Files (x86)\Calibre2
2012-07-30 10:55 - 2012-07-30 10:55 - 00000000 ____D C:\Users\MichaelH\Documents\ePub DRM Removal
2012-07-30 10:55 - 2012-07-30 10:55 - 00000000 ____D C:\Users\MichaelH\AppData\Roaming\eBookConverter
2012-07-30 10:54 - 2012-07-30 10:56 - 00000000 ____D C:\Program Files (x86)\eBookConverter
2012-07-30 09:44 - 2012-07-30 10:10 - 00000000 ____D C:\Users\MichaelH\Documents\My Digital Editions
2012-07-30 09:21 - 2012-07-30 09:21 - 00001023 ____A C:\Users\Public\Desktop\Kobo.lnk
2012-07-30 09:21 - 2012-07-30 09:21 - 00000000 ____D C:\Users\MichaelH\AppData\Local\Kobo
2012-07-30 09:19 - 2012-07-30 09:27 - 00000000 ____D C:\Windows\tmp
2012-07-30 09:19 - 2012-07-30 09:21 - 00000000 ____D C:\Program Files (x86)\Kobo
2012-07-18 16:41 - 2012-08-06 14:04 - 00001080 ____A C:\Users\MichaelH\Documents\gpfax.adr
2012-07-18 16:41 - 2012-07-30 15:15 - 00000016 ____A C:\Users\MichaelH\Documents\gpfax.idx
============ 3 Months Modified Files ========================
2012-08-14 16:04 - 2012-08-14 16:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9B19C9BED4F6A6F2
2012-08-14 16:04 - 2012-08-14 16:04 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pgmzcjmp.sys
2012-08-14 16:03 - 2011-01-13 12:35 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-14 16:01 - 2011-04-12 09:05 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-14 16:00 - 2011-04-13 13:29 - 00032988 ____A C:\Windows\setupact.log
2012-08-14 16:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-14 15:55 - 2012-08-14 15:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34C1CD250D31E74E
2012-08-14 15:50 - 2011-04-12 09:05 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-14 15:50 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-14 15:42 - 2009-10-09 22:39 - 01334495 ____A C:\Windows\WindowsUpdate.log
2012-08-14 15:20 - 2012-08-14 15:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A702D4890DC61F29
2012-08-14 15:15 - 2012-08-14 15:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD4BC52665E6A4EB
2012-08-14 15:13 - 2011-04-21 11:04 - 00062484 ____A C:\Windows\PFRO.log
2012-08-14 15:11 - 2012-08-14 15:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.127787D1D68F72FF
2012-08-14 15:03 - 2012-08-14 15:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A1C369FE083CABF
2012-08-14 14:34 - 2012-03-09 15:19 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902566424-2048678736-4064907230-1000UA.job
2012-08-14 14:33 - 2012-08-14 14:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F3A511A3B15439D5
2012-08-14 14:07 - 2012-08-14 14:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66C22FBAAA4F16D9
2012-08-14 13:59 - 2012-08-14 13:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.172BEC2B3684BA16
2012-08-14 13:50 - 2009-11-05 11:28 - 01245092 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-14 13:37 - 2009-07-13 21:13 - 01229180 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-14 13:34 - 2012-03-09 15:19 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902566424-2048678736-4064907230-1000Core.job
2012-08-14 13:09 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-14 13:09 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-14 12:59 - 2009-11-04 16:07 - 00000059 ____A C:\APPTWN.LOG
2012-08-14 11:40 - 2010-02-09 11:24 - 00000358 _RASH C:\Users\All Users\ntuser.pol
2012-08-14 11:17 - 2012-08-14 11:17 - 00000127 ____A C:\Users\MichaelH\Desktop\The Medano Beach Club Cabo - Cabo San Lucas, Baja, Mexico.url
2012-08-13 19:35 - 2012-03-09 15:20 - 00002474 ____A C:\Users\MichaelH\Desktop\Google Chrome.lnk
2012-08-13 17:01 - 2012-08-13 17:01 - 00000173 ____A C:\Users\MichaelH\Desktop\How to Install Windows 7 Without the Disc PCWorld.url
2012-08-13 14:37 - 2012-08-13 14:37 - 00033717 ____A C:\ComboFix.txt
2012-08-13 14:29 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-13 14:00 - 2012-08-13 14:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D120627AB4C7843
2012-08-13 13:54 - 2012-08-13 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.270A0E90EE7CBDD8
2012-08-13 13:49 - 2012-08-13 13:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C7F4740C933F5E2E
2012-08-13 13:44 - 2012-08-13 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3BA7E26C6493D08
2012-08-13 13:38 - 2012-08-13 13:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66FF89CB21A6F11F
2012-08-13 13:33 - 2012-08-13 13:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5ECD976F4188BA4C
2012-08-13 13:07 - 2012-08-13 13:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A473E812725399C
2012-08-13 12:45 - 2010-01-05 13:05 - 00000437 ____A C:\Windows\Spell.cfg
2012-08-13 11:35 - 2012-08-13 11:35 - 19132512 ____A (SUPERAntiSpyware.com) C:\Users\MichaelH\Desktop\SUPERAntiSpyware.exe
2012-08-13 09:44 - 2012-01-06 16:40 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-11 16:22 - 2011-01-20 10:38 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForMichaelH.job
2012-08-10 16:59 - 2012-08-10 16:59 - 00000160 ____A C:\Users\MichaelH\Desktop\BuySpry.url
2012-08-06 14:04 - 2012-07-18 16:41 - 00001080 ____A C:\Users\MichaelH\Documents\gpfax.adr
2012-08-02 16:48 - 2012-08-02 16:48 - 00000051 ____A C:\Users\MichaelH\Desktop\TegraZone - Download The Best Android Games For Your Tegra Device.URL
2012-08-02 14:32 - 2012-04-23 15:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-02 14:32 - 2011-06-27 08:03 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-01 12:29 - 2012-07-31 11:19 - 00000211 ____A C:\Users\MichaelH\Desktop\Asus Transformer TF700 - xda-developers.url
2012-07-31 09:18 - 2009-11-04 16:16 - 00000552 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2012-07-30 15:15 - 2012-07-18 16:41 - 00000016 ____A C:\Users\MichaelH\Documents\gpfax.idx
2012-07-30 11:03 - 2012-07-30 11:03 - 00000962 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-07-30 09:21 - 2012-07-30 09:21 - 00001023 ____A C:\Users\Public\Desktop\Kobo.lnk
2012-07-30 09:20 - 2011-04-14 16:21 - 00076094 ____A C:\Windows\DPINST.LOG
2012-07-19 14:29 - 2012-05-31 14:46 - 00034304 ____A C:\Users\MichaelH\Desktop\Kyle Chelsea Statement Fall 2012.xls
2012-07-13 15:45 - 2012-07-13 15:45 - 00000951 ____A C:\Users\Public\Desktop\TuxGuitar.lnk
2012-07-13 15:41 - 2012-07-13 15:41 - 00002937 ____A C:\Users\MichaelH\Desktop\3nps.ptb
2012-07-13 15:39 - 2012-07-13 15:39 - 00002937 ____A C:\Users\MichaelH\Desktop\3nps.htm
2012-07-13 13:48 - 2012-07-13 13:48 - 00000165 ____A C:\Users\MichaelH\Desktop\Ovation Online Demo.url
2012-07-13 12:45 - 2009-12-22 11:11 - 00000617 ____A C:\Windows\System32\NTS5CSET.INI
2012-07-13 12:31 - 2012-07-13 12:30 - 00000238 ____A C:\Users\MichaelH\Desktop\Amazon Appstore Free App of the Day.url
2012-07-12 13:17 - 2011-08-01 16:13 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-12 13:17 - 2011-08-01 16:13 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-12 13:17 - 2011-08-01 16:13 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-11 16:18 - 2012-07-11 16:18 - 00002217 ____A C:\Users\Public\Desktop\Amazon Cloud Player.lnk
2012-07-06 09:24 - 2012-07-06 09:24 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-03 12:46 - 2012-01-06 16:40 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 16:58 - 2012-07-02 16:58 - 00001493 ____A C:\Users\MichaelH\.recently-used.xbel
2012-06-22 16:03 - 2012-06-22 16:03 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-06-22 16:03 - 2012-06-22 16:03 - 00000859 ____A C:\Windows\LkmdfCoInst.log
2012-06-22 16:03 - 2012-06-22 16:02 - 00009642 ____A C:\Windows\LDPINST.LOG
2012-06-21 15:03 - 2012-06-11 16:12 - 00000207 ____A C:\Users\MichaelH\Desktop\Hillsong United Pedal - The Gear Page.url
2012-06-21 15:01 - 2012-06-12 17:13 - 00000240 ____A C:\Users\MichaelH\Desktop\Eno-Lanois Shimmer Sound How it is made « The Halls of Valhalla.url
2012-06-18 18:08 - 2012-04-06 15:19 - 00001032 ____A C:\Users\MichaelH\Desktop\Dropbox.lnk
2012-06-15 16:14 - 2012-06-12 17:17 - 00000206 ____A C:\Users\MichaelH\Desktop\Zoom G3 Shimmer, with explanation and lesson Tutorial - YouTube.url
2012-06-14 17:38 - 2012-06-13 15:32 - 00000218 ____A C:\Users\MichaelH\Desktop\guitarpraise POD Patches.url
2012-06-14 14:41 - 2012-06-14 14:41 - 00000139 ____A C:\Users\MichaelH\Desktop\FareViewer.url
2012-06-12 16:51 - 2012-06-12 16:51 - 00000127 ____A C:\Users\MichaelH\Desktop\AshBass Zoom G3 and G5 Mods and Information.url
2012-06-12 15:56 - 2012-06-12 15:56 - 00000032 ____A C:\Windows\GearBox.ini
2012-06-12 15:30 - 2012-06-12 15:30 - 00922400 ____A (Sun Microsystems, Inc.) C:\Users\MichaelH\Desktop\jre_setup.exe
2012-06-11 15:17 - 2012-06-08 16:48 - 00000216 ____A C:\Users\MichaelH\Desktop\Zoom G5 first thoughts - Page 19 - The Gear Page.url
2012-06-08 13:34 - 2012-06-08 13:34 - 00002078 ____A C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
2012-06-06 10:37 - 2010-02-15 09:55 - 00000000 ____A C:\Users\MichaelH\Documents\Nuance Image Printer Writer Port
2012-06-05 15:17 - 2012-06-05 14:45 - 00000216 ____A C:\Users\MichaelH\Desktop\Zoom G5 first thoughts - Page 17 - The Gear Page.url
2012-06-05 14:49 - 2012-06-05 14:49 - 00000137 ____A C:\Users\MichaelH\Desktop\The Praise and Worship Forum.url
2012-06-05 11:19 - 2012-06-05 11:19 - 00048128 ____A C:\Users\MichaelH\Desktop\Chelsea SC B99 Blue 2012-2013 Season Roster with Kyle H info inserted..xls
2012-06-02 14:19 - 2012-06-18 15:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 15:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 15:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 15:48 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 15:48 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-18 15:48 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 15:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 15:48 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-18 15:48 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 12:53 - 2012-06-01 12:53 - 00000936 ____A C:\Users\MichaelH\Desktop\Evernote.lnk
2012-05-31 17:02 - 2012-03-16 10:05 - 00034304 ____A C:\Users\MichaelH\Desktop\Expenses - Jan - Ongoing 2012.xls
2012-05-29 15:41 - 2012-05-29 15:40 - 00293776 ____A C:\Windows\Minidump\052912-23197-01.dmp
2012-05-29 15:40 - 2012-05-29 13:05 - 480150924 ____A C:\Windows\MEMORY.DMP
2012-05-29 15:37 - 2012-05-29 15:37 - 00293776 ____A C:\Windows\Minidump\052912-36925-01.dmp
2012-05-29 15:24 - 2012-05-29 15:24 - 00293776 ____A C:\Windows\Minidump\052912-25677-01.dmp
2012-05-29 15:12 - 2012-05-29 15:12 - 00293776 ____A C:\Windows\Minidump\052912-38891-01.dmp
2012-05-29 14:54 - 2012-05-29 14:54 - 00336848 ____A C:\Windows\Minidump\052912-33165-01.dmp
2012-05-29 14:48 - 2012-05-29 14:48 - 00293776 ____A C:\Windows\Minidump\052912-28891-01.dmp
2012-05-29 13:13 - 2012-05-29 13:13 - 00293776 ____A C:\Windows\Minidump\052912-28641-01.dmp
2012-05-29 13:05 - 2012-05-29 13:05 - 00293776 ____A C:\Windows\Minidump\052912-32463-01.dmp
2012-05-29 10:56 - 2012-05-29 10:56 - 00293776 ____A C:\Windows\Minidump\052912-24258-01.dmp
2012-05-25 16:36 - 2012-05-25 16:36 - 02127448 ____A (Kaspersky Lab ZAO) C:\Users\MichaelH\Desktop\TDSSKiller.exe
2012-05-25 14:58 - 2012-05-25 14:58 - 00000185 ____A C:\Users\MichaelH\Desktop\Make Volume Swells A Part of Your Guitar Vibe Online Guitar Lessons.url
2012-05-24 05:59 - 2012-05-24 05:59 - 00043520 ____A (http://libusb-win32.sourceforge.net) C:\Windows\System32\libusb0.dll
2012-05-24 05:59 - 2012-05-24 05:59 - 00037376 ____A (http://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2012-05-24 05:59 - 2012-05-24 05:59 - 00029184 ____A (http://libusb-win32.sourceforge.net) C:\Windows\System32\Drivers\libusb0.sys
2012-05-24 05:59 - 2012-05-24 05:59 - 00021504 ____A (http://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\Drivers\libusb0.sys
2012-05-22 18:50 - 2012-05-22 18:50 - 00001120 ____A C:\Users\Public\Desktop\AoA Audio Extractor.lnk
2012-05-21 09:09 - 2011-08-01 16:13 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2012-05-21 09:09 - 2011-08-01 16:13 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll.000.bak
2012-05-17 15:34 - 2011-05-27 17:20 - 00001729 ____A C:\gammag.txt
2012-05-17 15:34 - 2011-05-27 17:20 - 00001728 ____A C:\gammar.txt
2012-05-17 15:34 - 2011-05-27 17:20 - 00001728 ____A C:\gammab.txt
2012-05-17 09:23 - 2009-11-06 11:34 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

ZeroAccess:
C:\Windows\Installer\{04417e74-57b3-e299-ec87-8a820c01d0ca}
C:\Windows\Installer\{04417e74-57b3-e299-ec87-8a820c01d0ca}\@
C:\Windows\Installer\{04417e74-57b3-e299-ec87-8a820c01d0ca}\n
C:\Windows\Installer\{04417e74-57b3-e299-ec87-8a820c01d0ca}\U
ZeroAccess:
C:\Users\MichaelH\AppData\Local\{04417e74-57b3-e299-ec87-8a820c01d0ca}
C:\Users\MichaelH\AppData\Local\{04417e74-57b3-e299-ec87-8a820c01d0ca}\@
C:\Users\MichaelH\AppData\Local\{04417e74-57b3-e299-ec87-8a820c01d0ca}\L
C:\Users\MichaelH\AppData\Local\{04417e74-57b3-e299-ec87-8a820c01d0ca}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 5887.23 MB
Available physical RAM: 5020.05 MB
Total Pagefile: 5885.38 MB
Available Pagefile: 5008.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (HP) (Fixed) (Total:584.06 GB) (Free:341.84 GB) NTFS
2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:12.02 GB) (Free:2.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 483 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 584 GB 101 MB
Partition 3 Primary 12 GB 584 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C HP NTFS Partition 584 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FACTORY_IMA NTFS Partition 12 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 483 MB 118 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 483 MB Healthy
==================================================================================
Last Boot: 2012-08-06 23:09
======================= End Of Log ==========================

 

[Broni]

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

 

[guitar1969]

Here is the Services.exe log:

Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 2012-08-14 18:38:22
Running from G:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-08-14 15:50] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
C:\Windows\ERDNT\cache64\services.exe
[2012-08-13 14:35] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======

not sure if this matters but I am running all these logs while not connected to the internet anymore.

Thanks,
Michael

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

Please post BOTH logs, rKill.txt and Combofix.txt.

 

[guitar1969]

Here are the logs:

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-08-2012
Ran by SYSTEM at 2012-08-15 11:24:38 Run:1
Running from G:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\System32\services.exe.9B19C9BED4F6A6F2 moved successfully.
C:\Windows\System32\Drivers\pgmzcjmp.sys not found.
C:\Windows\System32\services.exe.34C1CD250D31E74E moved successfully.
C:\Windows\System32\services.exe.A702D4890DC61F29 moved successfully.
C:\Windows\System32\services.exe.FD4BC52665E6A4EB moved successfully.
C:\Windows\System32\services.exe.127787D1D68F72FF moved successfully.
C:\Windows\System32\services.exe.6A1C369FE083CABF moved successfully.
C:\Windows\System32\services.exe.F3A511A3B15439D5 moved successfully.
C:\Windows\System32\services.exe.66C22FBAAA4F16D9 moved successfully.
C:\Windows\System32\services.exe.172BEC2B3684BA16 moved successfully.
C:\Windows\System32\services.exe.1D120627AB4C7843 moved successfully.
C:\Windows\System32\services.exe.270A0E90EE7CBDD8 moved successfully.
C:\Windows\System32\services.exe.C7F4740C933F5E2E moved successfully.
C:\Windows\System32\services.exe.D3BA7E26C6493D08 moved successfully.
C:\Windows\System32\services.exe.66FF89CB21A6F11F moved successfully.
C:\Windows\System32\services.exe.5ECD976F4188BA4C moved successfully.
C:\Windows\System32\services.exe.0A473E812725399C moved successfully.
C:\Windows\Installer\{04417e74-57b3-e299-ec87-8a820c01d0ca} moved successfully.
C:\Users\MichaelH\AppData\Local\{04417e74-57b3-e299-ec87-8a820c01d0ca} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====

ComboFix 12-08-13.01 - MichaelH 08/15/2012 11:34:08.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5887.4526 [GMT -7:00]
Running from: c:\users\MichaelH\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache64\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 18:45 . 2012-08-15 18:45 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-08-15 18:45 . 2012-08-15 18:45 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-08-15 18:45 . 2012-08-15 18:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 18:45 . 2012-08-15 18:45 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-08-15 01:20 . 2012-08-15 01:21 -------- d-----w- C:\FRST
2012-08-15 00:03 . 2012-08-15 00:03 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28B58A72-CB94-4354-8955-525872429F5F}\offreg.dll
2012-08-14 22:32 . 2012-08-15 00:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn
2012-08-14 21:54 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C80F7384-C1C4-4F3A-AE38-256013EC7A46}\gapaengine.dll
2012-08-14 21:54 . 2012-07-16 09:40 9133488 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28B58A72-CB94-4354-8955-525872429F5F}\mpengine.dll
2012-08-14 21:49 . 2012-08-15 00:03 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-14 21:49 . 2012-08-15 00:03 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-13 23:59 . 2012-08-13 23:59 -------- d-----w- c:\users\MichaelH\AppData\Local\Hewlett-Packard_Company
2012-08-13 21:22 . 2012-08-13 21:22 -------- d-----w- C:\found.000
2012-07-30 19:03 . 2012-08-02 21:11 -------- d-----w- c:\users\MichaelH\AppData\Roaming\calibre
2012-07-30 19:02 . 2012-07-30 19:11 -------- d-----w- c:\program files (x86)\Calibre2
2012-07-30 18:55 . 2012-07-30 18:55 -------- d-----w- c:\users\MichaelH\AppData\Roaming\eBookConverter
2012-07-30 18:54 . 2012-07-30 18:56 -------- d-----w- c:\program files (x86)\eBookConverter
2012-07-30 17:21 . 2012-07-30 17:21 -------- d-----w- c:\users\MichaelH\AppData\Local\Kobo
2012-07-30 17:19 . 2012-07-30 17:27 -------- d-----w- c:\windows\tmp
2012-07-30 17:19 . 2012-07-30 17:21 -------- d-----w- c:\program files (x86)\Kobo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 18:53 . 2011-04-15 21:45 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-08-02 22:32 . 2012-04-23 23:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 22:32 . 2011-06-27 16:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 21:17 . 2011-08-02 00:13 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-12 21:17 . 2011-08-02 00:13 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-12 21:17 . 2011-08-02 00:13 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-03 20:46 . 2012-01-07 00:40 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 00:03 . 2012-06-23 00:03 53248 ----a-r- c:\users\MichaelH\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-06-23 00:03 . 2012-06-23 00:03 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-02 22:19 . 2012-06-18 23:48 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 23:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-18 23:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 23:49 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 23:48 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-18 23:48 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-18 23:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-18 23:48 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-18 23:48 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-24 13:59 . 2012-05-24 13:59 43520 ----a-w- c:\windows\system32\libusb0.dll
2012-05-24 13:59 . 2012-05-24 13:59 37376 ----a-w- c:\windows\SysWow64\libusb0.dll
2012-05-24 13:59 . 2012-05-24 13:59 29184 ----a-w- c:\windows\system32\drivers\libusb0.sys
2012-05-24 13:59 . 2012-05-24 13:59 21504 ----a-w- c:\windows\SysWow64\drivers\libusb0.sys
2012-05-21 17:09 . 2011-08-02 00:13 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-05-21 17:09 . 2011-08-02 00:13 80768 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2008-08-06 07:17 . 2009-11-11 00:50 466944 ----a-w- c:\program files (x86)\StickyNotes.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fac55604-21f0-4f11-9d36-f75351597812}"= "c:\program files (x86)\www.roadrunner.com\prxtbwww0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fac55604-21f0-4f11-9d36-f75351597812}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ------w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fac55604-21f0-4f11-9d36-f75351597812}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\www.roadrunner.com\prxtbwww0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{fac55604-21f0-4f11-9d36-f75351597812}"= "c:\program files (x86)\www.roadrunner.com\prxtbwww0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{fac55604-21f0-4f11-9d36-f75351597812}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-04-23 22:31 208096 ----a-w- c:\users\MichaelH\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-04-23 22:31 208096 ----a-w- c:\users\MichaelH\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-04-23 22:31 208096 ----a-w- c:\users\MichaelH\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\MichaelH\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\MichaelH\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\MichaelH\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\MichaelH\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2012-03-15 18:17 210800 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2012-03-15 18:20 194416 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickBooksDB21"="c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe" [2010-04-28 679936]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-09 160328]
.
c:\users\MichaelH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\MichaelH\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-11-29 1159168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 135664]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2011-03-18 29261152]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys [2009-10-30 460864]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6144]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2009-10-30 49728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2010-11-20 16384]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [2010-04-16 47616]
R4 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2009-08-24 81920]
R4 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R4 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [2012-03-15 29552]
R4 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632]
R4 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
R4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2009-09-10 142424]
R4 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
R4 QuickBooksDB21;QuickBooksDB21;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2010-04-28 679936]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-04-25 87600]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-12 15928]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2011-01-12 14944]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 22:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 17:05]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 17:05]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902566424-2048678736-4064907230-1000Core.job
- c:\users\MichaelH\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 23:19]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902566424-2048678736-4064907230-1000UA.job
- c:\users\MichaelH\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 23:19]
.
2012-08-12 c:\windows\Tasks\HPCeeScheduleForMichaelH.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-04-23 22:31 232672 ----a-w- c:\users\MichaelH\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-04-23 22:31 232672 ----a-w- c:\users\MichaelH\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-04-23 22:31 232672 ----a-w- c:\users\MichaelH\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\MichaelH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\MichaelH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\MichaelH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\MichaelH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2012-03-15 18:17 226160 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2012-03-15 18:20 195440 ----a-w- c:\program files (x86)\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-12 57928]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local;localhost
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: line6.net
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
DPF: {EFDC8FA8-3A43-40AC-BBF4-DCE3B6F7B760} - hxxps://electronicdeposit.usbank.com/SimplyDeposit/V11/SCM/RDM/RDMDownloadAgent/20043/RDMDownloadAgent.CAB
FF - ProfilePath - c:\users\MichaelH\AppData\Roaming\Mozilla\Firefox\Profiles\4mhlk0pp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=18826&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
WebBrowser-{E4878B45-E2C0-4307-B6E8-734922F92F5B} - (no file)
WebBrowser-{FAC55604-21F0-4F11-9D36-F75351597812} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-AgencyPro for Windows - y:\apro\UNWISE.EXE
AddRemove-dBpoweramp AAC Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp AIFF Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP Windows Media Audio 9 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-RDM Scanner Control Manager - c:\windows\system32\Uninstall_RDMDownloadAgent.EXE
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-08-15 12:01:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 19:01
ComboFix2.txt 2012-08-13 22:37
.
Pre-Run: 366,304,948,224 bytes free
Post-Run: 365,933,035,520 bytes free
.
- - End Of File - - 1684DD44A12DA42241C63C4441A6650F

 

[Broni]

Looks good

Any current issues?

=================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[guitar1969]

I am back up and running but am having some problems still with MSE and windows update in general . It won't update the virus definitions -fails. I looked into it and it sounds as though I am now having issues with windows update - its failing on updates (and there's alot of them). Looking into it, I seem to be missing Background Intelligent Transfer Service(BTIS). I ran system file checker(SFC) and it didn't find anything wrong. I think Microsofts solution is to do a system restore to fix it but I am afraid to.

 

[Broni]

NO!
For now reinstall MSE.

 

[guitar1969]

I already tried reinstalling already - no luck

 

[Broni]

That's fine for now.
We'll check services in a moment.

Go ahead with MBAM and OTL.

 

[guitar1969]

MBM Log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.13.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
MichaelH :: MJHDESKTOP [administrator]
8/15/2012 2:14:35 PM
mbam-log-2012-08-15 (14-14-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246986
Time elapsed: 5 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[guitar1969]

OTL logfile created on: 8/15/2012 2:38:52 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\MichaelH\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 2.97 Gb Available Physical Memory | 51.64% Memory free
11.50 Gb Paging File | 8.60 Gb Available in Paging File | 74.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.06 Gb Total Space | 340.10 Gb Free Space | 58.23% Space Free | Partition Type: NTFS
Drive D: | 12.02 Gb Total Space | 2.18 Gb Free Space | 18.17% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 65.26 Gb Free Space | 21.89% Space Free | Partition Type: NTFS
Drive W: | 298.05 Gb Total Space | 214.41 Gb Free Space | 71.94% Space Free | Partition Type: NTFS
Drive X: | 686.93 Gb Total Space | 45.48 Gb Free Space | 6.62% Space Free | Partition Type: NTFS
Drive Y: | 298.05 Gb Total Space | 214.41 Gb Free Space | 71.94% Space Free | Partition Type: NTFS

Computer Name: MJHDESKTOP | User Name: MichaelH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 14:17:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\MichaelH\Desktop\OTL.exe
PRC - [2012/08/11 02:50:14 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/06/13 16:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/05/29 15:45:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\MichaelH\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/11/04 14:27:48 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/04/25 02:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 02:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/09/10 02:26:08 | 001,316,128 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe
PRC - [2009/09/10 01:53:10 | 000,027,736 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2009/09/10 01:48:50 | 000,113,752 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pplinks.exe
PRC - [2007/09/04 16:14:16 | 001,159,168 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/09/10 00:40:24 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Nuance\PaperPort\ssocrf.o32
MOD - [2007/06/26 21:27:18 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2007/05/16 09:45:18 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SecurityManager.dll
MOD - [2007/05/16 09:45:18 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PolicyCommon.dll
MOD - [2006/10/12 16:14:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll
MOD - [2005/07/08 12:36:40 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\f5bdkedr.dll
MOD - [2003/11/20 22:56:20 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\ssIplW7.dll
MOD - [2003/11/20 22:56:16 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\ssIpl.dll
MOD - [2003/04/21 15:19:42 | 000,856,064 | ---- | M] () -- C:\Windows\SSDriver\fi5110\fjiplW7.dll
MOD - [2003/04/21 15:19:40 | 000,020,480 | ---- | M] () -- C:\Windows\SSDriver\fi5110\fjipl.dll
MOD - [2003/03/26 19:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
MOD - [1996/12/19 14:24:26 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\F5BDKAKU.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/09/27 12:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/01/26 04:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010/11/20 05:24:50 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2009/12/03 20:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/07/17 06:31:34 | 004,948,992 | ---- | M] (Native Instruments GmbH) [Disabled | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:64bit: - [2009/07/13 18:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/13 18:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2012/07/30 14:54:37 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/12 14:17:33 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 14:17:24 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/05/29 15:45:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/15 11:24:36 | 000,029,552 | ---- | M] (Gladinet, INC) [Disabled | Stopped] -- C:\Program Files (x86)\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe -- (GladFileMonSvc)
SRV - [2011/12/06 14:00:14 | 000,214,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/11/04 14:27:48 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/06/30 13:25:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/01/11 19:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/20 04:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 04:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 04:18:04 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/04/28 00:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB21)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/10 01:42:44 | 000,142,424 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/08/24 13:22:27 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/21 04:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2008/02/08 07:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/01 23:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/12 14:17:25 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/09/01 23:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/01 23:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/01 23:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/25 01:49:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011/04/04 15:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/03/31 15:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/11 19:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/01/11 19:04:00 | 000,014,944 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\radpms.sys -- (radpms)
DRV:64bit: - [2011/01/11 19:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/11/20 05:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 05:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 03:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 03:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/16 15:01:32 | 000,047,616 | ---- | M] (ZOOM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zmghpau.sys -- (ZMGHPAudioSrv)
DRV:64bit: - [2010/04/01 15:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/10/30 13:39:54 | 000,460,864 | ---- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BUSB2902.sys -- (BEHRINGER_2902)
DRV:64bit: - [2009/10/30 13:39:54 | 000,049,728 | ---- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\busbwdm.sys -- (BUSB_AUDIO_WDM)
DRV:64bit: - [2009/07/31 01:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/10 03:18:08 | 000,073,216 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/11/02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2011/01/11 19:04:04 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/08/14 06:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 06:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{1A70C952-4CEC-479F-A9BF-6F5407FD2909}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{1CA63869-AD1D-4C4D-8863-ABB267EBCEDB}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\URLSearchHook: {fac55604-21f0-4f11-9d36-f75351597812} - C:\Program Files (x86)\www.roadrunner.com\prxtbwww0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{1A70C952-4CEC-479F-A9BF-6F5407FD2909}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{1CA63869-AD1D-4C4D-8863-ABB267EBCEDB}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.rr.com/?q={searchTerms}&cat=web&con=iesearchbox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\MichaelH\Documents\Downloaded Internet files
IE - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..\URLSearchHook: {fac55604-21f0-4f11-9d36-f75351597812} - C:\Program Files (x86)\www.roadrunner.com\prxtbwww0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..\SearchScopes\{1A70C952-4CEC-479F-A9BF-6F5407FD2909}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_en
IE - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1662155
IE - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local;localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: BitTorrent_WebUI@firefox.alexisbrunet.com:0.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: xpirftoolbar@roboform.com:2.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.1
FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:0.9
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=18826&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.1: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MichaelH\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MichaelH\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

 

[guitar1969]

I seem to be having issues getting the logs posted - forum keeps opening up a Post Reply window wanting me to attasch to previous post.

 

[guitar1969]

OTL continued 2:

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/03/09 16:49:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/30 14:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/29 18:25:05 | 000,000,000 | ---D | M]

[2010/06/10 14:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MichaelH\AppData\Roaming\Mozilla\Extensions
[2012/08/06 15:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MichaelH\AppData\Roaming\Mozilla\Firefox\Profiles\4mhlk0pp.default\extensions
[2012/01/06 16:22:09 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\MichaelH\AppData\Roaming\Mozilla\Firefox\Profiles\4mhlk0pp.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/07/10 11:51:47 | 000,000,000 | ---D | M] (www.roadrunner.com Community Toolbar) -- C:\Users\MichaelH\AppData\Roaming\Mozilla\Firefox\Profiles\4mhlk0pp.default\extensions\{fac55604-21f0-4f11-9d36-f75351597812}
[2012/06/19 16:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/10 11:29:19 | 000,006,796 | ---- | M] () (No name found) -- C:\USERS\MICHAELH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4MHLK0PP.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI
[2012/07/23 11:14:58 | 000,698,987 | ---- | M] () (No name found) -- C:\USERS\MICHAELH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4MHLK0PP.DEFAULT\EXTENSIONS\XPIRFTOOLBAR@ROBOFORM.COM.XPI
[2012/07/30 14:54:37 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011/04/25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011/04/25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011/04/25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/04/25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2011/06/09 17:00:16 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/19 16:17:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/19 16:17:00 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\MichaelH\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MichaelH\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MichaelH\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\MichaelH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\MichaelH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RoboForm Lite = C:\Users\MichaelH\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj\3.2.0_0\
CHR - Extension: Gmail = C:\Users\MichaelH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/15 11:53:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll (Google Inc.)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (www.roadrunner.com Toolbar) - {fac55604-21f0-4f11-9d36-f75351597812} - C:\Program Files (x86)\www.roadrunner.com\prxtbwww0.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFViewerPlus\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (www.roadrunner.com Toolbar) - {fac55604-21f0-4f11-9d36-f75351597812} - C:\Program Files (x86)\www.roadrunner.com\prxtbwww0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..\Toolbar\WebBrowser: (www.roadrunner.com Toolbar) - {FAC55604-21F0-4F11-9D36-F75351597812} - C:\Program Files (x86)\www.roadrunner.com\prxtbwww0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE (CANON INC.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [QuickBooksDB21] C:\Program Files (x86)\Intuit\QuickBooks 2010\QBDBMgrN.exe (Intuit, Inc.)
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\MichaelH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MichaelH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\MichaelH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: Arm-server ([]file in Local intranet)
O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: Athlonnas ([]file in Local intranet)
O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab (SyncXfer Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://usbdeposittraining.webex.com/client/WBXclient-T27L10NSP25-10481/event/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {EFDC8FA8-3A43-40AC-BBF4-DCE3B6F7B760} https://electronicdeposit.usbank.co...M/RDMDownloadAgent/20043/RDMDownloadAgent.CAB (CDownloadAgent Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B64AAB4B-7CEF-4D19-8876-73CE0DA17AB3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE51B6AC-712B-4B6B-B0C9-5613D4AE7F91}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

[guitar1969]

OTL Log - 3 - Final
========== Files/Folders - Created Within 30 Days ==========

[2012/08/15 14:16:55 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\MichaelH\Desktop\OTL.exe
[2012/08/15 12:31:33 | 000,000,000 | ---D | C] -- C:\Users\MichaelH\Desktop\Reset RMC
[2012/08/15 12:01:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/15 11:54:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/15 11:31:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/15 11:31:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/15 11:31:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/15 11:31:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/15 11:30:36 | 004,733,169 | R--- | C] (Swearware) -- C:\Users\MichaelH\Desktop\ComboFix.exe
[2012/08/14 18:20:16 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/14 14:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/14 14:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/13 16:59:22 | 000,000,000 | ---D | C] -- C:\Users\MichaelH\AppData\Local\Hewlett-Packard_Company
[2012/08/13 14:22:33 | 000,000,000 | ---D | C] -- C:\found.000
[2012/08/13 12:35:21 | 019,132,512 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\MichaelH\Desktop\SUPERAntiSpyware.exe
[2012/07/30 12:03:50 | 000,000,000 | ---D | C] -- C:\Users\MichaelH\Documents\Calibre Library
[2012/07/30 12:03:49 | 000,000,000 | ---D | C] -- C:\Users\MichaelH\AppData\Roaming\calibre
[2012/07/30 12:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2012/07/30 12:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012/07/30 11:55:20 | 000,000,000 | ---D | C] -- C:\Users\MichaelH\Documents\ePub DRM Removal
[2012/07/30 11:55:20 | 000,000,000 | ---D | C] -- C:\Users\MichaelH\AppData\Roaming\eBookConverter
[2012/07/30 11:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eBookConverter
[2012/07/30 10:44:32 | 000,000,000 | ---D | C] -- C:\Users\MichaelH\Documents\My Digital Editions
[2012/07/30 10:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/07/30 10:21:44 | 000,000,000 | ---D | C] -- C:\Users\MichaelH\AppData\Local\Kobo
[2012/07/30 10:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
[2012/07/30 10:19:59 | 000,000,000 | ---D | C] -- C:\Windows\tmp
[2012/07/30 10:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kobo
[2010/02/02 12:43:29 | 021,046,160 | ---- | C] (Sage Software ) -- C:\Users\MichaelH\AppData\Roaming\ACT1200HotFix_SS.exe
[2009/11/10 17:50:07 | 000,466,944 | ---- | C] (Author - Igor Vigdorchik) -- C:\Program Files (x86)\StickyNotes.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/15 14:34:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902566424-2048678736-4064907230-1000Core.job
[2012/08/15 14:34:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902566424-2048678736-4064907230-1000UA.job
[2012/08/15 14:28:13 | 000,000,194 | ---- | M] () -- C:\Users\MichaelH\Desktop\Quick Weight Loss Center's Diet - Page 3 - 3 Fat Chicks on a Diet Weight Loss Community General Diet Plans and Questions.url
[2012/08/15 14:17:17 | 000,000,217 | ---- | M] () -- C:\Users\MichaelH\Desktop\[Active] - Infected by Sirefef.AB Sirefef.W and Sirefef Virus - cannot begin removal process - TechSpot Forums.url
[2012/08/15 14:17:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\MichaelH\Desktop\OTL.exe
[2012/08/15 13:50:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 12:48:34 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 12:48:34 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 12:36:38 | 000,002,474 | ---- | M] () -- C:\Users\MichaelH\Desktop\Google Chrome.lnk
[2012/08/15 12:30:54 | 000,009,471 | ---- | M] () -- C:\Users\MichaelH\Desktop\ResetRmc.zip
[2012/08/15 12:29:35 | 001,245,312 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/15 12:29:35 | 000,982,214 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/15 12:29:35 | 000,241,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/15 12:14:10 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/15 12:13:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/15 12:13:19 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/15 12:07:41 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/15 11:54:00 | 000,000,358 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/15 11:53:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/14 14:50:07 | 001,245,092 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/14 12:17:05 | 000,000,127 | ---- | M] () -- C:\Users\MichaelH\Desktop\The Medano Beach Club Cabo - Cabo San Lucas, Baja, Mexico.url
[2012/08/13 18:01:22 | 000,000,173 | ---- | M] () -- C:\Users\MichaelH\Desktop\How to Install Windows 7 Without the Disc PCWorld.url
[2012/08/13 14:44:54 | 004,733,169 | R--- | M] (Swearware) -- C:\Users\MichaelH\Desktop\ComboFix.exe
[2012/08/13 13:45:55 | 000,000,437 | ---- | M] () -- C:\Windows\Spell.cfg
[2012/08/13 12:35:59 | 019,132,512 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\MichaelH\Desktop\SUPERAntiSpyware.exe
[2012/08/13 10:44:41 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/11 17:22:35 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMichaelH.job
[2012/08/10 17:59:53 | 000,000,160 | ---- | M] () -- C:\Users\MichaelH\Desktop\BuySpry.url
[2012/08/06 15:04:40 | 000,001,080 | ---- | M] () -- C:\Users\MichaelH\Documents\gpfax.adr
[2012/08/03 10:32:18 | 000,056,446 | ---- | M] () -- C:\Users\MichaelH\Desktop\Amended AI.JPG
[2012/08/02 17:48:16 | 000,000,051 | ---- | M] () -- C:\Users\MichaelH\Desktop\TegraZone - Download The Best Android Games For Your Tegra Device.URL
[2012/08/01 13:29:31 | 000,000,211 | ---- | M] () -- C:\Users\MichaelH\Desktop\Asus Transformer TF700 - xda-developers.url
[2012/07/31 10:18:04 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/07/30 16:15:52 | 000,000,016 | ---- | M] () -- C:\Users\MichaelH\Documents\gpfax.idx
[2012/07/30 12:03:17 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/07/30 10:21:01 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
[2012/07/18 16:19:00 | 000,071,109 | ---- | M] () -- C:\Users\MichaelH\Desktop\Canon copier router setting removed 7 18 12.JPG
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/15 14:28:13 | 000,000,194 | ---- | C] () -- C:\Users\MichaelH\Desktop\Quick Weight Loss Center's Diet - Page 3 - 3 Fat Chicks on a Diet Weight Loss Community General Diet Plans and Questions.url
[2012/08/15 14:17:17 | 000,000,217 | ---- | C] () -- C:\Users\MichaelH\Desktop\[Active] - Infected by Sirefef.AB Sirefef.W and Sirefef Virus - cannot begin removal process - TechSpot Forums.url
[2012/08/15 12:30:54 | 000,009,471 | ---- | C] () -- C:\Users\MichaelH\Desktop\ResetRmc.zip
[2012/08/15 11:31:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/15 11:31:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/15 11:31:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/15 11:31:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/15 11:31:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/14 14:50:18 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/14 12:17:05 | 000,000,127 | ---- | C] () -- C:\Users\MichaelH\Desktop\The Medano Beach Club Cabo - Cabo San Lucas, Baja, Mexico.url
[2012/08/13 18:01:22 | 000,000,173 | ---- | C] () -- C:\Users\MichaelH\Desktop\How to Install Windows 7 Without the Disc PCWorld.url
[2012/08/10 17:59:53 | 000,000,160 | ---- | C] () -- C:\Users\MichaelH\Desktop\BuySpry.url
[2012/08/03 10:32:18 | 000,056,446 | ---- | C] () -- C:\Users\MichaelH\Desktop\Amended AI.JPG
[2012/08/02 17:48:16 | 000,000,051 | ---- | C] () -- C:\Users\MichaelH\Desktop\TegraZone - Download The Best Android Games For Your Tegra Device.URL
[2012/07/31 12:19:09 | 000,000,211 | ---- | C] () -- C:\Users\MichaelH\Desktop\Asus Transformer TF700 - xda-developers.url
[2012/07/30 12:03:17 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/07/30 10:42:13 | 000,002,196 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/07/30 10:21:01 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk
[2012/07/18 17:41:28 | 000,001,080 | ---- | C] () -- C:\Users\MichaelH\Documents\gpfax.adr
[2012/07/18 17:41:28 | 000,000,016 | ---- | C] () -- C:\Users\MichaelH\Documents\gpfax.idx
[2012/07/18 16:18:43 | 000,071,109 | ---- | C] () -- C:\Users\MichaelH\Desktop\Canon copier router setting removed 7 18 12.JPG
[2012/07/02 17:58:28 | 000,001,493 | ---- | C] () -- C:\Users\MichaelH\.recently-used.xbel
[2012/06/12 16:56:22 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini
[2012/05/15 11:57:26 | 000,004,096 | -H-- | C] () -- C:\Users\MichaelH\AppData\Local\keyfile3.drm
[2012/04/11 10:18:46 | 000,000,060 | -H-- | C] () -- C:\Users\MichaelH\maxdesk.ini2
[2012/04/11 10:18:45 | 000,000,276 | -H-- | C] () -- C:\Users\MichaelH\PP11Thumbs.ptn
[2012/02/14 18:00:07 | 000,001,086 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp AIFF Codec.dat
[2011/11/29 19:27:28 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2011/11/16 18:32:52 | 000,003,024 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/11/04 17:37:17 | 000,003,232 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2011/10/31 12:46:42 | 000,325,520 | ---- | C] () -- C:\Windows\SysWow64\Uninstall_RDMDownloadAgent.exe
[2011/07/26 18:42:09 | 000,000,339 | ---- | C] () -- C:\Users\MichaelH\AppData\Roaming\ActUpdate.config
[2011/02/07 14:48:42 | 000,001,402 | RHS- | C] () -- C:\Users\MichaelH\ntuser.pol
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2011/01/04 14:55:59 | 000,001,940 | ---- | C] () -- C:\Users\MichaelH\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/29 15:40:22 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/11/17 12:12:32 | 000,590,336 | ---- | C] () -- C:\Windows\SysWow64\gtlib32.dll
[2010/11/17 12:12:32 | 000,450,560 | ---- | C] () -- C:\Windows\SysWow64\gtfnt32.dll
[2010/02/09 12:24:04 | 000,000,358 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/02 12:50:39 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/11/25 13:35:03 | 000,037,174 | ---- | C] () -- C:\Users\MichaelH\AppData\Roaming\Comma Separated Values (DOS).ADR
[2009/11/25 13:18:51 | 000,024,129 | ---- | C] () -- C:\Users\MichaelH\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/11/12 17:35:13 | 000,000,096 | -H-- | C] () -- C:\Users\MichaelH\AppData\Local\fusioncache.dat
[2009/11/09 18:11:36 | 000,007,605 | -H-- | C] () -- C:\Users\MichaelH\AppData\Local\resmon.resmoncfg

========== LOP Check ==========

[2012/08/14 13:59:29 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\.oit
[2011/12/29 19:51:24 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\ACCM Software
[2009/11/10 15:55:40 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\AccountantsWorld
[2011/04/13 11:49:01 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\ACT
[2009/11/30 12:12:20 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Amazon
[2012/05/22 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Audacity
[2011/03/30 16:11:52 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Avanquest
[2010/06/08 17:04:21 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\BOXEE
[2012/08/02 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\calibre
[2012/04/03 16:19:15 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Canon
[2010/04/21 16:26:01 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\com.constantcontact.add.to.constant.contact.93436992F81E3F56888A803A704436FF5667EB0D.1
[2011/05/19 10:12:52 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\CompanionLink
[2010/03/02 10:24:10 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\dBpoweramp
[2012/08/15 14:45:06 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Dropbox
[2012/07/30 11:55:20 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\eBookConverter
[2009/12/18 12:59:38 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\FileZilla
[2012/05/29 13:59:15 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Fujitsu
[2012/08/14 09:53:39 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\GoodSync
[2012/07/02 17:58:28 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\gtk-2.0
[2012/01/05 16:11:51 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Guitar Pro 6
[2010/12/06 17:53:17 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\HandBrake
[2012/04/10 18:29:40 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\ICAClient
[2011/04/22 16:00:14 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\ImgBurn
[2010/02/02 12:50:38 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\IsolatedStorage
[2011/11/29 19:25:42 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Leadertech
[2012/06/12 17:07:02 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Line 6
[2011/07/27 12:45:10 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Lone Wolf Software
[2012/01/10 18:17:18 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Motorola
[2010/03/01 19:39:34 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Mp3tag
[2012/07/27 17:13:37 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\MyPhoneExplorer
[2010/01/12 16:24:10 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Nofeel FTP Server
[2010/02/09 12:25:36 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Nuance
[2011/11/30 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\PFU
[2009/11/04 16:39:49 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\PictureMover
[2011/03/30 16:59:31 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Serif
[2009/11/06 12:10:16 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Song Surgeon
[2012/05/29 13:59:17 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\uTorrent
[2011/10/27 14:00:10 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\webex
[2009/11/13 17:45:40 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\WinBatch
[2010/02/09 12:22:20 | 000,000,000 | ---D | M] -- C:\Users\MichaelH\AppData\Roaming\Zeon
[2012/07/31 10:18:04 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/01/06 14:06:51 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B9FB94D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:01C66DD9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:ADCAEB69
< End of report >

 

[guitar1969]

OTL Extras logfile created on: 8/15/2012 2:38:55 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\MichaelH\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 2.97 Gb Available Physical Memory | 51.64% Memory free
11.50 Gb Paging File | 8.60 Gb Available in Paging File | 74.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.06 Gb Total Space | 340.10 Gb Free Space | 58.23% Space Free | Partition Type: NTFS
Drive D: | 12.02 Gb Total Space | 2.18 Gb Free Space | 18.17% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 65.26 Gb Free Space | 21.89% Space Free | Partition Type: NTFS
Drive W: | 298.05 Gb Total Space | 214.41 Gb Free Space | 71.94% Space Free | Partition Type: NTFS
Drive X: | 686.93 Gb Total Space | 45.48 Gb Free Space | 6.62% Space Free | Partition Type: NTFS
Drive Y: | 298.05 Gb Total Space | 214.41 Gb Free Space | 71.94% Space Free | Partition Type: NTFS

Computer Name: MJHDESKTOP | User Name: MichaelH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1902566424-2048678736-4064907230-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.js [@ = jsfile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files (x86)\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files (x86)\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2B91C4AF-2EBB-49C9-89B7-5DA8F5432C8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{61690F8D-5079-4AA7-8AFB-DE05B6D3CFD1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{EEB02820-EFF3-467F-8C46-2C744131B4CC}C:\users\michaelh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\michaelh\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A3E94035-259F-4DE0-9C05-22962420E23E}C:\users\michaelh\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\michaelh\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B1AFCC6-491F-11DF-BD7A-00269E8DC781}" = G-Series_ASIO64
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{467D4F46-B75D-4E9F-B710-D933D687B9BD}" = PDF Creator Pilot 4.3 x64 Edition
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Guitar Rig Session IO Driver
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D6FFBF8C-12C5-4336-AEE8-7DFF190001F8}" = Nuance PDF Viewer Plus
"{DB3D2C81-EF11-4b1f-9B55-3959AEE09E55}" = Canon MF8300C Series
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agency Software Printer(x64)_is1" = Agency Software Printer (x64) 1.0
"CCleaner" = CCleaner
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"sp6" = Logitech SetPoint 6.32
"USB_AUDIO_DEusb-audio.deBehringer2902" = BEHRINGER USB AUDIO DRIVER
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02DA3CBC-6F22-4917-9629-C758D94BD725}" = Constant Contact QuickImport v2 for Outlook
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{04E54838-9F21-4615-8CF1-ACC7CF41008B}" = PDF Thumbnail View
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE73D3C-B5AF-11E1-933A-984BE15F174E}" = Evernote v. 4.5.7
"{0C262D84-FFA4-4621-8ED7-41F8287369F5}" = Google Apps Migration For Microsoft Outlook® 2.3.12.34
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{229768B1-C90F-45AA-90DC-D20CDE2789F7}_is1" = Remove All Duplicates for Outlook
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{4241BD9F-55F1-43B5-8694-DBC9C596F175}" = Web Easy Professional
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C0856B6-6260-4952-8FF5-C79C3FD3AA44}" = e-Sword
"{5E903AAE-A6E7-4972-B74C-E38663E69540}" = Google Apps Sync™ for Microsoft Outlook® 3.1.94.203
"{65DA7F79-053F-40F9-A7B9-942532E60A15}" = ZOOM Edit&Share Windows
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf12
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EACD74C-147F-478C-9389-F9F52EE3C88A}" = LightScribe System Software
"{7FEFAD2B-CD9B-478F-8AD4-4A9B54FB786D}" = Prish Image Resizer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85585209-F2B2-4648-BC02-CD6D28600E60}" = ClickFax
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Ultra Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1CF7F3-626D-4D92-8AAB-FB52303C71B8}" = Postalsoft Business Edition 8.00c.01
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A698EB06-2226-D401-6E30-49AC5E025DCF}" = Contact Capture Tool
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_941" = Adobe Acrobat 9.4.1 - CPSID_83708
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{B134C46E-298F-4843-B3C4-A86DF7D27D9A}" = Contact Wolf
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B5A15233-31EC-4D6B-9EC5-D1116B238160}" = Jamorama Chordinator
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B7827207-E3D8-4A3D-B13F-D41B497F5017}" = Gladinet Cloud Desktop
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D16AA51D-2BE9-421A-84A7-759578E64A74}" = Web Easy Professional 7
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder V3.2
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B33E1E-9C0C-49A9-83A1-292DB457B7AB}" = Nuance PaperPort 12
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F833B666-1D46-4C21-8A2F-DF2080995741}" = calibre
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FCC71C18-1128-11D5-8B89-0090CC00846B}" = Canon Cover Sheet Editor
"{FDC8065B-80DE-4466-B90B-2581F6D77DFF}" = Image Plugin
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Accurate Outlook Duplicate Remover_is1" = Accurate Outlook Duplicate Remover 1.0
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AgencyPro for Windows" = AgencyPro for Windows
"AI RoboForm" = AI RoboForm (All Users)
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.6
"ASIO4ALL" = ASIO4ALL
"ATT-PRT22" = ATT-PRT22
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BOXEE" = Boxee
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.constantcontact.add.to.constant.contact.93436992F81E3F56888A803A704436FF5667EB0D.1" = Contact Capture Tool
"conduitEngine" = Conduit Engine
"Creative Centrale" = Creative Centrale
"dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
"dBpoweramp AAC Encoder" = dBpoweramp AAC Encoder
"dBpoweramp AIFF Codec" = dBpoweramp AIFF Codec
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBPoweramp tooLame MP2 codec" = dBPoweramp tooLame MP2 codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"dBpowerAMP Windows Media Audio 9 Codec" = dBpowerAMP Windows Media Audio 9 Codec
"Digital Editions" = Adobe Digital Editions
"DVD Flick_is1" = DVD Flick 1.3.0.7
"FileZilla Client" = FileZilla Client 3.3.0.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Handbrake" = Handbrake 0.9.4
"Homepage Protection" = Homepage Protection
"HP Remote Solution" = HP Remote Solution
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Kobo" = Kobo
"Line 6 Uninstaller" = Line 6 Uninstaller
"LinkedIn Outlook Connector" = LinkedIn Outlook Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Minolta Twain Driver" = Minolta Twain Driver
"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.46a
"MPE" = MyPhoneExplorer
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Guitar Rig Session IO Driver" = Native Instruments Guitar Rig Session IO Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Neevia docCreator Lite_is1" = docCreator v3.5
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"outlookset" = Outlook Setup Tool
"PDFZilla_is1" = PDFZilla V1.2.9
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.328
"RDM Scanner Control Manager" = RDM Scanner Control Manager
"sfArk" = sfArk
"Song Surgeon_is1" = Song Surgeon 2.0.0.2
"Transcribe!_is1" = Transcribe! 8.00
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip
"www.roadrunner.com Toolbar" = www.roadrunner.com Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

 

[guitar1969]

Extras Log file 2 -final
========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1902566424-2048678736-4064907230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"18f0c1efa898a424" = SmartLink
"Dropbox" = Dropbox
"f58cbb372ebb2ec8" = Media Center Studio
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.452
"JoinMe" = join.me
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/15/2012 4:41:55 PM | Computer Name = MJHDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2012 4:41:55 PM | Computer Name = MJHDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2012 4:41:56 PM | Computer Name = MJHDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2012 4:41:56 PM | Computer Name = MJHDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2012 4:41:57 PM | Computer Name = MJHDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2012 4:42:03 PM | Computer Name = MJHDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2012 4:42:03 PM | Computer Name = MJHDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2012 4:42:04 PM | Computer Name = MJHDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2012 4:42:05 PM | Computer Name = MJHDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2012 4:42:05 PM | Computer Name = MJHDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2012 4:42:06 PM | Computer Name = MJHDESKTOP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Hewlett-Packard Events ]
Error - 10/11/2010 8:19:47 PM | Computer Name = MJH-Desktop | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 1/20/2011 2:37:33 PM | Computer Name = MJH-Desktop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 3/31/2011 1:27:17 PM | Computer Name = MJH-Desktop | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 4/8/2011 1:08:17 PM | Computer Name = MJHDESKTOP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 4/14/2011 1:12:42 PM | Computer Name = MJHDESKTOP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 2/16/2012 2:01:34 PM | Computer Name = MJHDESKTOP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 3/22/2012 1:56:22 PM | Computer Name = MJHDESKTOP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 3/29/2012 1:25:42 PM | Computer Name = MJHDESKTOP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 4/26/2012 1:17:28 PM | Computer Name = MJHDESKTOP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 5/3/2012 1:37:44 PM | Computer Name = MJHDESKTOP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

[ Media Center Events ]
Error - 6/9/2010 4:17:07 PM | Computer Name = MJH-Desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApi.Set failed (LogId=272); Win32 GetLastError
returned 10000A08 &#xA;Process: DefaultDomain&#xA;Object Name: Media Center Guide&#xA;

Error - 6/9/2010 4:17:07 PM | Computer Name = MJH-Desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApi.Set failed (LogId=273); Win32 GetLastError
returned 10000A08 &#xA;Process: DefaultDomain&#xA;Object Name: Media Center Guide&#xA;

Error - 6/9/2010 4:17:07 PM | Computer Name = MJH-Desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApi.Set failed (LogId=230); Win32 GetLastError
returned 10000A08 &#xA;Process: DefaultDomain&#xA;Object Name: Media Center Guide&#xA;

Error - 6/9/2010 4:17:07 PM | Computer Name = MJH-Desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApi.SetMachineId failed; Win32 GetLastError
returned 10000A08 &#xA;Process: DefaultDomain&#xA;Object Name: Media Center Guide&#xA;

Error - 6/9/2010 4:17:07 PM | Computer Name = MJH-Desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApi.SetUserId failed; Win32 GetLastError returned
10000A08 &#xA;Process: DefaultDomain&#xA;Object Name: Media Center Guide&#xA;

Error - 6/9/2010 4:17:07 PM | Computer Name = MJH-Desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApi.TimerRecord failed (LogId=28); Win32 GetLastError
returned 10000A08 &#xA;Process: DefaultDomain&#xA;Object Name: Media Center Guide&#xA;

Error - 6/9/2010 4:17:07 PM | Computer Name = MJH-Desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApi.Set failed (LogId=58); Win32 GetLastError
returned 10000A08 &#xA;Process: DefaultDomain&#xA;Object Name: Media Center Guide&#xA;

Error - 6/9/2010 4:17:08 PM | Computer Name = MJH-Desktop | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApi.Set failed (LogId=30); Win32 GetLastError
returned 10000A08 &#xA;Process: DefaultDomain&#xA;Object Name: Media Center Guide&#xA;

Error - 1/4/2012 4:26:42 PM | Computer Name = MJHDESKTOP | Source = MCUpdate | ID = 0
Description = 12:26:42 PM - Error connecting to the internet. 12:26:42 PM - Unable
to contact server..

Error - 1/4/2012 4:26:52 PM | Computer Name = MJHDESKTOP | Source = MCUpdate | ID = 0
Description = 12:26:47 PM - Error connecting to the internet. 12:26:47 PM - Unable
to contact server..

[ System Events ]
Error - 8/15/2012 3:11:04 PM | Computer Name = MJHDESKTOP | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 8/15/2012 3:11:04 PM | Computer Name = MJHDESKTOP | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 8/15/2012 3:14:06 PM | Computer Name = MJHDESKTOP | Source = Service Control Manager | ID = 7000
Description = The SQL Server (ACT7) service failed to start due to the following
error: %%5

Error - 8/15/2012 3:14:09 PM | Computer Name = MJHDESKTOP | Source = Service Control Manager | ID = 7024
Description = The SQL Server Active Directory Helper service terminated with service-specific
error %%-1073741724.

Error - 8/15/2012 3:16:59 PM | Computer Name = MJHDESKTOP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.2038.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 8/15/2012 3:16:59 PM | Computer Name = MJHDESKTOP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.2038.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 8/15/2012 3:20:50 PM | Computer Name = MJHDESKTOP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.2038.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 8/15/2012 3:20:50 PM | Computer Name = MJHDESKTOP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.2038.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 8/15/2012 3:35:13 PM | Computer Name = MJHDESKTOP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.2038.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 8/15/2012 3:35:13 PM | Computer Name = MJHDESKTOP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.2038.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.



< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local;localhost
  O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No CLSID value found.
  O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
  O15 - HKLM\..Trusted Domains: travelers.com ([]http in Trusted sites)
  O15 - HKLM\..Trusted Domains: travelers.com ([]https in Trusted sites)
  O15 - HKLM\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
  O15 - HKLM\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
  O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: Arm-server ([]file in Local intranet)
  O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: Athlonnas ([]file in Local intranet)
  O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: line6.net ([]* in Trusted sites)
  O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: travelers.com ([]http in Trusted sites)
  O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: travelers.com ([]https in Trusted sites)
  O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
  O15 - HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
  [2012/08/14 18:20:16 | 000,000,000 | ---D | C] -- C:\FRST
  @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B9FB94D
  @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:01C66DD9
  @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:ADCAEB69
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=======================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[guitar1969]

All processes killed
========== OTL ==========
HKU\S-1-5-21-1902566424-2048678736-4064907230-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\travelers.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\travelers.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\travelerspc.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\travelerspc.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1902566424-2048678736-4064907230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\Arm-server\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1902566424-2048678736-4064907230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\Athlonnas\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1902566424-2048678736-4064907230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\line6.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1902566424-2048678736-4064907230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\travelers.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1902566424-2048678736-4064907230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\travelers.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1902566424-2048678736-4064907230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\travelerspc.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1902566424-2048678736-4064907230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\travelerspc.com\ not found.
C:\FRST\Quarantine\{04417e74-57b3-e299-ec87-8a820c01d0ca}\{04417e74-57b3-e299-ec87-8a820c01d0ca}\U folder moved successfully.
C:\FRST\Quarantine\{04417e74-57b3-e299-ec87-8a820c01d0ca}\{04417e74-57b3-e299-ec87-8a820c01d0ca}\L folder moved successfully.
C:\FRST\Quarantine\{04417e74-57b3-e299-ec87-8a820c01d0ca}\{04417e74-57b3-e299-ec87-8a820c01d0ca} folder moved successfully.
C:\FRST\Quarantine\{04417e74-57b3-e299-ec87-8a820c01d0ca}\U folder moved successfully.
C:\FRST\Quarantine\{04417e74-57b3-e299-ec87-8a820c01d0ca} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
ADS C:\ProgramData\Temp:0B9FB94D deleted successfully.
ADS C:\ProgramData\Temp:01C66DD9 deleted successfully.
ADS C:\ProgramData\Temp:ADCAEB69 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: MichaelH
->Temp folder emptied: 57703427 bytes
->Temporary Internet Files folder emptied: 120003860 bytes
->Java cache emptied: 146335 bytes
->FireFox cache emptied: 452569007 bytes
->Google Chrome cache emptied: 12955537 bytes
->Flash cache emptied: 138567 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1137711 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 615.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Classic .NET AppPool

User: Default

User: Default User

User: DefaultAppPool

User: MichaelH
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Classic .NET AppPool

User: Default

User: Default User

User: DefaultAppPool

User: MichaelH
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08152012_162209
Files\Folders moved on Reboot...
C:\Users\MichaelH\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\MichaelH\AppData\Local\Temp\~DF0597CAADF0B9DCFB.TMP not found!
File\Folder C:\Users\MichaelH\AppData\Local\Temp\~DF28AE54AD5B41C6E3.TMP not found!
File\Folder C:\Users\MichaelH\AppData\Local\Temp\~DF42FD84C400B5E698.TMP not found!
File\Folder C:\Users\MichaelH\AppData\Local\Temp\~DF8B01FCE7888021F1.TMP not found!
File\Folder C:\Users\MichaelH\AppData\Local\Temp\~DFB1B0B4F96B131FD6.TMP not found!
File\Folder C:\Users\MichaelH\AppData\Local\Temp\~DFD8A691E3C718B935.TMP not found!
C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{63255AFF-09CD-4E8B-B71F-433D320F270C}.tmp moved successfully.
C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2B525EAA-31F6-47C7-A3C8-1C6CDEFEA435}.tmp moved successfully.
File\Folder C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{855A5988-9386-47C6-8B44-29D281944EBA}.tmp not found!
File\Folder C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C2E91114-5839-4478-ADF2-E8C16A0D17F1}.tmp not found!
C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E3808452-9C6C-46D2-BBB5-A2AB6BD92D6D}.tmp moved successfully.
C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E8549B87-1D38-4607-A823-25BAB2970360}.tmp moved successfully.
File\Folder C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\15B79808.jpg not found!
File\Folder C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WRX7GFUF\getAds[1].htm not found!
File\Folder C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WRX7GFUF\google_com[1].htm not found!
C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P24G8YJ8\qseg[1].htm moved successfully.
File\Folder C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPQC2HBN\ebrss[3].htm not found!
File\Folder C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPQC2HBN\getAds[1].htm not found!
File\Folder C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPQC2HBN\getAds[2].htm not found!
C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPQC2HBN\pass[3].htm moved successfully.
C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZKX2CLR\component[1].html moved successfully.
File\Folder C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZKX2CLR\ebrss[1].htm not found!
File\Folder C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZKX2CLR\view[1].htm not found!
C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
PendingFileRenameOperations files...
File C:\Users\MichaelH\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\MichaelH\AppData\Local\Temp\~DF0597CAADF0B9DCFB.TMP not found!
File C:\Users\MichaelH\AppData\Local\Temp\~DF28AE54AD5B41C6E3.TMP not found!
File C:\Users\MichaelH\AppData\Local\Temp\~DF42FD84C400B5E698.TMP not found!
File C:\Users\MichaelH\AppData\Local\Temp\~DF8B01FCE7888021F1.TMP not found!
File C:\Users\MichaelH\AppData\Local\Temp\~DFB1B0B4F96B131FD6.TMP not found!
File C:\Users\MichaelH\AppData\Local\Temp\~DFD8A691E3C718B935.TMP not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{63255AFF-09CD-4E8B-B71F-433D320F270C}.tmp not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2B525EAA-31F6-47C7-A3C8-1C6CDEFEA435}.tmp not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{855A5988-9386-47C6-8B44-29D281944EBA}.tmp not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C2E91114-5839-4478-ADF2-E8C16A0D17F1}.tmp not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E3808452-9C6C-46D2-BBB5-A2AB6BD92D6D}.tmp not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E8549B87-1D38-4607-A823-25BAB2970360}.tmp not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\15B79808.jpg not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WRX7GFUF\getAds[1].htm not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WRX7GFUF\google_com[1].htm not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P24G8YJ8\qseg[1].htm not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPQC2HBN\ebrss[3].htm not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPQC2HBN\getAds[1].htm not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPQC2HBN\getAds[2].htm not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPQC2HBN\pass[3].htm not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZKX2CLR\component[1].html not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZKX2CLR\ebrss[1].htm not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZKX2CLR\view[1].htm not found!
File C:\Users\MichaelH\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!
Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.44
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 24
Java(TM) 6 Update 20
Java version out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.77
Google Chrome 21.0.1180.79
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
Farbar Service Scanner Version: 06-08-2012
Ran by MichaelH (administrator) on 15-08-2012 at 19:09:22
Running from "X:\"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

ESET Log:
C:\Documents and Settings\MichaelH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\693d9ca-2f80df87 Java/Agent.EA trojan deleted - quarantined
C:\Documents and Settings\MichaelH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\49bc93d6-38bb6565 multiple threats deleted - quarantined
C:\Documents and Settings\MichaelH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\199e94e6-45095294 Java/Agent.EA trojan deleted - quarantined
C:\Documents and Settings\MichaelH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\17f8dc74-7ca11514 a variant of Java/Exploit.CVE-2009-2843.B trojan deleted - quarantined
C:\Documents and Settings\MichaelH\Documents\HTPC stuff 2010\Acer 1800 Bios Update\ACER_Aspire_1800-Acer-2.90.rar a variant of Win32/Packed.FlyStudio application deleted - quarantined
C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.05.2012_17.12.34\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\MichaelH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\9732b5d-63cdde49 Java/Exploit.Agent.NBI trojan deleted - quarantined

 

[Broni]

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

=====================================

We have one corrupted registry key affecting Windows updates.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on bits.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

 

[guitar1969]

I have not deleted the quarantined items in ESET yet.

The only other issues I am experiencing is:

My system sometimes is not booting up into Windows (happened a bit through the cleaning process as well)- gets stuct at a black screen with a blinking cursor in the upper left hand corner. If I repower up the system at that point it will then load into Windows .

stil;l can't update MSE and Windows Update is no longer working - I think it is tied to that service BTIS that seems to have gone missing.

Thanks for all your help.

Michael

 

[guitar1969]

Wow that was a quick response - I will do your lastpost items now.

 

[Broni]

You can delete Eset quarantined files.

Windows updates issue should be solved after running the above fix.

My system sometimes is not booting up into Windows (happened a bit through the cleaning process as well)- gets stuct at a black screen with a blinking cursor in the upper left hand corner. If I repower up the system at that point it will then load into Windows .

That would be a subject to a different forum.