Solved Windows has encountered a critical problem and will restart automatically in one minute. Please save

Mattk11 · Aug 2, 2012

I am running Windows 7 on my old HP laptop and have not had any problems with it at all until now. Yesterday I noticed that a Norton anti virus window would pop up and tell me I had problems and I should download and buy their software to fix it. I already had Windows Security Essentials but it wasn't turned on. I tried to activate WSE but it wouldn't work so I uninstalled it, then I uninstalled the Norton that mysteriously appeared on my laptop. Then I redownloaded Microsoft Security Essentials and tried to activate it. When it started, I got this message:

Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now.

I looked at the pinned directions, but I'm not able to start anything or scan anything because my laptop just automatically restarts before I can do anything.

I've tried hitting F8 and chose "Disable automatic restart" but I still got the error. Then I hit F8 and chose safe mode but still got the message.

Not sure what to do because I cannot run a scan or keep it from restarting.

Thanks

Broni · Aug 2, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

Mattk11 · Aug 3, 2012

I downloaded and saved the 32 bit version of frst to my memory stick. I used the advance boot options. After running notepad, I discovered that the memory stick is the "F" drive. I followed these instructions exactly and when I put in the F:\frst.exe I get a message back that says:

The subsystem needed to support thisimage type is not present.

I was unable to enter this set-up using the Win7 disk.

Mattk11 · Aug 3, 2012

Wait, using the 64 bit version is working...............

Mattk11 · Aug 3, 2012

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 03-08-2012 09:45:52
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [] [x]
HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [120320 2007-09-14] (Synaptics, Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\MattK\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-18] (Google Inc.)
HKU\MattK\...\Run: [Google Update] "C:\Users\MattK\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-21] (Google Inc.)
HKU\MattK\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17417904 2012-07-03] (Skype Technologies S.A.)
HKU\MattK\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\MattK\...\Run: [AdobeBridge] [x]
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
==================== Services (Whitelisted) ======
2 AEADIFilters; C:\Windows\System32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
2 Irmon; C:\Windows\System32\irmon.dll [23552 2009-07-13] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 NfsClnt; C:\Windows\System32\nfsclnt.exe [65536 2010-11-20] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
3 StumbleUponUpdateService; "C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe" [105672 2011-09-30] (stumbleupon.com)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [402432 2008-04-24] (Analog Devices, Inc.)
2 irda; C:\Windows\System32\Drivers\irda.sys [120320 2009-07-13] (Microsoft Corporation)
3 NfsRdr; C:\Windows\System32\Drivers\NfsRdr.sys [246272 2010-11-20] (Microsoft Corporation)
3 RpcXdr; C:\Windows\System32\Drivers\RpcXdr.sys [104960 2010-11-20] (Microsoft Corporation)
3 SMSCIRDA; C:\Windows\System32\DRIVERS\SMSCir64.sys [37760 2007-04-25] (SMSC)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-08-03 09:39 - 2012-08-03 09:39 - 00000000 ____D C:\FRST
2012-08-03 06:25 - 2012-08-03 06:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAEACAAFE787C68F
2012-08-03 06:25 - 2012-08-03 06:25 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sxflhouo.sys
2012-08-03 06:22 - 2012-08-03 06:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E4F39965E21C7F6
2012-08-03 06:18 - 2012-08-03 06:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9111BA2FA11C53DA
2012-08-03 06:12 - 2012-08-03 06:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E3988DAD57C33C2
2012-08-03 05:54 - 2012-08-03 05:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.83D86AA65D2882DA
2012-08-02 04:05 - 2012-08-02 04:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7AFBF99538297A81
2012-08-02 03:44 - 2012-08-02 03:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B03314A53CAC5343
2012-08-02 03:41 - 2012-08-02 03:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB9502B747DD947F
2012-08-02 03:38 - 2012-08-02 03:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.283098B65BFCCD7F
2012-08-02 03:34 - 2012-08-02 03:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DE19A90C14592CB
2012-08-02 03:32 - 2012-08-02 03:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.33EF03CA7700BD56
2012-08-02 03:29 - 2012-08-02 03:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AA9E80FB5FA9C79
2012-08-02 03:27 - 2012-08-02 03:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A37297B7AFB3740
2012-08-02 03:24 - 2012-08-02 03:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.321B547DF6B81C41
2012-08-02 03:21 - 2012-08-02 03:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52D1F4A13FB07749
2012-08-02 03:18 - 2012-08-02 03:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE732EBEDF684671
2012-08-02 03:16 - 2012-08-02 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9E2067CFB24A51B
2012-08-02 03:13 - 2012-08-02 03:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5BC22F3B63249298
2012-08-02 03:11 - 2012-08-02 03:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F59426F21092A259
2012-08-02 03:08 - 2012-08-02 03:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D79C72E3A81AB659
2012-08-02 03:05 - 2012-08-02 03:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D09342258975EEDF
2012-08-02 03:02 - 2012-08-02 03:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B3BA0D3DBD2FCD8
2012-08-02 02:59 - 2012-08-02 02:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FB7481F667A2F54
2012-08-02 02:56 - 2012-08-02 02:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.687214882F642C44
2012-08-02 02:50 - 2012-08-02 02:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A389346A41C4B6B
2012-08-02 02:47 - 2012-08-02 02:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E20DEE647728EEB
2012-08-02 02:45 - 2012-08-02 02:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3AF53DD9B06B235
2012-08-02 02:42 - 2012-08-02 02:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.528D5DA1D14332DE
2012-08-02 02:39 - 2012-08-02 02:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9DC33A5A0FBA1369
2012-08-02 02:37 - 2012-08-02 02:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AEEB722910C84175
2012-08-02 02:34 - 2012-08-02 02:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B0C99CD8B6EB29C4
2012-08-02 02:31 - 2012-08-02 02:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5960297848E68FC5
2012-08-02 02:29 - 2012-08-02 02:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.39DE16FD8384686D
2012-08-02 02:26 - 2012-08-02 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BAA367B6B64571F1
2012-08-02 02:24 - 2012-08-02 02:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B27628944C12F703
2012-08-02 02:18 - 2012-08-02 02:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D29FC9E61EB1B7C6
2012-08-02 02:15 - 2012-08-02 02:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1D4ED5D66D65413
2012-08-02 02:13 - 2012-08-02 02:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24DE82605635B81B
2012-08-02 02:10 - 2012-08-02 02:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E41E037F0AFCCD4A
2012-08-02 02:08 - 2012-08-02 02:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.122A5E1E54AE5ED2
2012-08-02 02:05 - 2012-08-02 02:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9742DC30B0311E00
2012-08-02 02:03 - 2012-08-02 02:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7159B463D1C5FE20
2012-08-02 02:00 - 2012-08-02 02:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A525FB6F6319F7EF
2012-08-02 01:57 - 2012-08-02 01:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96C3E4BA915F702E
2012-08-02 01:54 - 2012-08-02 01:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D64EF27F40D682F7
2012-08-02 01:51 - 2012-08-02 01:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C4985E93A8A5F674
2012-08-02 01:49 - 2012-08-02 01:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA1735DDB584FAEB
2012-08-02 01:40 - 2012-08-02 01:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59A2A60A6311803B
2012-08-02 01:38 - 2012-08-02 01:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A4AC2A8C91DAD65
2012-08-02 01:35 - 2012-08-02 01:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BABD326F42F07624
2012-08-02 01:32 - 2012-08-02 01:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.425385496B36D13E
2012-08-02 01:29 - 2012-08-02 01:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14523C6E8170B64D
2012-08-02 01:26 - 2012-08-02 01:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D011AA9C2F1DDA6D
2012-08-02 01:23 - 2012-08-02 01:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE650F1C034B2962
2012-08-02 01:21 - 2012-08-02 01:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F152D54FEA96A54
2012-08-02 01:18 - 2012-08-02 01:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EEE1C5962E7C7D18
2012-08-02 01:15 - 2012-08-02 01:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB12AAECC3C0573
2012-08-02 01:13 - 2012-08-02 01:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.732D2908EB80F490
2012-08-02 01:10 - 2012-08-02 01:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AD311E264369345
2012-08-02 01:07 - 2012-08-02 01:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7603D803F7FF7E95
2012-08-02 01:04 - 2012-08-02 01:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3D0C0BD1DAEDC287
2012-08-02 01:02 - 2012-08-02 01:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FAA53174069E117
2012-08-02 00:56 - 2012-08-02 00:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAAEA68937437AC0
2012-08-02 00:43 - 2012-08-02 00:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.164D00AEC9A7F87D
2012-08-02 00:40 - 2012-08-02 00:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07E46FBBB0F23A63
2012-08-02 00:37 - 2012-08-02 00:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3CFA7F46FE59DF4A
2012-08-02 00:35 - 2012-08-02 00:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34E6064420F94D8E
2012-08-02 00:32 - 2012-08-02 00:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4557614E7FBCA38F
2012-08-02 00:28 - 2012-08-02 00:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE447090B88B6140
2012-08-02 00:26 - 2012-08-02 00:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9FC033005D9CEB7
2012-08-02 00:23 - 2012-08-02 00:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78C93B32663A461C
2012-08-02 00:20 - 2012-08-02 00:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FB51642D65A6AED
2012-08-02 00:18 - 2012-08-02 00:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16E0FC74C1EC0332
2012-08-02 00:15 - 2012-08-02 00:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CFB6835567BB57F
2012-08-02 00:12 - 2012-08-02 00:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.661AAECD479867FC
2012-08-02 00:09 - 2012-08-02 00:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.92CA104CB6B20223
2012-08-02 00:06 - 2012-08-02 00:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DD94C9B17A66FAF
2012-08-02 00:04 - 2012-08-02 00:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16686CF02F23027F
2012-08-02 00:01 - 2012-08-02 00:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4167AE9B0C050290
2012-08-01 23:59 - 2012-08-01 23:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03B273584CB58979
2012-08-01 23:55 - 2012-08-01 23:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.614D4E9243E4F92E
2012-08-01 23:52 - 2012-08-01 23:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3C8733D05F8DD51
2012-08-01 23:49 - 2012-08-01 23:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D00D5357E4AF8B1E
2012-08-01 23:46 - 2012-08-01 23:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4BAA7E4BFE0AAC59
2012-08-01 23:44 - 2012-08-01 23:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F84FFDFFC6BCA91
2012-08-01 23:41 - 2012-08-01 23:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.611F6DF78FECF8DF
2012-08-01 23:36 - 2012-08-01 23:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F8E5CB9A7BE3B96
2012-08-01 23:33 - 2012-08-01 23:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85EA4C9C0FF97D4A
2012-08-01 23:31 - 2012-08-01 23:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3363AA46023FF692
2012-08-01 23:29 - 2012-08-01 23:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA9C0FF669B88EC4
2012-08-01 23:26 - 2012-08-01 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D5FA15A6BD25007
2012-08-01 23:22 - 2012-08-01 23:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCB91B31723180D6
2012-08-01 23:19 - 2012-08-01 23:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C40C90D8BD647F6F
2012-08-01 23:17 - 2012-08-01 23:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C420B175B33DAD4
2012-08-01 23:15 - 2012-08-01 23:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADD49242DC72885E
2012-08-01 23:12 - 2012-08-01 23:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF6AA2BDD1925292
2012-08-01 23:10 - 2012-08-01 23:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3840E6DC9293A846
2012-08-01 23:07 - 2012-08-01 23:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5913E98792C7A9D
2012-08-01 22:59 - 2012-08-01 22:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C506211357A9A94
2012-08-01 22:57 - 2012-08-01 22:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.53A31E5E79F082D9
2012-08-01 22:54 - 2012-08-01 22:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FAF388D99072CD8B
2012-08-01 22:52 - 2012-08-01 22:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A71DFCCD88E0C172
2012-08-01 22:49 - 2012-08-01 22:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5B1E9CC6DF25639
2012-08-01 22:47 - 2012-08-01 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.105C604F2EF4E085
2012-08-01 22:44 - 2012-08-01 22:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51A47559531877FB
2012-08-01 22:39 - 2012-08-01 22:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E667505CDC044B4E
2012-08-01 22:37 - 2012-08-01 22:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20C6A432EE076E48
2012-08-01 22:34 - 2012-08-01 22:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE186F5347687056
2012-08-01 22:31 - 2012-08-01 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E1AF63FAE598301
2012-08-01 22:28 - 2012-08-01 22:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.10950AD09488E3C9
2012-08-01 22:26 - 2012-08-01 22:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.727CD3E397711FBD
2012-08-01 22:23 - 2012-08-01 22:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD64AE2A600D9E96
2012-08-01 22:21 - 2012-08-01 22:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61C30F20A5DC977B
2012-08-01 22:16 - 2012-08-01 22:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.679BFC1BB9030927
2012-08-01 22:13 - 2012-08-01 22:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0014A19341F446C3
2012-08-01 22:10 - 2012-08-01 22:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0AC70939866BFB9
2012-08-01 22:07 - 2012-08-01 22:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F70ACD587B17A2D
2012-08-01 22:04 - 2012-08-01 22:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2EA7C9FC2E7156E
2012-08-01 22:01 - 2012-08-01 22:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DEF15AD666AD9FF
2012-08-01 21:59 - 2012-08-01 21:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1918A9640383714C
2012-08-01 21:56 - 2012-08-01 21:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5402D42734D03253
2012-08-01 21:54 - 2012-08-01 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B014E7746B69BB5C
2012-08-01 21:51 - 2012-08-01 21:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94929C660C1FD1D4
2012-08-01 21:48 - 2012-08-01 21:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9EF7704FA9D20E1B
2012-08-01 21:45 - 2012-08-01 21:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F388D241C2191134
2012-08-01 21:42 - 2012-08-01 21:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A04D9D20D033A5BB
2012-08-01 21:39 - 2012-08-01 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D9C3C0CD22146FAF
2012-08-01 21:37 - 2012-08-01 21:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03FFBFFA76C511AA
2012-08-01 21:34 - 2012-08-01 21:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.108C453C32538CE9
2012-08-01 21:31 - 2012-08-01 21:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AB28B14A4258C2A
2012-08-01 21:27 - 2012-08-01 21:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AD82583D218B144C
2012-08-01 21:25 - 2012-08-01 21:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47FF61110861FD93
2012-08-01 21:22 - 2012-08-01 21:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2A4DCCD093442F2
2012-08-01 21:20 - 2012-08-01 21:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1078064C81A54B58
2012-08-01 21:17 - 2012-08-01 21:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79D07146B253AB00
2012-08-01 21:12 - 2012-08-01 21:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A77C38DF3F8DF5B
2012-08-01 21:10 - 2012-08-01 21:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.450418ED28DDD245
2012-08-01 21:07 - 2012-08-01 21:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A013C9220DD8DFA
2012-08-01 21:02 - 2012-08-01 21:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06EBF1CC5E0B75D4
2012-08-01 20:59 - 2012-08-01 20:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF7F7AFB4DFA790C
2012-08-01 20:56 - 2012-08-01 20:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE800A2ABA43F24C
2012-08-01 20:53 - 2012-08-01 20:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.11DA6FD0CE63C16E
2012-08-01 20:50 - 2012-08-01 20:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26DD48C1A7C050B6
2012-08-01 20:48 - 2012-08-01 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28C471C03152E1B3
2012-08-01 20:46 - 2012-08-01 20:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3816B138406EF55
2012-08-01 20:43 - 2012-08-01 20:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A66F14526025BAE
2012-08-01 20:41 - 2012-08-01 20:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F20BF6937A603056
2012-08-01 20:38 - 2012-08-01 20:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E91FCF0C3369A279
2012-08-01 20:36 - 2012-08-01 20:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.806535E31760765E
2012-08-01 20:33 - 2012-08-01 20:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49F559AE5FDEDCB1
2012-08-01 20:31 - 2012-08-01 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE25DCA304633506
2012-08-01 20:27 - 2012-08-01 20:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C3635234BBE6D9F
2012-08-01 20:25 - 2012-08-01 20:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03B4A08F65E6BE9F
2012-08-01 20:22 - 2012-08-01 20:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27B1D73589D1C2DA
2012-08-01 20:20 - 2012-08-01 20:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FA2801141B53E39
2012-08-01 20:17 - 2012-08-01 20:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E464B8FC0107FC3E
2012-08-01 20:15 - 2012-08-01 20:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2E27867A9E999F1
2012-08-01 20:12 - 2012-08-01 20:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1541ADBDA750577A
2012-08-01 20:10 - 2012-08-01 20:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0328FC39D608ABF1
2012-08-01 20:06 - 2012-08-01 20:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90F7EE4EB1D5E02F
2012-08-01 20:04 - 2012-08-01 20:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4EAAA88BFB5308D
2012-08-01 20:01 - 2012-08-01 20:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14410C837950975D
2012-08-01 19:58 - 2012-08-01 19:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF6CF736CA4EA728
2012-08-01 19:56 - 2012-08-01 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.91D5ACB29237EC45
2012-08-01 19:53 - 2012-08-01 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B80E41D62A2707FA
2012-08-01 19:49 - 2012-08-01 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8D24A5380615DC3E
2012-08-01 19:47 - 2012-08-01 19:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE376ECF4C875275
2012-08-01 19:44 - 2012-08-01 19:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E483E6825B6D8295
2012-08-01 19:42 - 2012-08-01 19:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5BC3413C7D34B109
2012-08-01 19:39 - 2012-08-01 19:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56B3F557EC4182A8
2012-08-01 19:34 - 2012-08-01 19:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.71868BE536497452
2012-08-01 19:31 - 2012-08-01 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F90B2F01D11BB6B
2012-08-01 19:29 - 2012-08-01 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D8F2C9B40D0859B
2012-08-01 19:25 - 2012-08-01 19:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5955C4F362257FE3
2012-08-01 19:23 - 2012-08-01 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3C8A475B854FDB1
2012-08-01 19:20 - 2012-08-01 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D412545A67F4083C
2012-08-01 19:18 - 2012-08-01 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B050F9C9D882F6A4
2012-08-01 19:15 - 2012-08-01 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.950F767B185E03B4
2012-08-01 19:13 - 2012-08-01 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FBD51F87895F6043
2012-08-01 19:11 - 2012-08-01 19:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58B181379F5F7276
2012-08-01 19:08 - 2012-08-01 19:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF063EE80E2F420F
2012-08-01 19:06 - 2012-08-01 19:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65136D1FDCB47772
2012-08-01 19:03 - 2012-08-01 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F88A215B0FA4F00
2012-08-01 19:00 - 2012-08-01 19:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6713F9D40F3D00E7
2012-08-01 18:57 - 2012-08-01 18:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9ABE2014D9CD438
2012-08-01 18:54 - 2012-08-01 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1AD39D9FC6F4EDA
2012-08-01 18:51 - 2012-08-01 18:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9E23300116868299
2012-08-01 18:48 - 2012-08-01 18:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75969E90459225D8
2012-08-01 18:43 - 2012-08-01 18:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02CBDDB49335DCA2
2012-08-01 18:40 - 2012-08-01 18:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.74BE45840965E688
2012-08-01 18:37 - 2012-08-01 18:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA961D6577E38D4D
2012-08-01 18:35 - 2012-08-01 18:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC281F03A05862D4
2012-08-01 18:33 - 2012-08-01 18:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79A32A2AC6FAFA63
2012-08-01 18:27 - 2012-08-01 18:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50CB5C6F78322DAA
2012-08-01 18:12 - 2012-08-01 18:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5127EF7252E7874
2012-08-01 18:04 - 2012-08-01 18:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.21A3C9D408CD73DF
2012-08-01 18:00 - 2012-08-01 18:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B7018D534506B337
2012-08-01 17:58 - 2012-08-01 17:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5BF3B8834CF1C5B
2012-08-01 17:55 - 2012-08-01 17:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.37D6430C6EAC5BB1
2012-08-01 17:53 - 2012-08-01 17:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC3E6FD8FFFA8D55
2012-08-01 17:50 - 2012-08-01 17:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.93C3436349025B86
2012-08-01 17:46 - 2012-08-01 17:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E58B55EAB94D4B2C
2012-08-01 17:40 - 2012-08-01 17:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.150AE20EB6783123
2012-08-01 17:38 - 2012-08-01 17:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD180896CE71B1A8
2012-08-01 17:35 - 2012-08-01 17:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B53EF6C9DBDB8AE5
2012-08-01 17:32 - 2012-08-01 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A19E180FA658C5E
2012-08-01 17:30 - 2012-08-01 17:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DB2220710F868E1
2012-08-01 17:27 - 2012-08-01 17:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B40C9070C1D5A1B8
2012-08-01 17:24 - 2012-08-01 17:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5F52720A18AE7DF
2012-08-01 17:21 - 2012-08-01 17:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.442F30237FA9B2A6
2012-08-01 17:19 - 2012-08-01 17:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4493D11F83FEC41B
2012-08-01 17:17 - 2012-08-01 17:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.053E351A1D7ED66B
2012-08-01 17:14 - 2012-08-01 17:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB147E03CD9A0CE5
2012-08-01 17:12 - 2012-08-01 17:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D06977DCFB03A80
2012-08-01 17:09 - 2012-08-01 17:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9295F5C6D3BFF747
2012-08-01 17:06 - 2012-08-01 17:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.699976F3B025FF87
2012-08-01 17:03 - 2012-08-01 17:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB1FF8864FCA4FB
2012-08-01 17:01 - 2012-08-01 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A91062709B51957
2012-08-01 16:58 - 2012-08-01 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E574C91D2D1B280
2012-08-01 16:56 - 2012-08-01 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC68A6D4EA4DEA52
2012-08-01 16:53 - 2012-08-01 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D294661BC47DB210
2012-08-01 16:51 - 2012-08-01 16:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C40702460CA71393
2012-08-01 16:48 - 2012-08-01 16:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BFCDBE48BBB7B76C
2012-08-01 16:45 - 2012-08-01 16:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8FD09C0BB4A0FCC
2012-08-01 16:43 - 2012-08-01 16:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.710532FA6C59B690
2012-08-01 16:40 - 2012-08-01 16:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2523BAC499D736D8
2012-08-01 16:38 - 2012-08-01 16:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20B4FDC7848D366C
2012-08-01 16:36 - 2012-08-01 16:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E05B434EBC7028D
2012-08-01 16:32 - 2012-08-01 16:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D575F5BF31BB199
2012-08-01 16:30 - 2012-08-01 16:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FC519C414B4F91E
2012-08-01 16:27 - 2012-08-01 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48E98BA10EB0E3F2
2012-08-01 16:25 - 2012-08-01 16:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42506981F5494B6E
2012-08-01 16:23 - 2012-08-01 16:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA855CD8F3B9469E
2012-08-01 16:20 - 2012-08-01 16:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBD1925FE6EF3598
2012-08-01 16:18 - 2012-08-01 16:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A50A6317CBE52344
2012-08-01 16:15 - 2012-08-01 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC86F47F95977A6B
2012-08-01 16:12 - 2012-08-01 16:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FFC25EAB1DBEB1D0
2012-08-01 16:09 - 2012-08-01 16:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FCB301ED906D814B
2012-08-01 16:06 - 2012-08-01 16:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24A2379ADDBD9ACB
2012-08-01 16:03 - 2012-08-01 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A5F496D65971FFF
2012-08-01 15:58 - 2012-08-01 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6B514B7AD16A63B
2012-08-01 15:54 - 2012-08-01 15:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF0EC05AB416631C
2012-08-01 15:46 - 2012-08-01 15:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.082EBDEC28EF8027
2012-08-01 15:43 - 2012-08-01 15:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7539C71E6A14CDC3
2012-08-01 15:40 - 2012-08-01 15:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90B2E54951ADEE0B
2012-08-01 15:36 - 2012-08-01 15:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA6442CB581DB35A
2012-08-01 15:28 - 2012-08-01 15:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-01 15:28 - 2012-08-01 15:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-01 15:19 - 2012-08-01 15:19 - 12621696 ____A (Microsoft Corporation) C:\Users\MattK\Downloads\mseinstall.exe
2012-07-16 04:33 - 2012-07-16 04:33 - 00001358 ____A C:\Users\MattK\Desktop\Norton Installation Files.lnk
2012-07-16 04:33 - 2012-07-16 04:33 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-07-13 10:57 - 2012-07-13 10:57 - 00000000 ____D C:\Program Files (x86)\HDLand
2012-07-13 10:54 - 2012-07-13 10:55 - 09465770 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.27.0 (1).exe
2012-07-09 13:03 - 2012-07-09 13:12 - 09465770 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.27.0.exe

Mattk11 · Aug 3, 2012

============ 3 Months Modified Files ========================
2012-08-03 06:25 - 2012-08-03 06:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAEACAAFE787C68F
2012-08-03 06:25 - 2012-08-03 06:25 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sxflhouo.sys
2012-08-03 06:24 - 2011-08-18 14:35 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-03 06:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-03 06:24 - 2009-07-13 20:51 - 00062592 ____A C:\Windows\setupact.log
2012-08-03 06:22 - 2012-08-03 06:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E4F39965E21C7F6
2012-08-03 06:20 - 2012-03-31 06:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-03 06:18 - 2012-08-03 06:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9111BA2FA11C53DA
2012-08-03 06:12 - 2012-08-03 06:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E3988DAD57C33C2
2012-08-03 05:54 - 2012-08-03 05:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.83D86AA65D2882DA
2012-08-02 04:05 - 2012-08-02 04:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7AFBF99538297A81
2012-08-02 03:44 - 2012-08-02 03:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B03314A53CAC5343
2012-08-02 03:41 - 2012-08-02 03:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB9502B747DD947F
2012-08-02 03:38 - 2012-08-02 03:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.283098B65BFCCD7F
2012-08-02 03:34 - 2012-08-02 03:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DE19A90C14592CB
2012-08-02 03:32 - 2012-08-02 03:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.33EF03CA7700BD56
2012-08-02 03:29 - 2012-08-02 03:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AA9E80FB5FA9C79
2012-08-02 03:27 - 2012-08-02 03:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A37297B7AFB3740
2012-08-02 03:24 - 2012-08-02 03:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.321B547DF6B81C41
2012-08-02 03:21 - 2012-08-02 03:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52D1F4A13FB07749
2012-08-02 03:18 - 2012-08-02 03:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE732EBEDF684671
2012-08-02 03:16 - 2012-08-02 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9E2067CFB24A51B
2012-08-02 03:13 - 2012-08-02 03:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5BC22F3B63249298
2012-08-02 03:11 - 2012-08-02 03:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F59426F21092A259
2012-08-02 03:11 - 2011-12-14 14:50 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338972807-2305178636-2376310400-1000UA.job
2012-08-02 03:11 - 2011-08-18 14:35 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-02 03:08 - 2012-08-02 03:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D79C72E3A81AB659
2012-08-02 03:05 - 2012-08-02 03:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D09342258975EEDF
2012-08-02 03:02 - 2012-08-02 03:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B3BA0D3DBD2FCD8
2012-08-02 02:59 - 2012-08-02 02:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FB7481F667A2F54
2012-08-02 02:56 - 2012-08-02 02:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.687214882F642C44
2012-08-02 02:53 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-02 02:50 - 2012-08-02 02:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A389346A41C4B6B
2012-08-02 02:47 - 2012-08-02 02:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E20DEE647728EEB
2012-08-02 02:45 - 2012-08-02 02:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3AF53DD9B06B235
2012-08-02 02:42 - 2012-08-02 02:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.528D5DA1D14332DE
2012-08-02 02:39 - 2012-08-02 02:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9DC33A5A0FBA1369
2012-08-02 02:37 - 2012-08-02 02:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AEEB722910C84175
2012-08-02 02:34 - 2012-08-02 02:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B0C99CD8B6EB29C4
2012-08-02 02:31 - 2012-08-02 02:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5960297848E68FC5
2012-08-02 02:29 - 2012-08-02 02:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.39DE16FD8384686D
2012-08-02 02:26 - 2012-08-02 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BAA367B6B64571F1
2012-08-02 02:24 - 2012-08-02 02:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B27628944C12F703
2012-08-02 02:18 - 2012-08-02 02:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D29FC9E61EB1B7C6
2012-08-02 02:15 - 2012-08-02 02:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1D4ED5D66D65413
2012-08-02 02:13 - 2012-08-02 02:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24DE82605635B81B
2012-08-02 02:10 - 2012-08-02 02:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E41E037F0AFCCD4A
2012-08-02 02:08 - 2012-08-02 02:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.122A5E1E54AE5ED2
2012-08-02 02:05 - 2012-08-02 02:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9742DC30B0311E00
2012-08-02 02:03 - 2012-08-02 02:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7159B463D1C5FE20
2012-08-02 02:00 - 2012-08-02 02:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A525FB6F6319F7EF
2012-08-02 01:57 - 2012-08-02 01:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96C3E4BA915F702E
2012-08-02 01:54 - 2012-08-02 01:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D64EF27F40D682F7
2012-08-02 01:51 - 2012-08-02 01:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C4985E93A8A5F674
2012-08-02 01:49 - 2012-08-02 01:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA1735DDB584FAEB
2012-08-02 01:40 - 2012-08-02 01:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59A2A60A6311803B
2012-08-02 01:38 - 2012-08-02 01:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A4AC2A8C91DAD65
2012-08-02 01:35 - 2012-08-02 01:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BABD326F42F07624
2012-08-02 01:32 - 2012-08-02 01:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.425385496B36D13E
2012-08-02 01:29 - 2012-08-02 01:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14523C6E8170B64D
2012-08-02 01:26 - 2012-08-02 01:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D011AA9C2F1DDA6D
2012-08-02 01:23 - 2012-08-02 01:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE650F1C034B2962
2012-08-02 01:21 - 2012-08-02 01:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F152D54FEA96A54
2012-08-02 01:18 - 2012-08-02 01:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EEE1C5962E7C7D18
2012-08-02 01:15 - 2012-08-02 01:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB12AAECC3C0573
2012-08-02 01:13 - 2012-08-02 01:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.732D2908EB80F490
2012-08-02 01:10 - 2012-08-02 01:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AD311E264369345
2012-08-02 01:07 - 2012-08-02 01:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7603D803F7FF7E95
2012-08-02 01:04 - 2012-08-02 01:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3D0C0BD1DAEDC287
2012-08-02 01:02 - 2012-08-02 01:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FAA53174069E117
2012-08-02 00:56 - 2012-08-02 00:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAAEA68937437AC0
2012-08-02 00:43 - 2012-08-02 00:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.164D00AEC9A7F87D
2012-08-02 00:40 - 2012-08-02 00:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07E46FBBB0F23A63
2012-08-02 00:37 - 2012-08-02 00:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3CFA7F46FE59DF4A
2012-08-02 00:35 - 2012-08-02 00:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34E6064420F94D8E
2012-08-02 00:32 - 2012-08-02 00:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4557614E7FBCA38F
2012-08-02 00:28 - 2012-08-02 00:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE447090B88B6140
2012-08-02 00:26 - 2012-08-02 00:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9FC033005D9CEB7
2012-08-02 00:23 - 2012-08-02 00:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78C93B32663A461C
2012-08-02 00:20 - 2012-08-02 00:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FB51642D65A6AED
2012-08-02 00:18 - 2012-08-02 00:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16E0FC74C1EC0332
2012-08-02 00:15 - 2012-08-02 00:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CFB6835567BB57F
2012-08-02 00:12 - 2012-08-02 00:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.661AAECD479867FC
2012-08-02 00:09 - 2012-08-02 00:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.92CA104CB6B20223
2012-08-02 00:06 - 2012-08-02 00:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DD94C9B17A66FAF
2012-08-02 00:04 - 2012-08-02 00:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16686CF02F23027F
2012-08-02 00:03 - 2009-07-13 21:08 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-02 00:01 - 2012-08-02 00:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4167AE9B0C050290
2012-08-01 23:59 - 2012-08-01 23:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03B273584CB58979
2012-08-01 23:55 - 2012-08-01 23:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.614D4E9243E4F92E
2012-08-01 23:52 - 2012-08-01 23:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3C8733D05F8DD51
2012-08-01 23:49 - 2012-08-01 23:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D00D5357E4AF8B1E
2012-08-01 23:46 - 2012-08-01 23:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4BAA7E4BFE0AAC59
2012-08-01 23:44 - 2012-08-01 23:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F84FFDFFC6BCA91
2012-08-01 23:41 - 2012-08-01 23:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.611F6DF78FECF8DF
2012-08-01 23:36 - 2012-08-01 23:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F8E5CB9A7BE3B96
2012-08-01 23:33 - 2012-08-01 23:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85EA4C9C0FF97D4A
2012-08-01 23:31 - 2012-08-01 23:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3363AA46023FF692
2012-08-01 23:29 - 2012-08-01 23:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA9C0FF669B88EC4
2012-08-01 23:26 - 2012-08-01 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D5FA15A6BD25007
2012-08-01 23:22 - 2012-08-01 23:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCB91B31723180D6
2012-08-01 23:19 - 2012-08-01 23:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C40C90D8BD647F6F
2012-08-01 23:17 - 2012-08-01 23:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C420B175B33DAD4
2012-08-01 23:15 - 2012-08-01 23:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADD49242DC72885E
2012-08-01 23:12 - 2012-08-01 23:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF6AA2BDD1925292
2012-08-01 23:10 - 2012-08-01 23:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3840E6DC9293A846
2012-08-01 23:07 - 2012-08-01 23:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5913E98792C7A9D
2012-08-01 22:59 - 2012-08-01 22:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C506211357A9A94
2012-08-01 22:57 - 2012-08-01 22:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.53A31E5E79F082D9
2012-08-01 22:54 - 2012-08-01 22:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FAF388D99072CD8B
2012-08-01 22:52 - 2012-08-01 22:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A71DFCCD88E0C172
2012-08-01 22:49 - 2012-08-01 22:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5B1E9CC6DF25639
2012-08-01 22:47 - 2012-08-01 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.105C604F2EF4E085
2012-08-01 22:44 - 2012-08-01 22:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51A47559531877FB
2012-08-01 22:39 - 2012-08-01 22:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E667505CDC044B4E
2012-08-01 22:37 - 2012-08-01 22:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20C6A432EE076E48
2012-08-01 22:34 - 2012-08-01 22:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE186F5347687056
2012-08-01 22:31 - 2012-08-01 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E1AF63FAE598301
2012-08-01 22:28 - 2012-08-01 22:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.10950AD09488E3C9
2012-08-01 22:26 - 2012-08-01 22:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.727CD3E397711FBD
2012-08-01 22:23 - 2012-08-01 22:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD64AE2A600D9E96
2012-08-01 22:21 - 2012-08-01 22:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61C30F20A5DC977B
2012-08-01 22:16 - 2012-08-01 22:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.679BFC1BB9030927
2012-08-01 22:13 - 2012-08-01 22:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0014A19341F446C3
2012-08-01 22:10 - 2012-08-01 22:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0AC70939866BFB9
2012-08-01 22:07 - 2012-08-01 22:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F70ACD587B17A2D
2012-08-01 22:04 - 2012-08-01 22:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2EA7C9FC2E7156E
2012-08-01 22:01 - 2012-08-01 22:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DEF15AD666AD9FF
2012-08-01 21:59 - 2012-08-01 21:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1918A9640383714C
2012-08-01 21:56 - 2012-08-01 21:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5402D42734D03253
2012-08-01 21:54 - 2012-08-01 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B014E7746B69BB5C
2012-08-01 21:51 - 2012-08-01 21:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94929C660C1FD1D4
2012-08-01 21:48 - 2012-08-01 21:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9EF7704FA9D20E1B
2012-08-01 21:45 - 2012-08-01 21:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F388D241C2191134
2012-08-01 21:42 - 2012-08-01 21:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A04D9D20D033A5BB
2012-08-01 21:39 - 2012-08-01 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D9C3C0CD22146FAF
2012-08-01 21:37 - 2012-08-01 21:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03FFBFFA76C511AA
2012-08-01 21:34 - 2012-08-01 21:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.108C453C32538CE9
2012-08-01 21:31 - 2012-08-01 21:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AB28B14A4258C2A
2012-08-01 21:27 - 2012-08-01 21:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AD82583D218B144C
2012-08-01 21:25 - 2012-08-01 21:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47FF61110861FD93
2012-08-01 21:22 - 2012-08-01 21:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2A4DCCD093442F2
2012-08-01 21:20 - 2012-08-01 21:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1078064C81A54B58
2012-08-01 21:17 - 2012-08-01 21:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79D07146B253AB00
2012-08-01 21:12 - 2012-08-01 21:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A77C38DF3F8DF5B
2012-08-01 21:10 - 2012-08-01 21:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.450418ED28DDD245
2012-08-01 21:07 - 2012-08-01 21:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A013C9220DD8DFA
2012-08-01 21:02 - 2012-08-01 21:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06EBF1CC5E0B75D4
2012-08-01 20:59 - 2012-08-01 20:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF7F7AFB4DFA790C
2012-08-01 20:56 - 2012-08-01 20:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE800A2ABA43F24C
2012-08-01 20:53 - 2012-08-01 20:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.11DA6FD0CE63C16E
2012-08-01 20:50 - 2012-08-01 20:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26DD48C1A7C050B6
2012-08-01 20:48 - 2012-08-01 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28C471C03152E1B3
2012-08-01 20:46 - 2012-08-01 20:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3816B138406EF55
2012-08-01 20:43 - 2012-08-01 20:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A66F14526025BAE
2012-08-01 20:41 - 2012-08-01 20:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F20BF6937A603056
2012-08-01 20:38 - 2012-08-01 20:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E91FCF0C3369A279
2012-08-01 20:36 - 2012-08-01 20:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.806535E31760765E
2012-08-01 20:33 - 2012-08-01 20:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49F559AE5FDEDCB1
2012-08-01 20:31 - 2012-08-01 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE25DCA304633506
2012-08-01 20:27 - 2012-08-01 20:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C3635234BBE6D9F
2012-08-01 20:25 - 2012-08-01 20:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03B4A08F65E6BE9F
2012-08-01 20:22 - 2012-08-01 20:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27B1D73589D1C2DA
2012-08-01 20:20 - 2012-08-01 20:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FA2801141B53E39
2012-08-01 20:17 - 2012-08-01 20:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E464B8FC0107FC3E
2012-08-01 20:15 - 2012-08-01 20:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2E27867A9E999F1
2012-08-01 20:12 - 2012-08-01 20:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1541ADBDA750577A
2012-08-01 20:10 - 2012-08-01 20:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0328FC39D608ABF1
2012-08-01 20:06 - 2012-08-01 20:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90F7EE4EB1D5E02F
2012-08-01 20:04 - 2012-08-01 20:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4EAAA88BFB5308D
2012-08-01 20:01 - 2012-08-01 20:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14410C837950975D
2012-08-01 19:58 - 2012-08-01 19:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF6CF736CA4EA728
2012-08-01 19:56 - 2012-08-01 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.91D5ACB29237EC45
2012-08-01 19:53 - 2012-08-01 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B80E41D62A2707FA
2012-08-01 19:49 - 2012-08-01 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8D24A5380615DC3E
2012-08-01 19:47 - 2012-08-01 19:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE376ECF4C875275
2012-08-01 19:44 - 2012-08-01 19:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E483E6825B6D8295
2012-08-01 19:42 - 2012-08-01 19:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5BC3413C7D34B109
2012-08-01 19:39 - 2012-08-01 19:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56B3F557EC4182A8
2012-08-01 19:34 - 2012-08-01 19:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.71868BE536497452
2012-08-01 19:31 - 2012-08-01 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F90B2F01D11BB6B
2012-08-01 19:29 - 2012-08-01 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D8F2C9B40D0859B
2012-08-01 19:25 - 2012-08-01 19:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5955C4F362257FE3
2012-08-01 19:23 - 2012-08-01 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3C8A475B854FDB1
2012-08-01 19:20 - 2012-08-01 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D412545A67F4083C
2012-08-01 19:18 - 2012-08-01 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B050F9C9D882F6A4
2012-08-01 19:15 - 2012-08-01 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.950F767B185E03B4
2012-08-01 19:13 - 2012-08-01 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FBD51F87895F6043
2012-08-01 19:11 - 2012-08-01 19:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58B181379F5F7276
2012-08-01 19:08 - 2012-08-01 19:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF063EE80E2F420F
2012-08-01 19:06 - 2012-08-01 19:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65136D1FDCB47772
2012-08-01 19:03 - 2012-08-01 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F88A215B0FA4F00
2012-08-01 19:00 - 2012-08-01 19:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6713F9D40F3D00E7
2012-08-01 18:57 - 2012-08-01 18:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9ABE2014D9CD438
2012-08-01 18:54 - 2012-08-01 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1AD39D9FC6F4EDA
2012-08-01 18:51 - 2012-08-01 18:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9E23300116868299
2012-08-01 18:48 - 2012-08-01 18:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75969E90459225D8
2012-08-01 18:43 - 2012-08-01 18:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02CBDDB49335DCA2
2012-08-01 18:40 - 2012-08-01 18:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.74BE45840965E688
2012-08-01 18:37 - 2012-08-01 18:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA961D6577E38D4D
2012-08-01 18:35 - 2012-08-01 18:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC281F03A05862D4
2012-08-01 18:33 - 2012-08-01 18:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79A32A2AC6FAFA63
2012-08-01 18:27 - 2012-08-01 18:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50CB5C6F78322DAA
2012-08-01 18:12 - 2012-08-01 18:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5127EF7252E7874
2012-08-01 18:04 - 2012-08-01 18:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.21A3C9D408CD73DF
2012-08-01 18:00 - 2012-08-01 18:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B7018D534506B337
2012-08-01 17:58 - 2012-08-01 17:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5BF3B8834CF1C5B
2012-08-01 17:55 - 2012-08-01 17:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.37D6430C6EAC5BB1
2012-08-01 17:53 - 2012-08-01 17:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC3E6FD8FFFA8D55
2012-08-01 17:50 - 2012-08-01 17:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.93C3436349025B86
2012-08-01 17:46 - 2012-08-01 17:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E58B55EAB94D4B2C
2012-08-01 17:40 - 2012-08-01 17:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.150AE20EB6783123
2012-08-01 17:38 - 2012-08-01 17:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD180896CE71B1A8
2012-08-01 17:35 - 2012-08-01 17:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B53EF6C9DBDB8AE5
2012-08-01 17:32 - 2012-08-01 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A19E180FA658C5E
2012-08-01 17:30 - 2012-08-01 17:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DB2220710F868E1
2012-08-01 17:27 - 2012-08-01 17:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B40C9070C1D5A1B8
2012-08-01 17:24 - 2012-08-01 17:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5F52720A18AE7DF
2012-08-01 17:21 - 2012-08-01 17:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.442F30237FA9B2A6
2012-08-01 17:19 - 2012-08-01 17:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4493D11F83FEC41B
2012-08-01 17:17 - 2012-08-01 17:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.053E351A1D7ED66B
2012-08-01 17:14 - 2012-08-01 17:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB147E03CD9A0CE5
2012-08-01 17:12 - 2012-08-01 17:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D06977DCFB03A80
2012-08-01 17:09 - 2012-08-01 17:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9295F5C6D3BFF747
2012-08-01 17:06 - 2012-08-01 17:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.699976F3B025FF87
2012-08-01 17:03 - 2012-08-01 17:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB1FF8864FCA4FB
2012-08-01 17:01 - 2012-08-01 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A91062709B51957
2012-08-01 16:58 - 2012-08-01 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E574C91D2D1B280
2012-08-01 16:56 - 2012-08-01 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC68A6D4EA4DEA52
2012-08-01 16:53 - 2012-08-01 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D294661BC47DB210
2012-08-01 16:51 - 2012-08-01 16:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C40702460CA71393
2012-08-01 16:48 - 2012-08-01 16:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BFCDBE48BBB7B76C
2012-08-01 16:45 - 2012-08-01 16:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8FD09C0BB4A0FCC
2012-08-01 16:43 - 2012-08-01 16:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.710532FA6C59B690
2012-08-01 16:40 - 2012-08-01 16:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2523BAC499D736D8
2012-08-01 16:38 - 2012-08-01 16:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20B4FDC7848D366C
2012-08-01 16:36 - 2012-08-01 16:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E05B434EBC7028D
2012-08-01 16:32 - 2012-08-01 16:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D575F5BF31BB199
2012-08-01 16:30 - 2012-08-01 16:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FC519C414B4F91E
2012-08-01 16:27 - 2012-08-01 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48E98BA10EB0E3F2
2012-08-01 16:25 - 2012-08-01 16:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42506981F5494B6E
2012-08-01 16:23 - 2012-08-01 16:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA855CD8F3B9469E
2012-08-01 16:20 - 2012-08-01 16:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBD1925FE6EF3598
2012-08-01 16:18 - 2012-08-01 16:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A50A6317CBE52344
2012-08-01 16:15 - 2012-08-01 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC86F47F95977A6B
2012-08-01 16:12 - 2012-08-01 16:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FFC25EAB1DBEB1D0
2012-08-01 16:09 - 2012-08-01 16:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FCB301ED906D814B
2012-08-01 16:06 - 2012-08-01 16:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24A2379ADDBD9ACB
2012-08-01 16:03 - 2012-08-01 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A5F496D65971FFF
2012-08-01 15:58 - 2012-08-01 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6B514B7AD16A63B
2012-08-01 15:54 - 2012-08-01 15:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF0EC05AB416631C
2012-08-01 15:54 - 2009-07-13 21:13 - 00861442 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-01 15:46 - 2012-08-01 15:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.082EBDEC28EF8027
2012-08-01 15:43 - 2012-08-01 15:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7539C71E6A14CDC3
2012-08-01 15:40 - 2012-08-01 15:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90B2E54951ADEE0B
2012-08-01 15:38 - 2011-08-11 14:23 - 00019176 ____A C:\Windows\PFRO.log
2012-08-01 15:36 - 2012-08-01 15:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA6442CB581DB35A
2012-08-01 15:28 - 2011-08-12 07:35 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-01 15:28 - 2011-08-11 14:14 - 00875592 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-01 15:28 - 2011-08-11 10:19 - 01555915 ____A C:\Windows\WindowsUpdate.log
2012-08-01 15:19 - 2012-08-01 15:19 - 12621696 ____A (Microsoft Corporation) C:\Users\MattK\Downloads\mseinstall.exe
2012-08-01 09:11 - 2011-12-14 14:50 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338972807-2305178636-2376310400-1000Core.job
2012-07-29 11:24 - 2012-03-31 06:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-29 11:24 - 2011-08-18 08:29 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-16 04:33 - 2012-07-16 04:33 - 00001358 ____A C:\Users\MattK\Desktop\Norton Installation Files.lnk
2012-07-13 10:57 - 2012-01-01 16:06 - 00001036 ____A C:\Users\Public\Desktop\Zappiti.exe.lnk
2012-07-13 10:55 - 2012-07-13 10:54 - 09465770 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.27.0 (1).exe
2012-07-11 15:08 - 2011-12-14 14:52 - 00002401 ____A C:\Users\MattK\Desktop\Google Chrome.lnk
2012-07-09 13:12 - 2012-07-09 13:03 - 09465770 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.27.0.exe
2012-06-27 09:54 - 2012-01-08 01:00 - 00008744 ____A C:\Windows\System32\lvcoinst.log
2012-06-27 08:58 - 2012-06-27 08:53 - 09465068 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.25.0.exe
2012-06-21 07:36 - 2009-07-13 20:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-21 07:36 - 2009-07-13 20:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-19 14:12 - 2012-06-19 14:12 - 00002204 ____A C:\Users\MattK\Documents\iphone contacts.csv
2012-06-15 07:37 - 2012-06-10 16:05 - 00002026 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-06-14 14:53 - 2012-06-14 14:53 - 00517329 ____A C:\Users\MattK\Winstons X-Ray for 1.2.4.zip
2012-06-14 08:14 - 2012-06-14 08:14 - 00278561 ____A C:\Users\MattK\Downloads\Minecraft (1).exe
2012-06-13 09:46 - 2012-06-13 09:46 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-13 00:36 - 2009-07-13 20:45 - 05033592 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 00:10 - 2011-08-11 10:45 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-10 16:09 - 2011-08-12 07:26 - 00109216 ____A C:\Users\MattK\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-02 14:19 - 2012-06-08 16:31 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 16:31 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 16:31 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 16:31 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 16:31 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-08 16:31 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-08 16:31 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-08 16:30 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-08 16:30 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 05:04 - 2012-06-02 05:04 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-31 07:02 - 2012-05-31 06:57 - 09447598 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.14.0 (1).exe
2012-05-31 06:52 - 2012-05-31 06:41 - 09447598 ____A (HDLand) C:\Users\MattK\Downloads\Zappiti-v2.4.14.0.exe
2012-05-17 18:47 - 2012-06-13 00:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 00:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 00:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 00:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 00:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 00:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 00:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 00:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 00:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 00:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 00:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 00:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 00:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 00:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 00:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 00:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 00:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 00:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 00:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 00:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 00:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 00:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 00:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 00:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 00:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-12 14:04 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 10:22 - 2011-12-26 06:51 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-05-11 14:25 - 2012-05-11 14:25 - 00274640 ____A C:\Windows\Minidump\051112-21450-01.dmp
2012-05-11 14:25 - 2011-08-19 08:04 - 408236282 ____A C:\Windows\MEMORY.DMP
ZeroAccess:
C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}
C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\@
C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\L
C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\n
C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\U
C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\U\00000001.@
ZeroAccess:
C:\Users\MattK\AppData\Local\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}
C:\Users\MattK\AppData\Local\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\@
C:\Users\MattK\AppData\Local\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\L
C:\Users\MattK\AppData\Local\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 16%
Total physical RAM: 3455.43 MB
Available physical RAM: 2878.31 MB
Total Pagefile: 3453.58 MB
Available Pagefile: 2880.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:148.95 GB) (Free:74.96 GB) NTFS
3 Drive f: () (Removable) (Total:0.5 GB) (Free:0.05 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 507 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 148 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 148 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 507 MB 64 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 507 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-06-17 21:29
======================= End Of Log ==========================

Mattk11 · Aug 3, 2012

Mattk11 · Aug 3, 2012

Broni · Aug 3, 2012

You posted FRST log twice.

I still need you to....

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

Mattk11 · Aug 4, 2012

Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by SYSTEM at 2012-08-04 10:00:08
Running from D:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-08-02 02:53] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======

Broni · Aug 4, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Mattk11 · Aug 4, 2012

SubSystems: [Windows] ==> ZeroAccess
C:\Windows\System32\consrv.dll
HKLM\...\Run: [] [x]
HKLM-x32\...\Run: [] [x]
2012-08-03 06:25 - 2012-08-03 06:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAEACAAFE787C68F
2012-08-03 06:25 - 2012-08-03 06:25 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sxflhouo.sys
2012-08-03 06:22 - 2012-08-03 06:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E4F39965E21C7F6
2012-08-03 06:18 - 2012-08-03 06:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9111BA2FA11C53DA
2012-08-03 06:12 - 2012-08-03 06:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E3988DAD57C33C2
2012-08-03 05:54 - 2012-08-03 05:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.83D86AA65D2882DA
2012-08-02 04:05 - 2012-08-02 04:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7AFBF99538297A81
2012-08-02 03:44 - 2012-08-02 03:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B03314A53CAC5343
2012-08-02 03:41 - 2012-08-02 03:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB9502B747DD947F
2012-08-02 03:38 - 2012-08-02 03:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.283098B65BFCCD7F
2012-08-02 03:34 - 2012-08-02 03:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DE19A90C14592CB
2012-08-02 03:32 - 2012-08-02 03:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.33EF03CA7700BD56
2012-08-02 03:29 - 2012-08-02 03:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AA9E80FB5FA9C79
2012-08-02 03:27 - 2012-08-02 03:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A37297B7AFB3740
2012-08-02 03:24 - 2012-08-02 03:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.321B547DF6B81C41
2012-08-02 03:21 - 2012-08-02 03:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.52D1F4A13FB07749
2012-08-02 03:18 - 2012-08-02 03:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE732EBEDF684671
2012-08-02 03:16 - 2012-08-02 03:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9E2067CFB24A51B
2012-08-02 03:13 - 2012-08-02 03:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5BC22F3B63249298
2012-08-02 03:11 - 2012-08-02 03:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F59426F21092A259
2012-08-02 03:08 - 2012-08-02 03:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D79C72E3A81AB659
2012-08-02 03:05 - 2012-08-02 03:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D09342258975EEDF
2012-08-02 03:02 - 2012-08-02 03:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B3BA0D3DBD2FCD8
2012-08-02 02:59 - 2012-08-02 02:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FB7481F667A2F54
2012-08-02 02:56 - 2012-08-02 02:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.687214882F642C44
2012-08-02 02:50 - 2012-08-02 02:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0A389346A41C4B6B
2012-08-02 02:47 - 2012-08-02 02:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8E20DEE647728EEB
2012-08-02 02:45 - 2012-08-02 02:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3AF53DD9B06B235
2012-08-02 02:42 - 2012-08-02 02:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.528D5DA1D14332DE
2012-08-02 02:39 - 2012-08-02 02:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9DC33A5A0FBA1369
2012-08-02 02:37 - 2012-08-02 02:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AEEB722910C84175
2012-08-02 02:34 - 2012-08-02 02:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B0C99CD8B6EB29C4
2012-08-02 02:31 - 2012-08-02 02:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5960297848E68FC5
2012-08-02 02:29 - 2012-08-02 02:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.39DE16FD8384686D
2012-08-02 02:26 - 2012-08-02 02:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BAA367B6B64571F1
2012-08-02 02:24 - 2012-08-02 02:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B27628944C12F703
2012-08-02 02:18 - 2012-08-02 02:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D29FC9E61EB1B7C6
2012-08-02 02:15 - 2012-08-02 02:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1D4ED5D66D65413
2012-08-02 02:13 - 2012-08-02 02:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24DE82605635B81B
2012-08-02 02:10 - 2012-08-02 02:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E41E037F0AFCCD4A
2012-08-02 02:08 - 2012-08-02 02:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.122A5E1E54AE5ED2
2012-08-02 02:05 - 2012-08-02 02:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9742DC30B0311E00
2012-08-02 02:03 - 2012-08-02 02:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7159B463D1C5FE20
2012-08-02 02:00 - 2012-08-02 02:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A525FB6F6319F7EF
2012-08-02 01:57 - 2012-08-02 01:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96C3E4BA915F702E
2012-08-02 01:54 - 2012-08-02 01:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D64EF27F40D682F7
2012-08-02 01:51 - 2012-08-02 01:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C4985E93A8A5F674
2012-08-02 01:49 - 2012-08-02 01:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA1735DDB584FAEB
2012-08-02 01:40 - 2012-08-02 01:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.59A2A60A6311803B
2012-08-02 01:38 - 2012-08-02 01:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A4AC2A8C91DAD65
2012-08-02 01:35 - 2012-08-02 01:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BABD326F42F07624
2012-08-02 01:32 - 2012-08-02 01:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.425385496B36D13E
2012-08-02 01:29 - 2012-08-02 01:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14523C6E8170B64D
2012-08-02 01:26 - 2012-08-02 01:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D011AA9C2F1DDA6D
2012-08-02 01:23 - 2012-08-02 01:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE650F1C034B2962
2012-08-02 01:21 - 2012-08-02 01:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F152D54FEA96A54
2012-08-02 01:18 - 2012-08-02 01:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EEE1C5962E7C7D18
2012-08-02 01:15 - 2012-08-02 01:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB12AAECC3C0573
2012-08-02 01:13 - 2012-08-02 01:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.732D2908EB80F490
2012-08-02 01:10 - 2012-08-02 01:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AD311E264369345
2012-08-02 01:07 - 2012-08-02 01:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7603D803F7FF7E95
2012-08-02 01:04 - 2012-08-02 01:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3D0C0BD1DAEDC287
2012-08-02 01:02 - 2012-08-02 01:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FAA53174069E117
2012-08-02 00:56 - 2012-08-02 00:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CAAEA68937437AC0
2012-08-02 00:43 - 2012-08-02 00:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.164D00AEC9A7F87D
2012-08-02 00:40 - 2012-08-02 00:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07E46FBBB0F23A63
2012-08-02 00:37 - 2012-08-02 00:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3CFA7F46FE59DF4A
2012-08-02 00:35 - 2012-08-02 00:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34E6064420F94D8E
2012-08-02 00:32 - 2012-08-02 00:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4557614E7FBCA38F
2012-08-02 00:28 - 2012-08-02 00:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE447090B88B6140
2012-08-02 00:26 - 2012-08-02 00:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9FC033005D9CEB7
2012-08-02 00:23 - 2012-08-02 00:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.78C93B32663A461C
2012-08-02 00:20 - 2012-08-02 00:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5FB51642D65A6AED
2012-08-02 00:18 - 2012-08-02 00:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16E0FC74C1EC0332
2012-08-02 00:15 - 2012-08-02 00:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CFB6835567BB57F
2012-08-02 00:12 - 2012-08-02 00:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.661AAECD479867FC
2012-08-02 00:09 - 2012-08-02 00:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.92CA104CB6B20223
2012-08-02 00:06 - 2012-08-02 00:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DD94C9B17A66FAF
2012-08-02 00:04 - 2012-08-02 00:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.16686CF02F23027F
2012-08-02 00:01 - 2012-08-02 00:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4167AE9B0C050290
2012-08-01 23:59 - 2012-08-01 23:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03B273584CB58979
2012-08-01 23:55 - 2012-08-01 23:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.614D4E9243E4F92E
2012-08-01 23:52 - 2012-08-01 23:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3C8733D05F8DD51
2012-08-01 23:49 - 2012-08-01 23:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D00D5357E4AF8B1E
2012-08-01 23:46 - 2012-08-01 23:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4BAA7E4BFE0AAC59
2012-08-01 23:44 - 2012-08-01 23:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F84FFDFFC6BCA91
2012-08-01 23:41 - 2012-08-01 23:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.611F6DF78FECF8DF
2012-08-01 23:36 - 2012-08-01 23:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F8E5CB9A7BE3B96
2012-08-01 23:33 - 2012-08-01 23:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.85EA4C9C0FF97D4A
2012-08-01 23:31 - 2012-08-01 23:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3363AA46023FF692
2012-08-01 23:29 - 2012-08-01 23:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA9C0FF669B88EC4
2012-08-01 23:26 - 2012-08-01 23:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D5FA15A6BD25007
2012-08-01 23:22 - 2012-08-01 23:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCB91B31723180D6
2012-08-01 23:19 - 2012-08-01 23:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C40C90D8BD647F6F
2012-08-01 23:17 - 2012-08-01 23:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1C420B175B33DAD4
2012-08-01 23:15 - 2012-08-01 23:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADD49242DC72885E
2012-08-01 23:12 - 2012-08-01 23:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AF6AA2BDD1925292
2012-08-01 23:10 - 2012-08-01 23:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3840E6DC9293A846
2012-08-01 23:07 - 2012-08-01 23:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5913E98792C7A9D
2012-08-01 22:59 - 2012-08-01 22:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C506211357A9A94
2012-08-01 22:57 - 2012-08-01 22:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.53A31E5E79F082D9
2012-08-01 22:54 - 2012-08-01 22:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FAF388D99072CD8B
2012-08-01 22:52 - 2012-08-01 22:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A71DFCCD88E0C172
2012-08-01 22:49 - 2012-08-01 22:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5B1E9CC6DF25639
2012-08-01 22:47 - 2012-08-01 22:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.105C604F2EF4E085
2012-08-01 22:44 - 2012-08-01 22:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51A47559531877FB
2012-08-01 22:39 - 2012-08-01 22:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E667505CDC044B4E
2012-08-01 22:37 - 2012-08-01 22:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20C6A432EE076E48
2012-08-01 22:34 - 2012-08-01 22:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE186F5347687056
2012-08-01 22:31 - 2012-08-01 22:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E1AF63FAE598301
2012-08-01 22:28 - 2012-08-01 22:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.10950AD09488E3C9
2012-08-01 22:26 - 2012-08-01 22:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.727CD3E397711FBD
2012-08-01 22:23 - 2012-08-01 22:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FD64AE2A600D9E96
2012-08-01 22:21 - 2012-08-01 22:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.61C30F20A5DC977B
2012-08-01 22:16 - 2012-08-01 22:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.679BFC1BB9030927
2012-08-01 22:13 - 2012-08-01 22:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0014A19341F446C3
2012-08-01 22:10 - 2012-08-01 22:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0AC70939866BFB9
2012-08-01 22:07 - 2012-08-01 22:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4F70ACD587B17A2D
2012-08-01 22:04 - 2012-08-01 22:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2EA7C9FC2E7156E
2012-08-01 22:01 - 2012-08-01 22:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4DEF15AD666AD9FF
2012-08-01 21:59 - 2012-08-01 21:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1918A9640383714C
2012-08-01 21:56 - 2012-08-01 21:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5402D42734D03253
2012-08-01 21:54 - 2012-08-01 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B014E7746B69BB5C
2012-08-01 21:51 - 2012-08-01 21:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94929C660C1FD1D4
2012-08-01 21:48 - 2012-08-01 21:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9EF7704FA9D20E1B
2012-08-01 21:45 - 2012-08-01 21:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F388D241C2191134
2012-08-01 21:42 - 2012-08-01 21:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A04D9D20D033A5BB
2012-08-01 21:39 - 2012-08-01 21:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D9C3C0CD22146FAF
2012-08-01 21:37 - 2012-08-01 21:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03FFBFFA76C511AA
2012-08-01 21:34 - 2012-08-01 21:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.108C453C32538CE9
2012-08-01 21:31 - 2012-08-01 21:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8AB28B14A4258C2A
2012-08-01 21:27 - 2012-08-01 21:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AD82583D218B144C
2012-08-01 21:25 - 2012-08-01 21:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47FF61110861FD93
2012-08-01 21:22 - 2012-08-01 21:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2A4DCCD093442F2
2012-08-01 21:20 - 2012-08-01 21:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1078064C81A54B58
2012-08-01 21:17 - 2012-08-01 21:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79D07146B253AB00
2012-08-01 21:12 - 2012-08-01 21:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A77C38DF3F8DF5B
2012-08-01 21:10 - 2012-08-01 21:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.450418ED28DDD245
2012-08-01 21:07 - 2012-08-01 21:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A013C9220DD8DFA
2012-08-01 21:02 - 2012-08-01 21:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06EBF1CC5E0B75D4
2012-08-01 20:59 - 2012-08-01 20:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF7F7AFB4DFA790C
2012-08-01 20:56 - 2012-08-01 20:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE800A2ABA43F24C
2012-08-01 20:53 - 2012-08-01 20:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.11DA6FD0CE63C16E
2012-08-01 20:50 - 2012-08-01 20:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.26DD48C1A7C050B6
2012-08-01 20:48 - 2012-08-01 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28C471C03152E1B3
2012-08-01 20:46 - 2012-08-01 20:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E3816B138406EF55
2012-08-01 20:43 - 2012-08-01 20:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2A66F14526025BAE
2012-08-01 20:41 - 2012-08-01 20:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F20BF6937A603056
2012-08-01 20:38 - 2012-08-01 20:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E91FCF0C3369A279
2012-08-01 20:36 - 2012-08-01 20:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.806535E31760765E
2012-08-01 20:33 - 2012-08-01 20:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.49F559AE5FDEDCB1
2012-08-01 20:31 - 2012-08-01 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE25DCA304633506
2012-08-01 20:27 - 2012-08-01 20:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C3635234BBE6D9F
2012-08-01 20:25 - 2012-08-01 20:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.03B4A08F65E6BE9F
2012-08-01 20:22 - 2012-08-01 20:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27B1D73589D1C2DA
2012-08-01 20:20 - 2012-08-01 20:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2FA2801141B53E39
2012-08-01 20:17 - 2012-08-01 20:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E464B8FC0107FC3E
2012-08-01 20:15 - 2012-08-01 20:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E2E27867A9E999F1
2012-08-01 20:12 - 2012-08-01 20:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1541ADBDA750577A
2012-08-01 20:10 - 2012-08-01 20:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0328FC39D608ABF1
2012-08-01 20:06 - 2012-08-01 20:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90F7EE4EB1D5E02F
2012-08-01 20:04 - 2012-08-01 20:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4EAAA88BFB5308D
2012-08-01 20:01 - 2012-08-01 20:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14410C837950975D
2012-08-01 19:58 - 2012-08-01 19:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF6CF736CA4EA728
2012-08-01 19:56 - 2012-08-01 19:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.91D5ACB29237EC45
2012-08-01 19:53 - 2012-08-01 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B80E41D62A2707FA
2012-08-01 19:49 - 2012-08-01 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8D24A5380615DC3E
2012-08-01 19:47 - 2012-08-01 19:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE376ECF4C875275
2012-08-01 19:44 - 2012-08-01 19:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E483E6825B6D8295
2012-08-01 19:42 - 2012-08-01 19:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5BC3413C7D34B109
2012-08-01 19:39 - 2012-08-01 19:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56B3F557EC4182A8
2012-08-01 19:34 - 2012-08-01 19:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.71868BE536497452
2012-08-01 19:31 - 2012-08-01 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F90B2F01D11BB6B
2012-08-01 19:29 - 2012-08-01 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2D8F2C9B40D0859B
2012-08-01 19:25 - 2012-08-01 19:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5955C4F362257FE3
2012-08-01 19:23 - 2012-08-01 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3C8A475B854FDB1
2012-08-01 19:20 - 2012-08-01 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D412545A67F4083C
2012-08-01 19:18 - 2012-08-01 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B050F9C9D882F6A4
2012-08-01 19:15 - 2012-08-01 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.950F767B185E03B4
2012-08-01 19:13 - 2012-08-01 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FBD51F87895F6043
2012-08-01 19:11 - 2012-08-01 19:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58B181379F5F7276
2012-08-01 19:08 - 2012-08-01 19:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF063EE80E2F420F
2012-08-01 19:06 - 2012-08-01 19:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.65136D1FDCB47772
2012-08-01 19:03 - 2012-08-01 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F88A215B0FA4F00
2012-08-01 19:00 - 2012-08-01 19:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6713F9D40F3D00E7
2012-08-01 18:57 - 2012-08-01 18:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B9ABE2014D9CD438
2012-08-01 18:54 - 2012-08-01 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1AD39D9FC6F4EDA
2012-08-01 18:51 - 2012-08-01 18:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9E23300116868299
2012-08-01 18:48 - 2012-08-01 18:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75969E90459225D8
2012-08-01 18:43 - 2012-08-01 18:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02CBDDB49335DCA2
2012-08-01 18:40 - 2012-08-01 18:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.74BE45840965E688
2012-08-01 18:37 - 2012-08-01 18:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA961D6577E38D4D
2012-08-01 18:35 - 2012-08-01 18:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EC281F03A05862D4
2012-08-01 18:33 - 2012-08-01 18:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79A32A2AC6FAFA63
2012-08-01 18:27 - 2012-08-01 18:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50CB5C6F78322DAA
2012-08-01 18:12 - 2012-08-01 18:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5127EF7252E7874
2012-08-01 18:04 - 2012-08-01 18:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.21A3C9D408CD73DF
2012-08-01 18:00 - 2012-08-01 18:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B7018D534506B337
2012-08-01 17:58 - 2012-08-01 17:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5BF3B8834CF1C5B
2012-08-01 17:55 - 2012-08-01 17:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.37D6430C6EAC5BB1
2012-08-01 17:53 - 2012-08-01 17:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC3E6FD8FFFA8D55
2012-08-01 17:50 - 2012-08-01 17:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.93C3436349025B86
2012-08-01 17:46 - 2012-08-01 17:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E58B55EAB94D4B2C
2012-08-01 17:40 - 2012-08-01 17:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.150AE20EB6783123
2012-08-01 17:38 - 2012-08-01 17:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD180896CE71B1A8
2012-08-01 17:35 - 2012-08-01 17:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B53EF6C9DBDB8AE5
2012-08-01 17:32 - 2012-08-01 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A19E180FA658C5E
2012-08-01 17:30 - 2012-08-01 17:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DB2220710F868E1
2012-08-01 17:27 - 2012-08-01 17:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B40C9070C1D5A1B8
2012-08-01 17:24 - 2012-08-01 17:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5F52720A18AE7DF
2012-08-01 17:21 - 2012-08-01 17:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.442F30237FA9B2A6
2012-08-01 17:19 - 2012-08-01 17:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4493D11F83FEC41B
2012-08-01 17:17 - 2012-08-01 17:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.053E351A1D7ED66B
2012-08-01 17:14 - 2012-08-01 17:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FB147E03CD9A0CE5
2012-08-01 17:12 - 2012-08-01 17:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D06977DCFB03A80
2012-08-01 17:09 - 2012-08-01 17:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9295F5C6D3BFF747
2012-08-01 17:06 - 2012-08-01 17:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.699976F3B025FF87
2012-08-01 17:03 - 2012-08-01 17:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2BB1FF8864FCA4FB
2012-08-01 17:01 - 2012-08-01 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A91062709B51957
2012-08-01 16:58 - 2012-08-01 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7E574C91D2D1B280
2012-08-01 16:56 - 2012-08-01 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC68A6D4EA4DEA52
2012-08-01 16:53 - 2012-08-01 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D294661BC47DB210
2012-08-01 16:51 - 2012-08-01 16:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C40702460CA71393
2012-08-01 16:48 - 2012-08-01 16:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BFCDBE48BBB7B76C
2012-08-01 16:45 - 2012-08-01 16:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8FD09C0BB4A0FCC
2012-08-01 16:43 - 2012-08-01 16:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.710532FA6C59B690
2012-08-01 16:40 - 2012-08-01 16:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2523BAC499D736D8
2012-08-01 16:38 - 2012-08-01 16:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20B4FDC7848D366C
2012-08-01 16:36 - 2012-08-01 16:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E05B434EBC7028D
2012-08-01 16:32 - 2012-08-01 16:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D575F5BF31BB199
2012-08-01 16:30 - 2012-08-01 16:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FC519C414B4F91E
2012-08-01 16:27 - 2012-08-01 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.48E98BA10EB0E3F2
2012-08-01 16:25 - 2012-08-01 16:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42506981F5494B6E
2012-08-01 16:23 - 2012-08-01 16:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA855CD8F3B9469E
2012-08-01 16:20 - 2012-08-01 16:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBD1925FE6EF3598
2012-08-01 16:18 - 2012-08-01 16:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A50A6317CBE52344
2012-08-01 16:15 - 2012-08-01 16:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC86F47F95977A6B
2012-08-01 16:12 - 2012-08-01 16:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FFC25EAB1DBEB1D0
2012-08-01 16:09 - 2012-08-01 16:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FCB301ED906D814B
2012-08-01 16:06 - 2012-08-01 16:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.24A2379ADDBD9ACB
2012-08-01 16:03 - 2012-08-01 16:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A5F496D65971FFF
2012-08-01 15:58 - 2012-08-01 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6B514B7AD16A63B
2012-08-01 15:54 - 2012-08-01 15:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DF0EC05AB416631C
2012-08-01 15:46 - 2012-08-01 15:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.082EBDEC28EF8027
2012-08-01 15:43 - 2012-08-01 15:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7539C71E6A14CDC3
2012-08-01 15:40 - 2012-08-01 15:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.90B2E54951ADEE0B
2012-08-01 15:36 - 2012-08-01 15:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA6442CB581DB35A
C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}
C:\Users\MattK\AppData\Local\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

Mattk11 · Aug 4, 2012

ComboFix 12-08-04.02 - MattK 08/04/2012 14:30:10.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3455.2178 [GMT -5:00]
Running from: c:\users\MattK\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{176E9F61-63DF-4D34-90E6-E3332633B2C5}.xps
c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1908DC03-A80D-49BC-A49F-A75CBE1EA580}.xps
c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3BF7FD25-BB84-4AB5-95B4-ECDF4015E34B}.xps
c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{50832FCC-9DD0-4300-8AA5-3DDE71B0CE20}.xps
c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5F07905C-6639-40A4-BE8C-C58AF9481DD2}.xps
c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D10B957-D0C5-4E7C-9561-B2F12C0393F1}.xps
c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{82C87DDB-6635-4F9A-BA44-0CAF7A4442CE}.xps
c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B23C3A48-A561-42A4-B83A-E9D9E41A6E42}.xps
c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B7A5F551-A6F4-4E28-A835-4D2C79F9B696}.xps
c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C3BE4FA7-6596-46EB-B06C-D218CB4005C9}.xps
c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C7EF9CC1-91FF-477A-B81F-5796A5E51DE8}.xps
c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EBC8E54E-2D4D-4DA2-960B-DF412A348E4B}.xps
c:\users\MattK\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FE43CFE7-F5FB-4DA1-B0C7-BB685D2C4C63}.xps
c:\windows\sqliteodbc2010.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-03 17:39 . 2012-08-03 17:39 -------- d-----w- C:\FRST
2012-08-01 23:29 . 2012-02-09 19:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BABE5B67-506C-466A-AB47-5E1AF051BE30}\gapaengine.dll
2012-08-01 23:29 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F80888A-AA2B-40C9-8636-2F8877AA2061}\mpengine.dll
2012-08-01 23:28 . 2012-08-01 23:28 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-01 23:28 . 2012-08-01 23:28 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-13 18:57 . 2012-07-13 18:57 -------- d-----w- c:\program files (x86)\HDLand
2012-07-09 21:49 . 2012-07-09 21:49 -------- d-----w- c:\users\MattK\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 19:19 . 2012-03-31 14:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 19:19 . 2011-08-18 16:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 08:10 . 2011-08-11 18:45 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-09 00:31 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 00:31 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 00:31 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 00:31 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 00:31 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 00:31 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 00:31 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-09 00:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-09 00:30 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-18 02:47 . 2012-06-13 08:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-13 08:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-13 08:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-13 08:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-13 08:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-13 08:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-13 08:01 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-13 08:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-13 08:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-13 08:01 818688 ----a-w- c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-13 08:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-13 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-13 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-13 08:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-13 08:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-13 08:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-13 08:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-13 08:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-13 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32 . 2012-06-12 22:04 3146752 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-18 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417904]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 136176]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2011-09-30 105672]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-11 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 NfsClnt;Client for NFS;c:\windows\system32\nfsclnt.exe [2010-11-20 65536]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 716872]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 NfsRdr;Client for NFS Redirector;c:\windows\system32\drivers\nfsrdr.sys [2010-11-20 246272]
S3 RpcXdr;Server for NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys [2010-11-20 104960]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCir64.sys [2007-04-25 37760]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:19]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 22:35]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 22:35]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338972807-2305178636-2376310400-1000Core.job
- c:\users\MattK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 07:51]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338972807-2305178636-2376310400-1000UA.job
- c:\users\MattK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-14 07:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 120320]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
TCP: DhcpNameServer = 10.0.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-04 15:02:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 20:02
.
Pre-Run: 80,513,949,696 bytes free
Post-Run: 80,951,267,328 bytes free
.
- - End Of File - - 00B275B7BEA89C8FF005F6FE477D8406

Broni · Aug 4, 2012

In your reply #12 you just posted my script instead of posting a log from FRST fix (Fixlog.txt).
Please post required log.

Mattk11 · Aug 4, 2012

Sorry.......

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01
Ran by SYSTEM at 2012-08-04 13:58:57 Run:1
Running from D:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\System32\services.exe.CAEACAAFE787C68F moved successfully.
C:\Windows\System32\Drivers\sxflhouo.sys moved successfully.
C:\Windows\System32\services.exe.7E4F39965E21C7F6 moved successfully.
C:\Windows\System32\services.exe.9111BA2FA11C53DA moved successfully.
C:\Windows\System32\services.exe.7E3988DAD57C33C2 moved successfully.
C:\Windows\System32\services.exe.83D86AA65D2882DA moved successfully.
C:\Windows\System32\services.exe.7AFBF99538297A81 moved successfully.
C:\Windows\System32\services.exe.B03314A53CAC5343 moved successfully.
C:\Windows\System32\services.exe.FB9502B747DD947F moved successfully.
C:\Windows\System32\services.exe.283098B65BFCCD7F moved successfully.
C:\Windows\System32\services.exe.5DE19A90C14592CB moved successfully.
C:\Windows\System32\services.exe.33EF03CA7700BD56 moved successfully.
C:\Windows\System32\services.exe.9AA9E80FB5FA9C79 moved successfully.
C:\Windows\System32\services.exe.3A37297B7AFB3740 moved successfully.
C:\Windows\System32\services.exe.321B547DF6B81C41 moved successfully.
C:\Windows\System32\services.exe.52D1F4A13FB07749 moved successfully.
C:\Windows\System32\services.exe.CE732EBEDF684671 moved successfully.
C:\Windows\System32\services.exe.A9E2067CFB24A51B moved successfully.
C:\Windows\System32\services.exe.5BC22F3B63249298 moved successfully.
C:\Windows\System32\services.exe.F59426F21092A259 moved successfully.
C:\Windows\System32\services.exe.D79C72E3A81AB659 moved successfully.
C:\Windows\System32\services.exe.D09342258975EEDF moved successfully.
C:\Windows\System32\services.exe.6B3BA0D3DBD2FCD8 moved successfully.
C:\Windows\System32\services.exe.5FB7481F667A2F54 moved successfully.
C:\Windows\System32\services.exe.687214882F642C44 moved successfully.
C:\Windows\System32\services.exe.0A389346A41C4B6B moved successfully.
C:\Windows\System32\services.exe.8E20DEE647728EEB moved successfully.
C:\Windows\System32\services.exe.E3AF53DD9B06B235 moved successfully.
C:\Windows\System32\services.exe.528D5DA1D14332DE moved successfully.
C:\Windows\System32\services.exe.9DC33A5A0FBA1369 moved successfully.
C:\Windows\System32\services.exe.AEEB722910C84175 moved successfully.
C:\Windows\System32\services.exe.B0C99CD8B6EB29C4 moved successfully.
C:\Windows\System32\services.exe.5960297848E68FC5 moved successfully.
C:\Windows\System32\services.exe.39DE16FD8384686D moved successfully.
C:\Windows\System32\services.exe.BAA367B6B64571F1 moved successfully.
C:\Windows\System32\services.exe.B27628944C12F703 moved successfully.
C:\Windows\System32\services.exe.D29FC9E61EB1B7C6 moved successfully.
C:\Windows\System32\services.exe.C1D4ED5D66D65413 moved successfully.
C:\Windows\System32\services.exe.24DE82605635B81B moved successfully.
C:\Windows\System32\services.exe.E41E037F0AFCCD4A moved successfully.
C:\Windows\System32\services.exe.122A5E1E54AE5ED2 moved successfully.
C:\Windows\System32\services.exe.9742DC30B0311E00 moved successfully.
C:\Windows\System32\services.exe.7159B463D1C5FE20 moved successfully.
C:\Windows\System32\services.exe.A525FB6F6319F7EF moved successfully.
C:\Windows\System32\services.exe.96C3E4BA915F702E moved successfully.
C:\Windows\System32\services.exe.D64EF27F40D682F7 moved successfully.
C:\Windows\System32\services.exe.C4985E93A8A5F674 moved successfully.
C:\Windows\System32\services.exe.DA1735DDB584FAEB moved successfully.
C:\Windows\System32\services.exe.59A2A60A6311803B moved successfully.
C:\Windows\System32\services.exe.9A4AC2A8C91DAD65 moved successfully.
C:\Windows\System32\services.exe.BABD326F42F07624 moved successfully.
C:\Windows\System32\services.exe.425385496B36D13E moved successfully.
C:\Windows\System32\services.exe.14523C6E8170B64D moved successfully.
C:\Windows\System32\services.exe.D011AA9C2F1DDA6D moved successfully.
C:\Windows\System32\services.exe.EE650F1C034B2962 moved successfully.
C:\Windows\System32\services.exe.9F152D54FEA96A54 moved successfully.
C:\Windows\System32\services.exe.EEE1C5962E7C7D18 moved successfully.
C:\Windows\System32\services.exe.2BB12AAECC3C0573 moved successfully.
C:\Windows\System32\services.exe.732D2908EB80F490 moved successfully.
C:\Windows\System32\services.exe.8AD311E264369345 moved successfully.
C:\Windows\System32\services.exe.7603D803F7FF7E95 moved successfully.
C:\Windows\System32\services.exe.3D0C0BD1DAEDC287 moved successfully.
C:\Windows\System32\services.exe.7FAA53174069E117 moved successfully.
C:\Windows\System32\services.exe.CAAEA68937437AC0 moved successfully.
C:\Windows\System32\services.exe.164D00AEC9A7F87D moved successfully.
C:\Windows\System32\services.exe.07E46FBBB0F23A63 moved successfully.
C:\Windows\System32\services.exe.3CFA7F46FE59DF4A moved successfully.
C:\Windows\System32\services.exe.34E6064420F94D8E moved successfully.
C:\Windows\System32\services.exe.4557614E7FBCA38F moved successfully.
C:\Windows\System32\services.exe.DE447090B88B6140 moved successfully.
C:\Windows\System32\services.exe.E9FC033005D9CEB7 moved successfully.
C:\Windows\System32\services.exe.78C93B32663A461C moved successfully.
C:\Windows\System32\services.exe.5FB51642D65A6AED moved successfully.
C:\Windows\System32\services.exe.16E0FC74C1EC0332 moved successfully.
C:\Windows\System32\services.exe.8CFB6835567BB57F moved successfully.
C:\Windows\System32\services.exe.661AAECD479867FC moved successfully.
C:\Windows\System32\services.exe.92CA104CB6B20223 moved successfully.
C:\Windows\System32\services.exe.4DD94C9B17A66FAF moved successfully.
C:\Windows\System32\services.exe.16686CF02F23027F moved successfully.
C:\Windows\System32\services.exe.4167AE9B0C050290 moved successfully.
C:\Windows\System32\services.exe.03B273584CB58979 moved successfully.
C:\Windows\System32\services.exe.614D4E9243E4F92E moved successfully.
C:\Windows\System32\services.exe.D3C8733D05F8DD51 moved successfully.
C:\Windows\System32\services.exe.D00D5357E4AF8B1E moved successfully.
C:\Windows\System32\services.exe.4BAA7E4BFE0AAC59 moved successfully.
C:\Windows\System32\services.exe.3F84FFDFFC6BCA91 moved successfully.
C:\Windows\System32\services.exe.611F6DF78FECF8DF moved successfully.
C:\Windows\System32\services.exe.4F8E5CB9A7BE3B96 moved successfully.
C:\Windows\System32\services.exe.85EA4C9C0FF97D4A moved successfully.
C:\Windows\System32\services.exe.3363AA46023FF692 moved successfully.
C:\Windows\System32\services.exe.DA9C0FF669B88EC4 moved successfully.
C:\Windows\System32\services.exe.1D5FA15A6BD25007 moved successfully.
C:\Windows\System32\services.exe.CCB91B31723180D6 moved successfully.
C:\Windows\System32\services.exe.C40C90D8BD647F6F moved successfully.
C:\Windows\System32\services.exe.1C420B175B33DAD4 moved successfully.
C:\Windows\System32\services.exe.ADD49242DC72885E moved successfully.
C:\Windows\System32\services.exe.AF6AA2BDD1925292 moved successfully.
C:\Windows\System32\services.exe.3840E6DC9293A846 moved successfully.
C:\Windows\System32\services.exe.F5913E98792C7A9D moved successfully.
C:\Windows\System32\services.exe.3C506211357A9A94 moved successfully.
C:\Windows\System32\services.exe.53A31E5E79F082D9 moved successfully.
C:\Windows\System32\services.exe.FAF388D99072CD8B moved successfully.
C:\Windows\System32\services.exe.A71DFCCD88E0C172 moved successfully.
C:\Windows\System32\services.exe.A5B1E9CC6DF25639 moved successfully.
C:\Windows\System32\services.exe.105C604F2EF4E085 moved successfully.
C:\Windows\System32\services.exe.51A47559531877FB moved successfully.
C:\Windows\System32\services.exe.E667505CDC044B4E moved successfully.
C:\Windows\System32\services.exe.20C6A432EE076E48 moved successfully.
C:\Windows\System32\services.exe.DE186F5347687056 moved successfully.
C:\Windows\System32\services.exe.3E1AF63FAE598301 moved successfully.
C:\Windows\System32\services.exe.10950AD09488E3C9 moved successfully.
C:\Windows\System32\services.exe.727CD3E397711FBD moved successfully.
C:\Windows\System32\services.exe.FD64AE2A600D9E96 moved successfully.
C:\Windows\System32\services.exe.61C30F20A5DC977B moved successfully.
C:\Windows\System32\services.exe.679BFC1BB9030927 moved successfully.
C:\Windows\System32\services.exe.0014A19341F446C3 moved successfully.
C:\Windows\System32\services.exe.A0AC70939866BFB9 moved successfully.
C:\Windows\System32\services.exe.4F70ACD587B17A2D moved successfully.
C:\Windows\System32\services.exe.A2EA7C9FC2E7156E moved successfully.
C:\Windows\System32\services.exe.4DEF15AD666AD9FF moved successfully.
C:\Windows\System32\services.exe.1918A9640383714C moved successfully.
C:\Windows\System32\services.exe.5402D42734D03253 moved successfully.
C:\Windows\System32\services.exe.B014E7746B69BB5C moved successfully.
C:\Windows\System32\services.exe.94929C660C1FD1D4 moved successfully.
C:\Windows\System32\services.exe.9EF7704FA9D20E1B moved successfully.
C:\Windows\System32\services.exe.F388D241C2191134 moved successfully.
C:\Windows\System32\services.exe.A04D9D20D033A5BB moved successfully.
C:\Windows\System32\services.exe.D9C3C0CD22146FAF moved successfully.
C:\Windows\System32\services.exe.03FFBFFA76C511AA moved successfully.
C:\Windows\System32\services.exe.108C453C32538CE9 moved successfully.
C:\Windows\System32\services.exe.8AB28B14A4258C2A moved successfully.
C:\Windows\System32\services.exe.AD82583D218B144C moved successfully.
C:\Windows\System32\services.exe.47FF61110861FD93 moved successfully.
C:\Windows\System32\services.exe.F2A4DCCD093442F2 moved successfully.
C:\Windows\System32\services.exe.1078064C81A54B58 moved successfully.
C:\Windows\System32\services.exe.79D07146B253AB00 moved successfully.
C:\Windows\System32\services.exe.5A77C38DF3F8DF5B moved successfully.
C:\Windows\System32\services.exe.450418ED28DDD245 moved successfully.
C:\Windows\System32\services.exe.6A013C9220DD8DFA moved successfully.
C:\Windows\System32\services.exe.06EBF1CC5E0B75D4 moved successfully.
C:\Windows\System32\services.exe.DF7F7AFB4DFA790C moved successfully.
C:\Windows\System32\services.exe.CE800A2ABA43F24C moved successfully.
C:\Windows\System32\services.exe.11DA6FD0CE63C16E moved successfully.
C:\Windows\System32\services.exe.26DD48C1A7C050B6 moved successfully.
C:\Windows\System32\services.exe.28C471C03152E1B3 moved successfully.
C:\Windows\System32\services.exe.E3816B138406EF55 moved successfully.
C:\Windows\System32\services.exe.2A66F14526025BAE moved successfully.
C:\Windows\System32\services.exe.F20BF6937A603056 moved successfully.
C:\Windows\System32\services.exe.E91FCF0C3369A279 moved successfully.
C:\Windows\System32\services.exe.806535E31760765E moved successfully.
C:\Windows\System32\services.exe.49F559AE5FDEDCB1 moved successfully.
C:\Windows\System32\services.exe.EE25DCA304633506 moved successfully.
C:\Windows\System32\services.exe.8C3635234BBE6D9F moved successfully.
C:\Windows\System32\services.exe.03B4A08F65E6BE9F moved successfully.
C:\Windows\System32\services.exe.27B1D73589D1C2DA moved successfully.
C:\Windows\System32\services.exe.2FA2801141B53E39 moved successfully.
C:\Windows\System32\services.exe.E464B8FC0107FC3E moved successfully.
C:\Windows\System32\services.exe.E2E27867A9E999F1 moved successfully.
C:\Windows\System32\services.exe.1541ADBDA750577A moved successfully.
C:\Windows\System32\services.exe.0328FC39D608ABF1 moved successfully.
C:\Windows\System32\services.exe.90F7EE4EB1D5E02F moved successfully.
C:\Windows\System32\services.exe.E4EAAA88BFB5308D moved successfully.
C:\Windows\System32\services.exe.14410C837950975D moved successfully.
C:\Windows\System32\services.exe.DF6CF736CA4EA728 moved successfully.
C:\Windows\System32\services.exe.91D5ACB29237EC45 moved successfully.
C:\Windows\System32\services.exe.B80E41D62A2707FA moved successfully.
C:\Windows\System32\services.exe.8D24A5380615DC3E moved successfully.
C:\Windows\System32\services.exe.CE376ECF4C875275 moved successfully.
C:\Windows\System32\services.exe.E483E6825B6D8295 moved successfully.
C:\Windows\System32\services.exe.5BC3413C7D34B109 moved successfully.
C:\Windows\System32\services.exe.56B3F557EC4182A8 moved successfully.
C:\Windows\System32\services.exe.71868BE536497452 moved successfully.
C:\Windows\System32\services.exe.1F90B2F01D11BB6B moved successfully.
C:\Windows\System32\services.exe.2D8F2C9B40D0859B moved successfully.
C:\Windows\System32\services.exe.5955C4F362257FE3 moved successfully.
C:\Windows\System32\services.exe.C3C8A475B854FDB1 moved successfully.
C:\Windows\System32\services.exe.D412545A67F4083C moved successfully.
C:\Windows\System32\services.exe.B050F9C9D882F6A4 moved successfully.
C:\Windows\System32\services.exe.950F767B185E03B4 moved successfully.
C:\Windows\System32\services.exe.FBD51F87895F6043 moved successfully.
C:\Windows\System32\services.exe.58B181379F5F7276 moved successfully.
C:\Windows\System32\services.exe.CF063EE80E2F420F moved successfully.
C:\Windows\System32\services.exe.65136D1FDCB47772 moved successfully.
C:\Windows\System32\services.exe.0F88A215B0FA4F00 moved successfully.
C:\Windows\System32\services.exe.6713F9D40F3D00E7 moved successfully.
C:\Windows\System32\services.exe.B9ABE2014D9CD438 moved successfully.
C:\Windows\System32\services.exe.E1AD39D9FC6F4EDA moved successfully.
C:\Windows\System32\services.exe.9E23300116868299 moved successfully.
C:\Windows\System32\services.exe.75969E90459225D8 moved successfully.
C:\Windows\System32\services.exe.02CBDDB49335DCA2 moved successfully.
C:\Windows\System32\services.exe.74BE45840965E688 moved successfully.
C:\Windows\System32\services.exe.BA961D6577E38D4D moved successfully.
C:\Windows\System32\services.exe.EC281F03A05862D4 moved successfully.
C:\Windows\System32\services.exe.79A32A2AC6FAFA63 moved successfully.
C:\Windows\System32\services.exe.50CB5C6F78322DAA moved successfully.
C:\Windows\System32\services.exe.A5127EF7252E7874 moved successfully.
C:\Windows\System32\services.exe.21A3C9D408CD73DF moved successfully.
C:\Windows\System32\services.exe.B7018D534506B337 moved successfully.
C:\Windows\System32\services.exe.C5BF3B8834CF1C5B moved successfully.
C:\Windows\System32\services.exe.37D6430C6EAC5BB1 moved successfully.
C:\Windows\System32\services.exe.CC3E6FD8FFFA8D55 moved successfully.
C:\Windows\System32\services.exe.93C3436349025B86 moved successfully.
C:\Windows\System32\services.exe.E58B55EAB94D4B2C moved successfully.
C:\Windows\System32\services.exe.150AE20EB6783123 moved successfully.
C:\Windows\System32\services.exe.CD180896CE71B1A8 moved successfully.
C:\Windows\System32\services.exe.B53EF6C9DBDB8AE5 moved successfully.
C:\Windows\System32\services.exe.3A19E180FA658C5E moved successfully.
C:\Windows\System32\services.exe.5DB2220710F868E1 moved successfully.
C:\Windows\System32\services.exe.B40C9070C1D5A1B8 moved successfully.
C:\Windows\System32\services.exe.A5F52720A18AE7DF moved successfully.
C:\Windows\System32\services.exe.442F30237FA9B2A6 moved successfully.
C:\Windows\System32\services.exe.4493D11F83FEC41B moved successfully.
C:\Windows\System32\services.exe.053E351A1D7ED66B moved successfully.
C:\Windows\System32\services.exe.FB147E03CD9A0CE5 moved successfully.
C:\Windows\System32\services.exe.0D06977DCFB03A80 moved successfully.
C:\Windows\System32\services.exe.9295F5C6D3BFF747 moved successfully.
C:\Windows\System32\services.exe.699976F3B025FF87 moved successfully.
C:\Windows\System32\services.exe.2BB1FF8864FCA4FB moved successfully.
C:\Windows\System32\services.exe.3A91062709B51957 moved successfully.
C:\Windows\System32\services.exe.7E574C91D2D1B280 moved successfully.
C:\Windows\System32\services.exe.AC68A6D4EA4DEA52 moved successfully.
C:\Windows\System32\services.exe.D294661BC47DB210 moved successfully.
C:\Windows\System32\services.exe.C40702460CA71393 moved successfully.
C:\Windows\System32\services.exe.BFCDBE48BBB7B76C moved successfully.
C:\Windows\System32\services.exe.F8FD09C0BB4A0FCC moved successfully.
C:\Windows\System32\services.exe.710532FA6C59B690 moved successfully.
C:\Windows\System32\services.exe.2523BAC499D736D8 moved successfully.
C:\Windows\System32\services.exe.20B4FDC7848D366C moved successfully.
C:\Windows\System32\services.exe.4E05B434EBC7028D moved successfully.
C:\Windows\System32\services.exe.5D575F5BF31BB199 moved successfully.
C:\Windows\System32\services.exe.9FC519C414B4F91E moved successfully.
C:\Windows\System32\services.exe.48E98BA10EB0E3F2 moved successfully.
C:\Windows\System32\services.exe.42506981F5494B6E moved successfully.
C:\Windows\System32\services.exe.AA855CD8F3B9469E moved successfully.
C:\Windows\System32\services.exe.DBD1925FE6EF3598 moved successfully.
C:\Windows\System32\services.exe.A50A6317CBE52344 moved successfully.
C:\Windows\System32\services.exe.AC86F47F95977A6B moved successfully.
C:\Windows\System32\services.exe.FFC25EAB1DBEB1D0 moved successfully.
C:\Windows\System32\services.exe.FCB301ED906D814B moved successfully.
C:\Windows\System32\services.exe.24A2379ADDBD9ACB moved successfully.
C:\Windows\System32\services.exe.9A5F496D65971FFF moved successfully.
C:\Windows\System32\services.exe.A6B514B7AD16A63B moved successfully.
C:\Windows\System32\services.exe.DF0EC05AB416631C moved successfully.
C:\Windows\System32\services.exe.082EBDEC28EF8027 moved successfully.
C:\Windows\System32\services.exe.7539C71E6A14CDC3 moved successfully.
C:\Windows\System32\services.exe.90B2E54951ADEE0B moved successfully.
C:\Windows\System32\services.exe.BA6442CB581DB35A moved successfully.
C:\Windows\Installer\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0} moved successfully.
C:\Users\MattK\AppData\Local\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====

Broni · Aug 4, 2012

All looks good

Any current issues?

==============================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Mattk11 · Aug 4, 2012

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.04.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MattK :: MATTK-PC [administrator]
Protection: Enabled
8/4/2012 10:28:53 PM
mbam-log-2012-08-04 (22-28-53).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214868
Time elapsed: 2 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Mattk11 · Aug 4, 2012

OTL logfile created on: 8/4/2012 10:35:53 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\MattK\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 37.11% Memory free
6.75 Gb Paging File | 4.57 Gb Available in Paging File | 67.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 74.55 Gb Free Space | 50.05% Space Free | Partition Type: NTFS

Computer Name: MATTK-PC | User Name: MattK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/04 22:32:45 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\MattK\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 00:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/02/25 07:01:48 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/06/22 14:31:34 | 001,353,232 | ---- | M] (Logitech, Inc.) -- C:\Users\MattK\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
PRC - [2011/06/22 14:31:30 | 000,351,248 | ---- | M] (Logitech, Inc.) -- C:\Users\MattK\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
PRC - [2009/11/11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/11/20 08:24:58 | 000,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nfsclnt.exe -- (NfsClnt)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/12/01 20:45:18 | 000,932,864 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2007/02/06 11:45:30 | 000,080,384 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/08/04 14:19:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:52:02 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/30 14:59:38 | 000,105,672 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/08/19 10:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 04:27:12 | 000,104,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rpcxdr.sys -- (RpcXdr)
DRV:64bit: - [2010/11/20 04:26:56 | 000,246,272 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\nfsrdr.sys -- (NfsRdr)
DRV:64bit: - [2009/12/03 16:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/20 08:40:34 | 000,011,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBttn64.sys -- (HBtnKey)
DRV:64bit: - [2008/12/01 22:15:04 | 005,000,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/04/24 17:25:48 | 000,402,432 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2007/09/15 02:51:06 | 000,310,832 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/04/25 13:34:12 | 000,037,760 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smscir64.sys -- (SMSCIRDA)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 66 0C B0 5A 58 CC 01 [binary data]
IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS445
IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MattK\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MattK\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/15 10:37:45 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\MattK\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MattK\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MattK\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\MattK\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\MattK\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\MattK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\MattK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\MattK\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\MattK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/04 14:48:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3:64bit: - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2338972807-2305178636-2376310400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NEP1-267/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D88B283-9202-49F3-ACB3-6A928CF16444}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 22:32:44 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\MattK\Desktop\OTL.exe
[2012/08/04 22:27:43 | 000,000,000 | ---D | C] -- C:\Users\MattK\AppData\Roaming\Malwarebytes
[2012/08/04 22:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/04 22:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/04 22:27:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/04 22:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/04 22:25:27 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\MattK\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/04 15:02:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/04 14:48:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/04 14:27:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/04 14:27:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/04 14:27:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/04 14:27:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/04 14:27:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/04 14:24:54 | 004,724,408 | R--- | C] (Swearware) -- C:\Users\MattK\Desktop\ComboFix.exe
[2012/08/03 12:39:19 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/01 18:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/01 18:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/01 18:24:20 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/13 13:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zappiti
[2012/07/13 13:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDLand
[2012/07/09 16:49:32 | 000,000,000 | ---D | C] -- C:\Users\MattK\AppData\Local\Diagnostics

========== Files - Modified Within 30 Days ==========

[2012/08/04 22:32:45 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\MattK\Desktop\OTL.exe
[2012/08/04 22:27:38 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 22:25:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\MattK\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/04 22:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/04 22:11:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2338972807-2305178636-2376310400-1000UA.job
[2012/08/04 22:11:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/04 18:11:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/04 16:00:04 | 000,015,008 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 16:00:04 | 000,015,008 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 15:57:32 | 000,861,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/04 15:57:32 | 000,720,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/04 15:57:32 | 000,141,730 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/04 15:52:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/04 15:52:13 | 2717,458,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/04 14:48:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/04 14:24:54 | 004,724,408 | R--- | M] (Swearware) -- C:\Users\MattK\Desktop\ComboFix.exe
[2012/08/04 14:07:40 | 000,002,453 | ---- | M] () -- C:\Users\MattK\Desktop\Google Chrome.lnk
[2012/08/01 18:28:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/01 18:28:34 | 000,875,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/01 12:11:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2338972807-2305178636-2376310400-1000Core.job
[2012/07/16 07:33:48 | 000,001,358 | ---- | M] () -- C:\Users\MattK\Desktop\Norton Installation Files.lnk
[2012/07/13 13:57:14 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Zappiti.exe.lnk

========== Files Created - No Company Name ==========

[2012/08/04 22:27:38 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 14:27:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/04 14:27:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/04 14:27:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/04 14:27:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/04 14:27:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/01 18:28:39 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/16 07:33:47 | 000,001,358 | ---- | C] () -- C:\Users\MattK\Desktop\Norton Installation Files.lnk
[2012/06/14 17:53:00 | 000,517,329 | ---- | C] () -- C:\Users\MattK\Winstons X-Ray for 1.2.4.zip
[2011/10/07 19:45:55 | 000,000,000 | ---- | C] () -- C:\Users\MattK\AppData\Local\{0DCD54C4-9B81-4C11-9574-FB2D0789C456}
[2011/08/19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/08/11 17:14:36 | 000,875,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/11 14:07:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2012/06/15 08:21:49 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\.minecraft
[2012/01/04 15:12:22 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\calibre
[2012/03/30 10:24:18 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\HandBrake
[2012/01/12 13:13:01 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\Leadertech
[2012/01/16 14:49:29 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\Obsidium
[2012/06/10 19:10:10 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\PDAppFlex
[2011/08/15 07:18:38 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\TightVNC
[2012/04/19 11:20:49 | 000,000,000 | ---D | M] -- C:\Users\MattK\AppData\Roaming\webex
[2012/08/02 03:03:23 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Mattk11 · Aug 4, 2012

OTL Extras logfile created on: 8/4/2012 10:35:53 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\MattK\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 37.11% Memory free
6.75 Gb Paging File | 4.57 Gb Available in Paging File | 67.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 74.55 Gb Free Space | 50.05% Space Free | Partition Type: NTFS

Computer Name: MATTK-PC | User Name: MattK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43ED5430-0652-4216-8B5D-4F82E3AB416F}" = calibre
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FC941376-E950-4B45-8AE0-266994D7887D}" = Zappiti
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"HandBrake" = HandBrake 0.9.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Scratch" = Scratch
"SQLite2009 Pro Enterprise Manager_is1" = SQLite2009 Pro Enterprise Manager [2011.05.20]
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"TightVNC" = TightVNC 2.0.4
"VLC media player" = VLC media player 2.0.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2338972807-2305178636-2376310400-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2012 10:02:13 AM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/24/2012 10:02:13 AM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14181

Error - 7/24/2012 10:02:13 AM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14181

Error - 7/24/2012 10:02:14 AM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/24/2012 10:02:14 AM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15288

Error - 7/24/2012 10:02:14 AM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15288

Error - 7/29/2012 3:22:17 PM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/29/2012 3:22:17 PM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 451222315

Error - 7/29/2012 3:22:17 PM | Computer Name = MattK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 451222315

Error - 8/2/2012 7:44:54 AM | Computer Name = MattK-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.
System
Error: The RPC server is unavailable. .

[ System Events ]
Error - 5/8/2012 11:34:49 PM | Computer Name = MattK-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/11/2012 6:25:56 PM | Computer Name = MattK-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:23:57 PM on ?5/?11/?2012 was unexpected.

Error - 5/11/2012 6:25:58 PM | Computer Name = MATTK-PC | Source = BugCheck | ID = 1001
Description =

Error - 5/17/2012 9:11:33 AM | Computer Name = MattK-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:10:25 AM on ?5/?17/?2012 was unexpected.

Error - 5/17/2012 10:12:11 AM | Computer Name = MattK-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:08:23 AM on ?5/?17/?2012 was unexpected.

Error - 5/18/2012 11:31:25 AM | Computer Name = MattK-PC | Source = bowser | ID = 8003
Description =

Error - 6/13/2012 4:34:23 AM | Computer Name = MattK-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error: %%1115

Error - 6/13/2012 1:44:12 PM | Computer Name = MattK-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/14/2012 1:22:59 PM | Computer Name = MattK-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 6/14/2012 1:23:01 PM | Computer Name = MattK-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

< End of report >

Broni · Aug 5, 2012

OTL logs are clean.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Mattk11 · Aug 5, 2012

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 27
Java version out of Date!
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Mattk11 · Aug 5, 2012

Farbar Service Scanner Version: 04-08-2012 01
Ran by MattK (administrator) on 05-08-2012 at 03:51:44
Running from "C:\Users\MattK\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Mattk11 · Aug 5, 2012

Mattk11 · Aug 5, 2012

C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan
C:\FRST\Quarantine\{b1588b5a-2669-bf9e-6401-2b68aa64b5c0}\n Win64/Sirefef.W trojan
C:\Users\MattK\Downloads\Andrea_Doria_Vs_The_Cult_Bucci_Bag_Vs_She_Sells_Sanctuary_-_Andrea_Doria_Vs_The_Cult.concert.wma.exe Win32/InstallCore application

Broni · Aug 5, 2012

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

======================================

We have one corrupted registry key affecting Windows updates.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on bits.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

Solved Windows has encountered a critical problem and will restart automatically in one minute. Please save

Posts: 21 +0

Posts: 56,041 +516

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 56,041 +516

Posts: 21 +0

Posts: 56,041 +516

Attachments

Posts: 21 +0

Posts: 21 +0

Posts: 56,041 +516

Posts: 21 +0

Posts: 56,041 +516

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 56,041 +516

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 21 +0

Posts: 56,041 +516

Similar threads