doug123
-
Posts
12 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by doug123
-
aliB, it has been running good so far, thanks for all the help!
-
I ran a full Norton scan and I didn't get anything!
-
This computer is running fine, but it really hasn't been running that poorly this whole time. Really, the only issue has been that this virus keeps showing up on scans.
-
That last post didn't come out the way I expected, and I don't know how to edit it, I'll try again: Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.18.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 RMM :: RMM-PC [administrator] Protection: Enabled 8/18/2012 2:06:03 PM mbam-log-2012-08-18 (14-06-03).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 200563 Time elapsed: 3 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan deleted - quarantined C:\Users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\extensions\milesskgrs@milesskgrs.org.xpi JS/Redirector.NCA trojan deleted - quarantined C:\Users\RMM\Documents\Rick Backup\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application cleaned by deleting - quarantined
-
<p> <style id="_clearly_component__css" type="text/css"> #next_pages_container { width: 5px; hight: 5px; position: absolute; top: -100px; left: -100px; z-index: 2147483647 !important; }</style> aliB, thanks for the continued help, here are those two files:</p> <p> </p> <p> </p> <p> </p> <p> </p> <div>Malwarebytes Anti-Malware (Trial) 1.62.0.1300</div> <div>www.malwarebytes.org</div> <div> </div> <div>Database version: v2012.08.18.05</div> <div> </div> <div>Windows 7 Service Pack 1 x64 NTFS</div> <div>Internet Explorer 9.0.8112.16421</div> <div>RMM :: RMM-PC [administrator]</div> <div> </div> <div>Protection: Enabled</div> <div> </div> <div>8/18/2012 2:06:03 PM</div> <div>mbam-log-2012-08-18 (14-06-03).txt</div> <div> </div> <div>Scan type: Quick scan</div> <div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div> <div>Scan options disabled: P2P</div> <div>Objects scanned: 200563</div> <div>Time elapsed: 3 minute(s), 28 second(s)</div> <div> </div> <div>Memory Processes Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Memory Modules Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Keys Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Values Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Data Items Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Folders Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Files Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>(end)</div> <div> </div> <div> </div> <div> </div> <p> </p> <p> </p> <div>C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Patched.B.Gen trojan<span class="Apple-tab-span" style="white-space:pre"> </span>deleted - quarantined</div> <div>C:\Users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\extensions\milesskgrs@milesskgrs.org.xpi<span class="Apple-tab-span" style="white-space:pre"> </span>JS/Redirector.NCA trojan<span class="Apple-tab-span" style="white-space:pre"> </span>deleted - quarantined</div> <div>C:\Users\RMM\Documents\Rick Backup\Program Files\Common Files\Real\Toolbar\RealBar.dll<span class="Apple-tab-span" style="white-space:pre"> </span>probably a variant of Win32/Adware.Toolbar.Visicom.AB application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div> <div> </div> <div id="_clearly_component__next_pages_container"> </div>
-
Ok, thanks, here it is: Farbar Service Scanner Version: 06-08-2012 Ran by RMM (administrator) on 17-08-2012 at 16:57:53 Running from "C:\Users\RMM\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
-
Regarding the Bits.reg, I am not clear on what you mean by "Right click...and merge" I am not getting a "merge" option. Is that after I run it? In the meantime, here is the OTL file: OTL logfile created on: 8/17/2012 4:00:14 PM - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\RMM\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.97 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.64% Memory free 15.93 Gb Paging File | 13.75 Gb Available in Paging File | 86.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.07 Gb Total Space | 305.22 Gb Free Space | 67.66% Space Free | Partition Type: NTFS Drive E: | 488.00 Mb Total Space | 47.70 Mb Free Space | 9.78% Space Free | Partition Type: FAT Computer Name: RMM-PC | User Name: RMM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/17 14:30:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\RMM\Downloads\OTL.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe PRC - [2012/06/08 09:59:01 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\RMM\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2011/11/07 22:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe PRC - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2011/06/17 11:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009/09/17 13:06:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe PRC - [2009/09/17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2009/08/28 19:36:28 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2009/07/16 21:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2009/07/01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009/06/24 16:31:44 | 001,942,792 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe PRC - [2009/06/24 16:31:44 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe PRC - [2009/06/24 16:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009/05/21 08:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2012/06/14 08:15:08 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll MOD - [2012/06/14 08:14:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/14 08:14:34 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/30 16:01:01 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll MOD - [2012/05/11 08:21:11 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012/05/11 07:57:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/11 07:57:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/11 07:57:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 07:56:56 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/10/30 21:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2009/09/17 13:06:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe MOD - [2009/09/17 13:05:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2009/09/17 13:05:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2009/09/17 13:05:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2009/09/17 13:05:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2009/09/17 13:05:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2009/09/17 13:05:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2009/09/17 13:04:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll MOD - [2009/09/17 13:04:00 | 000,115,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll MOD - [2009/09/11 12:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009/06/24 16:32:34 | 000,089,352 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll MOD - [2009/06/24 16:31:46 | 000,059,144 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll MOD - [2009/06/24 16:31:00 | 000,234,760 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/02/09 02:16:50 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/06/28 22:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV) SRV:64bit: - [2009/06/25 04:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2012/08/15 11:18:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS) SRV - [2012/06/08 09:59:01 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) SRV - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2011/06/17 11:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/09 02:16:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/01/26 03:59:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2009/09/17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2009/06/28 22:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV) SRV - [2009/06/24 16:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) [Auto | Running] -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 18:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/05 20:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/07/05 20:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/06/06 22:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012/05/21 19:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA) DRV:64bit: - [2012/04/17 20:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS) DRV:64bit: - [2012/04/17 20:13:31 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2012/04/17 19:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON) DRV:64bit: - [2012/03/23 08:39:19 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/11/07 22:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64) DRV:64bit: - [2011/08/16 00:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS) DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009/09/14 22:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009/08/06 05:59:00 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/07/02 08:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/07/02 08:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/07/02 08:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009/07/02 08:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/06/28 22:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009/06/25 22:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/06/25 05:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/06/25 03:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009/06/25 02:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009/06/25 02:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009/06/10 14:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 15:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP) DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2012/08/17 11:27:49 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.048\ex64.sys -- (NAVEX15) DRV - [2012/08/17 11:27:49 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.048\eng64.sys -- (NAVENG) DRV - [2012/08/10 18:25:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120811.003\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/08/08 22:38:39 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/08/08 22:38:39 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/06/14 12:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120815.002\IDSviA64.sys -- (IDSVia64) DRV - [2011/12/15 11:03:14 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302) DRV - [2011/11/07 22:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64) DRV - [2011/11/07 22:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64) DRV - [2009/08/28 19:36:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/14 12:15:26] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5A04359D-1C2B-4838-A8B1-F7BE79EC8519} IE:64bit: - HKLM\..\SearchScopes\{5A04359D-1C2B-4838-A8B1-F7BE79EC8519}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {F072852A-0BCC-4330-81AD-A20F66D59183} IE - HKLM\..\SearchScopes\{F072852A-0BCC-4330-81AD-A20F66D59183}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=iglk IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\..\SearchScopes,DefaultScope = {F072852A-0BCC-4330-81AD-A20F66D59183} IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn\ [2012/04/02 20:35:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\coFFPlgn\ [2012/08/17 16:00:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/17 12:49:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/02 11:21:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/16 16:16:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/17 12:49:18 | 000,000,000 | ---D | M] [2010/02/09 00:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RMM\AppData\Roaming\Mozilla\Extensions [2012/06/11 16:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\extensions [2011/01/11 16:40:27 | 000,002,470 | ---- | M] () -- C:\Users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\searchplugins\safesearch.xml [2011/07/19 08:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/02/16 23:45:09 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/04/24 15:24:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011/04/26 23:02:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/07/19 08:06:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012/04/02 20:35:24 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPLGN [2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll O1 HOSTS File: ([2012/08/17 12:42:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision ) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-714534092-591680571-4139338378-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FAStartup] File not found O4 - HKLM..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision ) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-714534092-591680571-4139338378-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\RMM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-714534092-591680571-4139338378-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B51E7255-9887-472B-909E-E592F9A510ED}: DhcpNameServer = 4.2.2.2 4.2.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA405FC1-675D-4B5B-BC6A-6119799C3D87}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\cozi - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O20 - Winlogon\Notify\FastAccess: DllName - (c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll () O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/17 15:58:27 | 000,000,000 | R--D | C] -- C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012/08/17 15:27:15 | 000,000,000 | ---D | C] -- C:\_OTL [2012/08/17 12:50:17 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/08/17 12:43:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/08/17 12:25:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/08/17 12:25:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/08/17 12:25:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/08/17 12:02:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/17 12:01:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/17 11:17:56 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{06F0FBCB-106E-47E8-86C9-4DD30AF02154} [2012/08/17 11:17:41 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4BD931AD-B67F-4CA7-9E4F-5D5B95E0AECA} [2012/08/17 00:25:54 | 000,000,000 | ---D | C] -- C:\FRST [2012/08/16 16:23:35 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{657D4874-07E7-41D2-A920-60E2C8BD0E55} [2012/08/16 16:23:19 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{7FEB4892-BC97-4F0C-A0C0-E61B2AFBAB3D} [2012/08/16 14:12:33 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\Malwarebytes [2012/08/16 14:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/16 14:12:23 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/08/16 14:12:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/16 14:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/08/15 15:55:02 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\HPAppData [2012/08/15 15:45:05 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\PC Utility Kit [2012/08/15 15:45:05 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\DriverCure [2012/08/15 15:44:39 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit [2012/08/15 15:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Utility Kit [2012/08/15 15:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit [2012/08/15 15:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Utility Kit [2012/08/15 15:02:42 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012/08/15 15:02:32 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2012/08/15 08:45:21 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{A637E329-1310-49F7-8F38-4569D17FDB61} [2012/08/15 08:45:07 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{9697EFFD-403C-4745-A91D-41600FE071B6} [2012/08/14 21:28:34 | 000,043,640 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys [2012/08/14 21:01:30 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/08/14 11:05:22 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{FA1CF1D2-FD66-483E-9FA2-E72BFED0CEF4} [2012/08/14 11:05:10 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{A659029B-D9FD-42A8-BE71-C9081FA369DF} [2012/08/14 10:12:31 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\NPE [2012/08/14 10:06:04 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys [2012/08/13 23:04:40 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{05DB830E-2A99-4969-9EA2-7F34FB8D1B3D} [2012/08/13 07:45:28 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{89A2C94F-4866-4CC8-934D-0F92B4B76518} [2012/08/13 07:45:16 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{B9F73F73-B830-472A-B73C-16EFB047B9C7} [2012/08/12 10:17:44 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F6F60CF3-E7B5-4460-BA5E-7C50E4880127} [2012/08/12 10:17:32 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{99FFF4B5-2A37-4FEF-9202-3C2078AB6309} [2012/08/11 22:14:37 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{09554217-218F-4D25-90E4-4F81B6C0DDD5} [2012/08/11 22:14:27 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F0328180-0ECD-4A21-A37C-FF946F2765EE} [2012/08/11 16:52:00 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2012/08/11 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{837D1F1C-3597-41B3-A30C-07A708DAF902} [2012/08/11 10:13:50 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F882A269-9FDD-4815-A2D6-E83B1E8D84C1} [2012/08/10 22:13:24 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{119B9C3A-093C-47A5-B24A-5DE1FAD9E1E4} [2012/08/10 08:22:59 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{E9C68CDF-6D2F-4D7F-A845-31C93F6BBEB1} [2012/08/10 08:22:46 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{AC115FEE-ED27-4B62-A56E-9F59D7DCDA12} [2012/08/09 20:18:47 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3E5898FE-CC5A-4AB8-91CB-D510FC7394D1} [2012/08/09 08:18:18 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{991CF80A-6D78-4746-9592-18C07DE0D60F} [2012/08/09 08:18:04 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D9885B25-37DF-49CD-83DF-FBCECD18C2FB} [2012/08/08 11:27:07 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{675CBA03-E7C3-41B3-9C13-0F40A5586FFF} [2012/08/08 11:26:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F60F0D4B-06AF-4DEF-8B75-8D53D5F92673} [2012/08/07 23:26:23 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D67EA215-9F25-4610-9A89-FA536602AF56} [2012/08/07 11:25:53 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{2B39B171-CE07-41FD-BBE6-2BF2DBF389FD} [2012/08/07 11:25:42 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{76CB3C6B-97C6-4AF3-AA21-3965DBB2B1F3} [2012/08/06 23:25:13 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{593B54A5-82EA-44D3-BA96-2CC0017D55EF} [2012/08/06 11:24:48 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{5633E9FE-3E8D-4D58-BDA8-9DC77EF82D3E} [2012/08/06 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{91D3D61E-800A-495E-B315-62E7D04D5377} [2012/08/05 23:24:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{FDB91CF9-3094-46E1-B264-FB81B1B93C0E} [2012/08/05 23:23:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3F0D996E-6247-4B0F-B818-3999076A925D} [2012/08/05 08:40:13 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{1D300A15-51E3-4990-BE39-C0CE1BD5EBC7} [2012/08/05 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{8474DDF2-EAD0-459C-B40F-B8277E36432B} [2012/08/04 11:47:56 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{463D5658-B30B-42B3-8E5D-2030832BC0E8} [2012/08/04 11:47:45 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{28F7CEF4-E731-479D-AF05-59F0ED2C2787} [2012/08/03 23:47:16 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F8A91784-BA0E-48A2-B46E-0CC2988CC242} [2012/08/03 23:47:00 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{DB4EA400-5C5B-4B32-B397-8DE70B21C33B} [2012/08/03 11:16:36 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{6B057843-2ACA-4A9A-AE30-4DBC774971C2} [2012/08/03 11:16:24 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{52D300EF-52F5-4D3B-859E-2C4631FDD93D} [2012/08/02 23:15:58 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4DA5AD36-5D87-47B2-BBAC-E4000FCA7BFC} [2012/08/02 07:46:22 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{0940972B-E206-43CC-AC82-2E09491CA6FA} [2012/08/02 07:46:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{34FFEAFE-29B4-40E4-9A72-DFCAFFA9C2E3} [2012/08/01 12:15:30 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{96EC2E17-4384-46FE-ACE0-FC5842A59C14} [2012/08/01 12:15:05 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{60117C8A-9AD0-4919-B211-476FC6083680} [2012/07/31 23:01:50 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3F0F3C9E-6870-4426-B90A-0A1BA1346D86} [2012/07/31 09:32:31 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{79207371-F4B0-42D6-90A6-6792E2B2D1F1} [2012/07/31 09:32:20 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{B09D69B9-F64B-4E78-8659-C1535B5327E0} [2012/07/30 21:31:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{13967209-734A-46EE-8378-F75FC02BFEFB} [2012/07/30 09:31:31 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{7D5DD3AC-B5EE-4962-86EA-D98BB26D8C2C} [2012/07/30 09:31:19 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{A9B999A4-00BA-4D85-B94B-D4A4ADC08EF8} [2012/07/29 21:30:52 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{ED4CD015-95E9-4D1E-A1A9-15375DD5EFEB} [2012/07/29 09:30:25 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{39D7EA90-31E8-43F4-BB89-04EB06D8A4E3} [2012/07/29 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{0624BC34-907A-4F4B-9306-AE9A37580D04} [2012/07/28 21:29:53 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{6C4A065D-3118-420D-A326-6D4D1BAAD61F} [2012/07/28 21:29:41 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3CC97B82-DAEF-4309-A3AF-A9EB65D84CA1} [2012/07/28 09:29:14 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{EBE28A12-BD75-447B-B9ED-220B04132C69} [2012/07/28 09:29:03 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{51DDDA2E-2F45-467B-AA5E-9C06AF4E78B8} [2012/07/27 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4E0A70B0-5A67-418D-83BA-C1DE9DCAA350} [2012/07/27 11:50:49 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4751DAAB-8D45-4430-A540-0FF564C9799E} [2012/07/26 23:50:23 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{591F3CE8-744D-43AC-8040-1E1887FDA0C5} [2012/07/26 10:06:36 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{1ED25BEE-AFF3-4E48-979D-C3F71CD01F48} [2012/07/26 10:06:25 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{BE44E587-A7D0-4EE8-A3DD-18F05C6CAA05} [2012/07/25 22:05:59 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{5D92EC0E-D32E-4FD5-B387-4455B75B147A} [2012/07/25 10:05:34 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{5F3E208D-29BA-494D-9D4E-A4CDF749AC63} [2012/07/25 10:05:23 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{25947CF4-129E-4F04-8B7B-F5C6C1F1D290} [2012/07/24 22:04:57 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{2A306726-00D0-455E-9D20-0F7384B484BB} [2012/07/24 10:04:28 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{AE4DEE3D-2C59-4223-B77C-E57733C55994} [2012/07/24 10:04:14 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D05B55E7-7005-47F3-9105-570DAD623928} [2012/07/23 22:03:47 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{C80711FD-DE96-4198-A832-25BBA3E7E453} [2012/07/23 10:03:21 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{90DDC845-624E-46D5-BDAD-177F007D6CB0} [2012/07/23 10:03:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{85C1CAEF-D585-4298-AFEA-069813DCACC3} [2012/07/22 22:02:41 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4D60AC6A-E8BF-43CE-B354-0E0063DB2E4B} [2012/07/22 22:02:30 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{AD726F8B-2977-400D-AFA0-7F836174ADE3} [2012/07/21 23:41:34 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D0650365-2E00-44B3-AD69-30377163F88E} [2012/07/21 11:28:06 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{9E895D5D-E94D-4142-A96E-81BEC88D8855} [2012/07/21 11:27:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{E91597F3-A23C-4C69-BE16-D90E8E18F004} [2012/07/20 23:27:28 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D7FBD547-B5C2-43D3-A7B2-150F850E7613} [2012/07/20 10:42:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{1A8A2434-B52F-4DB0-8A4B-C33792EA35B8} [2012/07/20 10:41:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{30D51098-FAEF-41A3-895A-0921E9930B45} [2012/07/19 22:41:26 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{2567E23A-9109-460A-91A1-C21D453DB40E} [2012/07/19 10:40:59 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F1C5AD37-A60D-457E-9A80-8311F8600FA3} [2012/07/19 10:40:47 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{C80B05FD-6D1C-46BC-88E0-993C381DBE66} [2012/07/18 21:48:07 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{E47E6D1D-AA7C-4B94-A734-4F4B901F5DA5} [2010/02/09 00:40:32 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\RMM\AppData\Roaming\DataSafeDotNet.exe ========== Files - Modified Within 30 Days ========== [2012/08/17 16:06:21 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 16:06:21 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 16:04:45 | 000,803,420 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/17 16:04:45 | 000,678,796 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/17 16:04:45 | 000,127,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/17 15:57:36 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll [2012/08/17 15:56:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/17 15:56:47 | 2119,839,743 | -HS- | M] () -- C:\hiberfil.sys [2012/08/17 15:18:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/17 12:42:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/08/17 11:17:39 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Update3.job [2012/08/16 23:07:23 | 000,000,061 | ---- | M] () -- C:\Users\RMM\AppData\Roaming\mbam.context.scan [2012/08/16 22:05:18 | 000,001,207 | ---- | M] () -- C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk [2012/08/16 18:11:39 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys [2012/08/16 16:20:36 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit.job [2012/08/16 14:12:25 | 000,001,135 | ---- | M] () -- C:\Users\RMM\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/08/15 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Registration3.job [2012/08/15 16:04:44 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038 [2012/08/15 15:44:39 | 000,001,234 | ---- | M] () -- C:\Users\RMM\Desktop\PC Utility Kit.lnk [2012/08/15 15:06:32 | 000,000,512 | ---- | M] () -- C:\Users\RMM\Desktop\MBR.dat [2012/08/14 21:28:33 | 001,967,971 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB [2012/08/14 20:49:11 | 000,023,769 | ---- | M] () -- C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta [2012/08/14 20:48:28 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2012/08/14 20:14:03 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/08/09 23:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini ========== Files Created - No Company Name ========== [2012/08/17 12:25:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/08/17 12:25:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/08/17 12:25:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/08/17 12:25:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/08/17 12:25:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/08/16 23:07:23 | 000,000,061 | ---- | C] () -- C:\Users\RMM\AppData\Roaming\mbam.context.scan [2012/08/16 22:04:03 | 000,001,207 | ---- | C] () -- C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk [2012/08/16 14:12:25 | 000,001,135 | ---- | C] () -- C:\Users\RMM\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/08/15 15:45:09 | 000,000,476 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Registration3.job [2012/08/15 15:44:38 | 000,001,234 | ---- | C] () -- C:\Users\RMM\Desktop\PC Utility Kit.lnk [2012/08/15 15:44:34 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Update3.job [2012/08/15 15:44:29 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit.job [2012/08/15 15:06:32 | 000,000,512 | ---- | C] () -- C:\Users\RMM\Desktop\MBR.dat [2012/08/14 20:49:11 | 000,023,769 | ---- | C] () -- C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta [2012/08/14 20:48:28 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011/01/04 16:06:54 | 000,001,940 | ---- | C] () -- C:\Users\RMM\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/02/28 20:36:50 | 000,004,608 | ---- | C] () -- C:\Users\RMM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/16 23:50:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/02/09 00:24:06 | 000,002,164 | ---- | C] () -- C:\Users\RMM\AppData\Roaming\install.dat ========== LOP Check ========== [2010/11/01 07:48:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer [2010/11/01 07:48:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer [2010/02/25 09:24:18 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\Absolute [2012/08/15 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\DriverCure [2012/08/17 15:59:21 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\Dropbox [2012/08/15 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\PC Utility Kit [2010/09/27 11:48:30 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\Trusteer [2010/02/09 00:48:40 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\WildTangent [2012/08/15 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit Registration3.job [2012/08/17 11:17:39 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit Update3.job [2012/08/16 16:20:36 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit.job [2012/06/20 06:52:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
-
Wasn't letting me put them all in one post: Farbar Service Scanner Version: 06-08-2012 Ran by RMM (administrator) on 17-08-2012 at 14:53:23 Running from "C:\Users\RMM\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
-
OTL Extras logfile created on: 8/17/2012 2:31:46 PM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\RMM\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.97 Gb Total Physical Memory | 6.07 Gb Available Physical Memory | 76.16% Memory free 15.93 Gb Paging File | 13.77 Gb Available in Paging File | 86.42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.07 Gb Total Space | 305.01 Gb Free Space | 67.62% Space Free | Partition Type: NTFS Computer Name: RMM-PC | User Name: RMM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-714534092-591680571-4139338378-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{0D5DD408-718C-4EDB-91ED-1D5396B80EEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4C2A9544-D35B-42BE-A8C0-9B21A35B8601}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{13AC9B67-96DE-4DF6-9FB8-974DD24A7AD6}" = HP Photosmart Plus B210 series Basic Device Software "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java 6 Update 14 (64-bit) "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64 "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64 "{3690900F-85EA-447F-BAD1-5CA25AA9B627}" = HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64 "{664AE3A4-2B08-401F-9D54-471C1844838B}" = HP Photosmart Plus B210 series Product Improvement Study "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64 "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64 "{B4735ADA-2C32-4DB1-809C-D3D424343ED9}" = FastAccess "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit) "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4 "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64 "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Dell Touchpad [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{106DADAD-B062-4de5-8D1F-3FD2AD195E49}" = PC Utility Kit "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 26 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{2BB0BDFF-E193-42A0-90BE-2D59441E51D2}" = F2200 "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi "{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New "{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish "{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing "{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish "{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Help "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2 "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager "{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C222566F-1C50-4ECD-A01E-77F9C4B95458}" = DJ_AIO_03_F2200_Software_Min "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Advanced Audio FX Engine" = Advanced Audio FX Engine "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2 "com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player "ComcastHSI" = Comcast High-Speed Internet Install Wizard "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Dell Webcam Central" = Dell Webcam Central "GoToAssist" = GoToAssist 8.0.0.514 "HP Photo Creations" = HP Photo Creations "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6) "NIS" = Norton Internet Security "PROR" = Microsoft Office Professional 2007 "Rapport_msi" = Rapport "WildTangent dell Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-714534092-591680571-4139338378-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "GoToMeeting" = GoToMeeting 4.8.0.721 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/16/2012 8:36:18 PM | Computer Name = RMM-PC | Source = Application Error | ID = 1000 Description = Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process id: 0x388 Faulting application start time: 0x01cd7c1041203a1b Faulting application path: C:\Windows\system32\LogonUI.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 8ef5a5ee-e803-11e1-8bb2-0026b921933e Error - 8/16/2012 11:09:23 PM | Computer Name = RMM-PC | Source = Application Error | ID = 1000 Description = Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process id: 0x380 Faulting application start time: 0x01cd7c25a9728282 Faulting application path: C:\Windows\system32\LogonUI.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: f190fa0d-e818-11e1-8ba3-0026b921933e Error - 8/16/2012 11:46:55 PM | Computer Name = RMM-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 8/16/2012 11:46:55 PM | Computer Name = RMM-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 8/17/2012 12:33:41 AM | Computer Name = RMM-PC | Source = Application Error | ID = 1000 Description = Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process id: 0x380 Faulting application start time: 0x01cd7c316e00aeda Faulting application path: C:\Windows\system32\LogonUI.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: b8412414-e824-11e1-933c-0026b921933e Error - 8/17/2012 12:36:49 AM | Computer Name = RMM-PC | Source = Application Error | ID = 1000 Description = Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process id: 0x38c Faulting application start time: 0x01cd7c31deae4320 Faulting application path: C:\Windows\system32\LogonUI.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 281392b0-e825-11e1-8ba5-0026b921933e Error - 8/17/2012 2:34:30 AM | Computer Name = RMM-PC | Source = Application Error | ID = 1000 Description = Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process id: 0x37c Faulting application start time: 0x01cd7c4247fbe581 Faulting application path: C:\Windows\system32\LogonUI.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 98b5c464-e835-11e1-8e9f-0026b921933e Error - 8/17/2012 2:53:51 AM | Computer Name = RMM-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 8/17/2012 2:53:51 AM | Computer Name = RMM-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15584 Error - 8/17/2012 2:53:51 AM | Computer Name = RMM-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15584 [ OSession Events ] Error - 4/6/2011 12:00:52 AM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/8/2011 6:10:52 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/17/2011 3:36:23 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 796 seconds with 60 seconds of active time. This session ended with a crash. Error - 4/17/2011 3:36:50 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/25/2011 8:28:57 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/25/2011 8:36:20 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash. Error - 6/24/2011 5:35:54 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 9/14/2011 12:54:33 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1141 seconds with 180 seconds of active time. This session ended with a crash. Error - 5/3/2012 11:22:43 AM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4908 seconds with 1260 seconds of active time. This session ended with a crash. Error - 5/3/2012 11:28:17 AM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 327 seconds with 240 seconds of active time. This session ended with a crash. [ System Events ] Error - 8/17/2012 2:24:11 PM | Computer Name = RMM-PC | Source = Service Control Manager | ID = 7034 Description = The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s). Error - 8/17/2012 2:24:11 PM | Computer Name = RMM-PC | Source = Service Control Manager | ID = 7034 Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s). Error - 8/17/2012 2:33:50 PM | Computer Name = RMM-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 8/17/2012 2:39:05 PM | Computer Name = RMM-PC | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 8/17/2012 2:40:04 PM | Computer Name = RMM-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 8/17/2012 2:42:10 PM | Computer Name = RMM-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 Error - 8/17/2012 2:43:01 PM | Computer Name = RMM-PC | Source = DCOM | ID = 10016 Description = Error - 8/17/2012 3:06:16 PM | Computer Name = RMM-PC | Source = DCOM | ID = 10010 Description = Error - 8/17/2012 3:06:27 PM | Computer Name = RMM-PC | Source = DCOM | ID = 10016 Description = Error - 8/17/2012 4:28:11 PM | Computer Name = RMM-PC | Source = DCOM | ID = 10016 Description = < End of report >
-
aliB, Thanks for the quick reply, here they are: OTL logfile created on: 8/17/2012 2:31:46 PM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\RMM\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.97 Gb Total Physical Memory | 6.07 Gb Available Physical Memory | 76.16% Memory free 15.93 Gb Paging File | 13.77 Gb Available in Paging File | 86.42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.07 Gb Total Space | 305.01 Gb Free Space | 67.62% Space Free | Partition Type: NTFS Computer Name: RMM-PC | User Name: RMM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/17 14:30:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\RMM\Downloads\OTL.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe PRC - [2012/06/08 09:59:01 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\RMM\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2011/11/07 22:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe PRC - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2011/06/17 11:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/01/15 21:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009/09/17 13:06:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe PRC - [2009/09/17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2009/08/28 19:36:28 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2009/07/16 21:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2009/07/01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009/06/24 16:31:44 | 001,942,792 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe PRC - [2009/06/24 16:31:44 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe PRC - [2009/06/24 16:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009/05/21 08:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2012/06/14 08:15:08 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll MOD - [2012/06/14 08:14:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/14 08:14:34 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/30 16:01:01 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll MOD - [2012/05/11 08:21:11 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012/05/11 07:57:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/11 07:57:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/11 07:57:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 07:56:56 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/10/30 21:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/01/15 21:09:38 | 001,014,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2009/09/17 13:06:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe MOD - [2009/09/17 13:05:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2009/09/17 13:05:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2009/09/17 13:05:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2009/09/17 13:05:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2009/09/17 13:05:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2009/09/17 13:05:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2009/09/17 13:04:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll MOD - [2009/09/17 13:04:00 | 000,115,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll MOD - [2009/09/11 12:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009/06/24 16:32:34 | 000,089,352 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll MOD - [2009/06/24 16:31:46 | 000,059,144 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll MOD - [2009/06/24 16:31:00 | 000,234,760 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/02/09 02:16:50 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/06/28 22:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV) SRV:64bit: - [2009/06/25 04:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2012/08/15 11:18:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS) SRV - [2012/06/08 09:59:01 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) SRV - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2011/06/17 11:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/09 02:16:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/01/26 03:59:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2009/09/17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2009/06/28 22:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV) SRV - [2009/06/24 16:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) [Auto | Running] -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 18:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/05 20:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/07/05 20:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/06/06 22:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012/05/21 19:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA) DRV:64bit: - [2012/04/17 20:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS) DRV:64bit: - [2012/04/17 20:13:31 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2012/04/17 19:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON) DRV:64bit: - [2012/03/23 08:39:19 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/11/07 22:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64) DRV:64bit: - [2011/08/16 00:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS) DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009/09/14 22:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009/08/06 05:59:00 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/07/02 08:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/07/02 08:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/07/02 08:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009/07/02 08:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/06/28 22:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009/06/25 22:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/06/25 05:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/06/25 03:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009/06/25 02:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009/06/25 02:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009/06/10 14:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 15:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP) DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2012/08/17 11:27:49 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.048\ex64.sys -- (NAVEX15) DRV - [2012/08/17 11:27:49 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.048\eng64.sys -- (NAVENG) DRV - [2012/08/10 18:25:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120811.003\BHDrvx64.sys -- (BHDrvx64) DRV - [2012/08/08 22:38:39 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/08/08 22:38:39 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/06/14 12:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120815.002\IDSviA64.sys -- (IDSVia64) DRV - [2011/12/15 11:03:14 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302) DRV - [2011/11/07 22:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64) DRV - [2011/11/07 22:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64) DRV - [2009/08/28 19:36:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/14 12:15:26] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5A04359D-1C2B-4838-A8B1-F7BE79EC8519} IE:64bit: - HKLM\..\SearchScopes\{5A04359D-1C2B-4838-A8B1-F7BE79EC8519}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {F072852A-0BCC-4330-81AD-A20F66D59183} IE - HKLM\..\SearchScopes\{F072852A-0BCC-4330-81AD-A20F66D59183}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=iglk IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\..\SearchScopes,DefaultScope = {F072852A-0BCC-4330-81AD-A20F66D59183} IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn\ [2012/04/02 20:35:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\coFFPlgn\ [2012/08/17 14:30:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/17 12:49:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/02 11:21:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/16 16:16:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/17 12:49:18 | 000,000,000 | ---D | M] [2010/02/09 00:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RMM\AppData\Roaming\Mozilla\Extensions [2012/06/11 16:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\extensions [2011/01/11 16:40:27 | 000,002,470 | ---- | M] () -- C:\Users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\searchplugins\safesearch.xml [2011/07/19 08:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/02/16 23:45:09 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/04/24 15:24:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011/04/26 23:02:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/07/19 08:06:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012/04/02 20:35:24 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPLGN [2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll O1 HOSTS File: ([2012/08/17 12:42:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision ) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-714534092-591680571-4139338378-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FAStartup] File not found O4 - HKLM..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision ) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-714534092-591680571-4139338378-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\RMM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-714534092-591680571-4139338378-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B51E7255-9887-472B-909E-E592F9A510ED}: DhcpNameServer = 4.2.2.2 4.2.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA405FC1-675D-4B5B-BC6A-6119799C3D87}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\cozi - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O20 - Winlogon\Notify\FastAccess: DllName - (c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll () O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/08/17 14:28:15 | 000,000,000 | R--D | C] -- C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012/08/17 12:50:17 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/08/17 12:43:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/08/17 12:25:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/08/17 12:25:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/08/17 12:25:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/08/17 12:02:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/08/17 12:01:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/08/17 11:17:56 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{06F0FBCB-106E-47E8-86C9-4DD30AF02154} [2012/08/17 11:17:41 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4BD931AD-B67F-4CA7-9E4F-5D5B95E0AECA} [2012/08/17 00:25:54 | 000,000,000 | ---D | C] -- C:\FRST [2012/08/16 16:23:35 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{657D4874-07E7-41D2-A920-60E2C8BD0E55} [2012/08/16 16:23:19 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{7FEB4892-BC97-4F0C-A0C0-E61B2AFBAB3D} [2012/08/16 14:12:33 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\Malwarebytes [2012/08/16 14:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/08/16 14:12:23 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/08/16 14:12:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/08/16 14:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/08/15 15:55:02 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\HPAppData [2012/08/15 15:45:05 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\PC Utility Kit [2012/08/15 15:45:05 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\DriverCure [2012/08/15 15:44:39 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit [2012/08/15 15:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Utility Kit [2012/08/15 15:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit [2012/08/15 15:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Utility Kit [2012/08/15 15:02:42 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012/08/15 15:02:32 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2012/08/15 08:45:21 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{A637E329-1310-49F7-8F38-4569D17FDB61} [2012/08/15 08:45:07 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{9697EFFD-403C-4745-A91D-41600FE071B6} [2012/08/14 21:28:34 | 000,043,640 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys [2012/08/14 21:01:30 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/08/14 11:05:22 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{FA1CF1D2-FD66-483E-9FA2-E72BFED0CEF4} [2012/08/14 11:05:10 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{A659029B-D9FD-42A8-BE71-C9081FA369DF} [2012/08/14 10:12:31 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\NPE [2012/08/14 10:06:04 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys [2012/08/13 23:04:40 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{05DB830E-2A99-4969-9EA2-7F34FB8D1B3D} [2012/08/13 07:45:28 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{89A2C94F-4866-4CC8-934D-0F92B4B76518} [2012/08/13 07:45:16 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{B9F73F73-B830-472A-B73C-16EFB047B9C7} [2012/08/12 10:17:44 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F6F60CF3-E7B5-4460-BA5E-7C50E4880127} [2012/08/12 10:17:32 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{99FFF4B5-2A37-4FEF-9202-3C2078AB6309} [2012/08/11 22:14:37 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{09554217-218F-4D25-90E4-4F81B6C0DDD5} [2012/08/11 22:14:27 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F0328180-0ECD-4A21-A37C-FF946F2765EE} [2012/08/11 16:52:00 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2012/08/11 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{837D1F1C-3597-41B3-A30C-07A708DAF902} [2012/08/11 10:13:50 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F882A269-9FDD-4815-A2D6-E83B1E8D84C1} [2012/08/10 22:13:24 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{119B9C3A-093C-47A5-B24A-5DE1FAD9E1E4} [2012/08/10 08:22:59 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{E9C68CDF-6D2F-4D7F-A845-31C93F6BBEB1} [2012/08/10 08:22:46 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{AC115FEE-ED27-4B62-A56E-9F59D7DCDA12} [2012/08/09 20:18:47 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3E5898FE-CC5A-4AB8-91CB-D510FC7394D1} [2012/08/09 08:18:18 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{991CF80A-6D78-4746-9592-18C07DE0D60F} [2012/08/09 08:18:04 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D9885B25-37DF-49CD-83DF-FBCECD18C2FB} [2012/08/08 11:27:07 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{675CBA03-E7C3-41B3-9C13-0F40A5586FFF} [2012/08/08 11:26:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F60F0D4B-06AF-4DEF-8B75-8D53D5F92673} [2012/08/07 23:26:23 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D67EA215-9F25-4610-9A89-FA536602AF56} [2012/08/07 11:25:53 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{2B39B171-CE07-41FD-BBE6-2BF2DBF389FD} [2012/08/07 11:25:42 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{76CB3C6B-97C6-4AF3-AA21-3965DBB2B1F3} [2012/08/06 23:25:13 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{593B54A5-82EA-44D3-BA96-2CC0017D55EF} [2012/08/06 11:24:48 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{5633E9FE-3E8D-4D58-BDA8-9DC77EF82D3E} [2012/08/06 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{91D3D61E-800A-495E-B315-62E7D04D5377} [2012/08/05 23:24:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{FDB91CF9-3094-46E1-B264-FB81B1B93C0E} [2012/08/05 23:23:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3F0D996E-6247-4B0F-B818-3999076A925D} [2012/08/05 08:40:13 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{1D300A15-51E3-4990-BE39-C0CE1BD5EBC7} [2012/08/05 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{8474DDF2-EAD0-459C-B40F-B8277E36432B} [2012/08/04 11:47:56 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{463D5658-B30B-42B3-8E5D-2030832BC0E8} [2012/08/04 11:47:45 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{28F7CEF4-E731-479D-AF05-59F0ED2C2787} [2012/08/03 23:47:16 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F8A91784-BA0E-48A2-B46E-0CC2988CC242} [2012/08/03 23:47:00 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{DB4EA400-5C5B-4B32-B397-8DE70B21C33B} [2012/08/03 11:16:36 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{6B057843-2ACA-4A9A-AE30-4DBC774971C2} [2012/08/03 11:16:24 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{52D300EF-52F5-4D3B-859E-2C4631FDD93D} [2012/08/02 23:15:58 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4DA5AD36-5D87-47B2-BBAC-E4000FCA7BFC} [2012/08/02 07:46:22 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{0940972B-E206-43CC-AC82-2E09491CA6FA} [2012/08/02 07:46:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{34FFEAFE-29B4-40E4-9A72-DFCAFFA9C2E3} [2012/08/01 12:15:30 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{96EC2E17-4384-46FE-ACE0-FC5842A59C14} [2012/08/01 12:15:05 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{60117C8A-9AD0-4919-B211-476FC6083680} [2012/07/31 23:01:50 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3F0F3C9E-6870-4426-B90A-0A1BA1346D86} [2012/07/31 09:32:31 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{79207371-F4B0-42D6-90A6-6792E2B2D1F1} [2012/07/31 09:32:20 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{B09D69B9-F64B-4E78-8659-C1535B5327E0} [2012/07/30 21:31:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{13967209-734A-46EE-8378-F75FC02BFEFB} [2012/07/30 09:31:31 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{7D5DD3AC-B5EE-4962-86EA-D98BB26D8C2C} [2012/07/30 09:31:19 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{A9B999A4-00BA-4D85-B94B-D4A4ADC08EF8} [2012/07/29 21:30:52 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{ED4CD015-95E9-4D1E-A1A9-15375DD5EFEB} [2012/07/29 09:30:25 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{39D7EA90-31E8-43F4-BB89-04EB06D8A4E3} [2012/07/29 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{0624BC34-907A-4F4B-9306-AE9A37580D04} [2012/07/28 21:29:53 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{6C4A065D-3118-420D-A326-6D4D1BAAD61F} [2012/07/28 21:29:41 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3CC97B82-DAEF-4309-A3AF-A9EB65D84CA1} [2012/07/28 09:29:14 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{EBE28A12-BD75-447B-B9ED-220B04132C69} [2012/07/28 09:29:03 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{51DDDA2E-2F45-467B-AA5E-9C06AF4E78B8} [2012/07/27 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4E0A70B0-5A67-418D-83BA-C1DE9DCAA350} [2012/07/27 11:50:49 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4751DAAB-8D45-4430-A540-0FF564C9799E} [2012/07/26 23:50:23 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{591F3CE8-744D-43AC-8040-1E1887FDA0C5} [2012/07/26 10:06:36 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{1ED25BEE-AFF3-4E48-979D-C3F71CD01F48} [2012/07/26 10:06:25 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{BE44E587-A7D0-4EE8-A3DD-18F05C6CAA05} [2012/07/25 22:05:59 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{5D92EC0E-D32E-4FD5-B387-4455B75B147A} [2012/07/25 10:05:34 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{5F3E208D-29BA-494D-9D4E-A4CDF749AC63} [2012/07/25 10:05:23 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{25947CF4-129E-4F04-8B7B-F5C6C1F1D290} [2012/07/24 22:04:57 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{2A306726-00D0-455E-9D20-0F7384B484BB} [2012/07/24 10:04:28 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{AE4DEE3D-2C59-4223-B77C-E57733C55994} [2012/07/24 10:04:14 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D05B55E7-7005-47F3-9105-570DAD623928} [2012/07/23 22:03:47 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{C80711FD-DE96-4198-A832-25BBA3E7E453} [2012/07/23 10:03:21 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{90DDC845-624E-46D5-BDAD-177F007D6CB0} [2012/07/23 10:03:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{85C1CAEF-D585-4298-AFEA-069813DCACC3} [2012/07/22 22:02:41 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4D60AC6A-E8BF-43CE-B354-0E0063DB2E4B} [2012/07/22 22:02:30 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{AD726F8B-2977-400D-AFA0-7F836174ADE3} [2012/07/21 23:41:34 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D0650365-2E00-44B3-AD69-30377163F88E} [2012/07/21 11:28:06 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{9E895D5D-E94D-4142-A96E-81BEC88D8855} [2012/07/21 11:27:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{E91597F3-A23C-4C69-BE16-D90E8E18F004} [2012/07/20 23:27:28 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D7FBD547-B5C2-43D3-A7B2-150F850E7613} [2012/07/20 10:42:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{1A8A2434-B52F-4DB0-8A4B-C33792EA35B8} [2012/07/20 10:41:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{30D51098-FAEF-41A3-895A-0921E9930B45} [2012/07/19 22:41:26 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{2567E23A-9109-460A-91A1-C21D453DB40E} [2012/07/19 10:40:59 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F1C5AD37-A60D-457E-9A80-8311F8600FA3} [2012/07/19 10:40:47 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{C80B05FD-6D1C-46BC-88E0-993C381DBE66} [2012/07/18 21:48:07 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{E47E6D1D-AA7C-4B94-A734-4F4B901F5DA5} [2010/02/09 00:40:32 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\RMM\AppData\Roaming\DataSafeDotNet.exe ========== Files - Modified Within 30 Days ========== [2012/08/17 14:34:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 14:34:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/17 14:33:54 | 000,803,420 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/17 14:33:54 | 000,678,796 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/17 14:33:54 | 000,127,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/17 14:27:12 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll [2012/08/17 14:26:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/17 14:26:40 | 2119,839,743 | -HS- | M] () -- C:\hiberfil.sys [2012/08/17 12:42:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/08/17 12:18:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/17 11:17:39 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Update3.job [2012/08/16 23:07:23 | 000,000,061 | ---- | M] () -- C:\Users\RMM\AppData\Roaming\mbam.context.scan [2012/08/16 23:07:07 | 000,003,720 | ---- | M] () -- C:\{08A08690-5029-4DD2-93BD-219B6FE370E8} [2012/08/16 22:05:18 | 000,001,207 | ---- | M] () -- C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk [2012/08/16 21:12:49 | 000,003,792 | ---- | M] () -- C:\{97BD8F1A-6284-481E-BBF0-E3A50C4673B4} [2012/08/16 18:16:16 | 000,003,720 | ---- | M] () -- C:\{8FF1BC36-C401-45AF-8BBC-2F3C0617FA76} [2012/08/16 18:11:39 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys [2012/08/16 17:28:35 | 000,003,760 | ---- | M] () -- C:\{9B7B57C2-6A07-42EF-B7C3-DD56177B78E2} [2012/08/16 16:24:03 | 000,003,760 | ---- | M] () -- C:\{38CAEDBB-D3B6-4F27-AA3F-739BAE03DD39} [2012/08/16 16:20:36 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit.job [2012/08/16 16:00:54 | 000,003,792 | ---- | M] () -- C:\{1B5ED7CC-C2F5-4D13-8AEA-C43738DBD970} [2012/08/16 15:54:09 | 000,003,760 | ---- | M] () -- C:\{AFC8B51A-8808-44EE-A490-57D79F83B654} [2012/08/16 15:43:04 | 000,003,760 | ---- | M] () -- C:\{B5E60680-26A6-414B-AC0B-EC147D941ECD} [2012/08/16 15:28:05 | 000,003,792 | ---- | M] () -- C:\{924A804A-642C-468C-95A8-057C39B3A191} [2012/08/16 15:26:44 | 000,003,760 | ---- | M] () -- C:\{C4877D03-D463-402E-9F66-E1B5EFEEC6AC} [2012/08/16 15:24:43 | 000,003,760 | ---- | M] () -- C:\{5E9C62BB-DC5F-44C3-9C31-AD2C4D005624} [2012/08/16 15:23:40 | 000,003,752 | ---- | M] () -- C:\{3E430B90-8895-43E4-A52A-6F167DFCE4E4} [2012/08/16 15:21:42 | 000,003,760 | ---- | M] () -- C:\{A5974494-044E-432C-A6D1-41279C05C090} [2012/08/16 15:19:39 | 000,003,792 | ---- | M] () -- C:\{E1616212-E3A9-488C-ACAC-BCD28FBFD2B6} [2012/08/16 15:17:39 | 000,003,760 | ---- | M] () -- C:\{08B1F027-9D8B-40FA-B55D-509484305936} [2012/08/16 14:12:25 | 000,001,135 | ---- | M] () -- C:\Users\RMM\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/08/15 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Registration3.job [2012/08/15 16:04:44 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038 [2012/08/15 15:44:39 | 000,001,234 | ---- | M] () -- C:\Users\RMM\Desktop\PC Utility Kit.lnk [2012/08/15 15:34:37 | 000,003,760 | ---- | M] () -- C:\{DB641AAF-55E2-42C9-A9ED-757B07662B39} [2012/08/15 15:06:32 | 000,000,512 | ---- | M] () -- C:\Users\RMM\Desktop\MBR.dat [2012/08/15 14:47:35 | 000,003,760 | ---- | M] () -- C:\{1C072F82-80CD-485B-83D5-52CBA779E41A} [2012/08/15 14:45:55 | 000,003,792 | ---- | M] () -- C:\{FC5F50EA-8B5D-455A-893A-FFBF42C2EB25} [2012/08/15 14:38:52 | 000,003,792 | ---- | M] () -- C:\{7503E6A2-FC1E-4F37-98DB-F29268D1701A} [2012/08/15 14:37:49 | 000,003,760 | ---- | M] () -- C:\{92A78B61-AC8A-4D9B-A314-B5E6CE7F7DA1} [2012/08/15 14:31:17 | 000,003,792 | ---- | M] () -- C:\{AD996293-A8AB-481A-B42A-DA33FBD9C63F} [2012/08/15 14:30:10 | 000,003,760 | ---- | M] () -- C:\{DC8BE0B0-42F6-457C-85D7-C10A9E9D660F} [2012/08/15 13:22:13 | 000,003,792 | ---- | M] () -- C:\{5963860B-E195-4BBA-AB90-9B7E7C3671A7} [2012/08/15 12:42:58 | 000,003,720 | ---- | M] () -- C:\{4C3147A9-BC32-4899-8D6F-8A047FA0EED5} [2012/08/15 11:38:01 | 000,003,760 | ---- | M] () -- C:\{0CF61C86-FE61-4A64-9937-66E5919030E5} [2012/08/14 21:48:26 | 000,003,792 | ---- | M] () -- C:\{FB76A57B-1113-452C-B6B9-93F335A15D8F} [2012/08/14 21:28:33 | 001,967,971 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB [2012/08/14 21:23:18 | 000,003,720 | ---- | M] () -- C:\{B4109F30-66E0-49E2-B6D2-1CC0F13EA7C7} [2012/08/14 20:49:11 | 000,023,769 | ---- | M] () -- C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta [2012/08/14 20:48:28 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2012/08/14 20:24:06 | 000,003,760 | ---- | M] () -- C:\{BBD3734D-E889-43B0-A857-B4CC06C8EA78} [2012/08/14 20:18:36 | 000,003,760 | ---- | M] () -- C:\{50FA2A9F-E2A9-4322-91ED-E81D59F4FEC5} [2012/08/14 20:14:03 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/08/14 12:35:39 | 000,003,760 | ---- | M] () -- C:\{ED9F493B-59B8-417B-A4DA-C0D2B8B3199B} [2012/08/14 12:18:34 | 000,003,792 | ---- | M] () -- C:\{FFDB7126-BC32-4C79-B49C-9C3E16D3B044} [2012/08/14 11:14:01 | 000,003,760 | ---- | M] () -- C:\{321D1C4C-872E-4658-A7D8-43653EC0844F} [2012/08/09 23:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini ========== Files Created - No Company Name ========== [2012/08/17 12:25:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/08/17 12:25:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/08/17 12:25:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/08/17 12:25:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/08/17 12:25:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/08/16 23:07:23 | 000,000,061 | ---- | C] () -- C:\Users\RMM\AppData\Roaming\mbam.context.scan [2012/08/16 23:07:07 | 000,003,720 | ---- | C] () -- C:\{08A08690-5029-4DD2-93BD-219B6FE370E8} [2012/08/16 22:04:03 | 000,001,207 | ---- | C] () -- C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk [2012/08/16 21:12:49 | 000,003,792 | ---- | C] () -- C:\{97BD8F1A-6284-481E-BBF0-E3A50C4673B4} [2012/08/16 18:16:13 | 000,003,720 | ---- | C] () -- C:\{8FF1BC36-C401-45AF-8BBC-2F3C0617FA76} [2012/08/16 17:28:35 | 000,003,760 | ---- | C] () -- C:\{9B7B57C2-6A07-42EF-B7C3-DD56177B78E2} [2012/08/16 16:24:03 | 000,003,760 | ---- | C] () -- C:\{38CAEDBB-D3B6-4F27-AA3F-739BAE03DD39} [2012/08/16 16:00:54 | 000,003,792 | ---- | C] () -- C:\{1B5ED7CC-C2F5-4D13-8AEA-C43738DBD970} [2012/08/16 15:54:09 | 000,003,760 | ---- | C] () -- C:\{AFC8B51A-8808-44EE-A490-57D79F83B654} [2012/08/16 15:43:03 | 000,003,760 | ---- | C] () -- C:\{B5E60680-26A6-414B-AC0B-EC147D941ECD} [2012/08/16 15:28:05 | 000,003,792 | ---- | C] () -- C:\{924A804A-642C-468C-95A8-057C39B3A191} [2012/08/16 15:26:43 | 000,003,760 | ---- | C] () -- C:\{C4877D03-D463-402E-9F66-E1B5EFEEC6AC} [2012/08/16 15:24:42 | 000,003,760 | ---- | C] () -- C:\{5E9C62BB-DC5F-44C3-9C31-AD2C4D005624} [2012/08/16 15:23:39 | 000,003,752 | ---- | C] () -- C:\{3E430B90-8895-43E4-A52A-6F167DFCE4E4} [2012/08/16 15:21:41 | 000,003,760 | ---- | C] () -- C:\{A5974494-044E-432C-A6D1-41279C05C090} [2012/08/16 15:19:38 | 000,003,792 | ---- | C] () -- C:\{E1616212-E3A9-488C-ACAC-BCD28FBFD2B6} [2012/08/16 15:17:38 | 000,003,760 | ---- | C] () -- C:\{08B1F027-9D8B-40FA-B55D-509484305936} [2012/08/16 14:12:25 | 000,001,135 | ---- | C] () -- C:\Users\RMM\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/08/15 15:45:09 | 000,000,476 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Registration3.job [2012/08/15 15:44:38 | 000,001,234 | ---- | C] () -- C:\Users\RMM\Desktop\PC Utility Kit.lnk [2012/08/15 15:44:34 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Update3.job [2012/08/15 15:44:29 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit.job [2012/08/15 15:34:37 | 000,003,760 | ---- | C] () -- C:\{DB641AAF-55E2-42C9-A9ED-757B07662B39} [2012/08/15 15:06:32 | 000,000,512 | ---- | C] () -- C:\Users\RMM\Desktop\MBR.dat [2012/08/15 14:47:35 | 000,003,760 | ---- | C] () -- C:\{1C072F82-80CD-485B-83D5-52CBA779E41A} [2012/08/15 14:45:54 | 000,003,792 | ---- | C] () -- C:\{FC5F50EA-8B5D-455A-893A-FFBF42C2EB25} [2012/08/15 14:38:51 | 000,003,792 | ---- | C] () -- C:\{7503E6A2-FC1E-4F37-98DB-F29268D1701A} [2012/08/15 14:37:45 | 000,003,760 | ---- | C] () -- C:\{92A78B61-AC8A-4D9B-A314-B5E6CE7F7DA1} [2012/08/15 14:31:16 | 000,003,792 | ---- | C] () -- C:\{AD996293-A8AB-481A-B42A-DA33FBD9C63F} [2012/08/15 14:30:09 | 000,003,760 | ---- | C] () -- C:\{DC8BE0B0-42F6-457C-85D7-C10A9E9D660F} [2012/08/15 13:22:12 | 000,003,792 | ---- | C] () -- C:\{5963860B-E195-4BBA-AB90-9B7E7C3671A7} [2012/08/15 12:42:58 | 000,003,720 | ---- | C] () -- C:\{4C3147A9-BC32-4899-8D6F-8A047FA0EED5} [2012/08/15 11:38:01 | 000,003,760 | ---- | C] () -- C:\{0CF61C86-FE61-4A64-9937-66E5919030E5} [2012/08/14 21:48:26 | 000,003,792 | ---- | C] () -- C:\{FB76A57B-1113-452C-B6B9-93F335A15D8F} [2012/08/14 21:23:18 | 000,003,720 | ---- | C] () -- C:\{B4109F30-66E0-49E2-B6D2-1CC0F13EA7C7} [2012/08/14 20:49:11 | 000,023,769 | ---- | C] () -- C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta [2012/08/14 20:48:28 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012/08/14 20:24:06 | 000,003,760 | ---- | C] () -- C:\{BBD3734D-E889-43B0-A857-B4CC06C8EA78} [2012/08/14 20:18:36 | 000,003,760 | ---- | C] () -- C:\{50FA2A9F-E2A9-4322-91ED-E81D59F4FEC5} [2012/08/14 12:35:39 | 000,003,760 | ---- | C] () -- C:\{ED9F493B-59B8-417B-A4DA-C0D2B8B3199B} [2012/08/14 12:18:33 | 000,003,792 | ---- | C] () -- C:\{FFDB7126-BC32-4C79-B49C-9C3E16D3B044} [2012/08/14 11:13:57 | 000,003,760 | ---- | C] () -- C:\{321D1C4C-872E-4658-A7D8-43653EC0844F} [2011/01/04 16:06:54 | 000,001,940 | ---- | C] () -- C:\Users\RMM\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/02/28 20:36:50 | 000,004,608 | ---- | C] () -- C:\Users\RMM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/02/16 23:50:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/02/09 00:24:06 | 000,002,164 | ---- | C] () -- C:\Users\RMM\AppData\Roaming\install.dat ========== LOP Check ========== [2010/11/01 07:48:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer [2010/11/01 07:48:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer [2010/02/25 09:24:18 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\Absolute [2012/08/15 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\DriverCure [2012/08/17 14:28:42 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\Dropbox [2012/08/15 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\PC Utility Kit [2010/09/27 11:48:30 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\Trusteer [2010/02/09 00:48:40 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\WildTangent [2012/08/15 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit Registration3.job [2012/08/17 11:17:39 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit Update3.job [2012/08/16 16:20:36 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit.job [2012/06/20 06:52:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2010/01/26 05:32:53 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe [2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010/01/26 05:32:53 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe [2010/01/26 05:32:56 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010/01/26 05:32:56 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2004/08/04 03:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\Users\RMM\Documents\Rick Backup\WINDOWS\explorer.exe [2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010/01/26 05:32:56 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2010/01/26 05:32:53 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe [2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010/01/26 05:32:56 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2010/01/26 05:32:53 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe < MD5 for: QMGR.DLL > [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll [2009/07/13 19:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll < MD5 for: SERVICES > [2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services < MD5 for: SERVICES.CNF > [2003/12/01 00:42:12 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\RMM\Documents\My Webs\_vti_pvt\services.cnf [2003/12/01 00:42:12 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\RMM\Documents\Rick Backup\Administrator\My Documents\My Webs\_vti_pvt\services.cnf [2003/12/01 00:42:12 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\RMM\Documents\Rick Backup\Documents and Settings\Administrator\My Documents\My Webs\_vti_pvt\services.cnf < MD5 for: SERVICES.EXE > [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\Services.exe [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\Services.exe [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe < MD5 for: SERVICES.EXE.MUI > [2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui [2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui < MD5 for: SERVICES.EXE.VIR > [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir < MD5 for: SERVICES.LNK > [2004/01/07 14:13:02 | 000,001,506 | ---- | M] () MD5=57BC38A14D6EF50130B6E672A5741B9A -- C:\Users\RMM\Documents\Rick Backup\All Users\Start Menu\Programs\Administrative Tools\Services.lnk [2004/01/07 14:13:02 | 000,001,506 | ---- | M] () MD5=57BC38A14D6EF50130B6E672A5741B9A -- C:\Users\RMM\Documents\Rick Backup\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk [2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk < MD5 for: SERVICES.MOF > [2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof [2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof < MD5 for: SERVICES.MSC > [2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc [2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc [2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc [2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc [2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc [2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc [2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc [2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc < MD5 for: SERVICES.PNG > [2009/04/22 13:08:52 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\Images\icons\png\24_24\services.png < MD5 for: SERVICES.PTXML > [2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml [2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml < MD5 for: SVCHOST.EXE > [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s > "ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters] "ServiceDll" = %systemroot%\system32\qmgr.dll < End of report >
-
Thanks for the help aliB. I ran combofix and got this: ComboFix 12-08-17.03 - RMM 08/17/2012 12:28:38.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6045 [GMT -6:00] Running from: c:\users\RMM\Downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\RMM\Documents\DPE.DUS c:\users\RMM\g2mdlhlpx.exe . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 ))))))))))))))))))))))))))))))) . . 2012-08-17 18:39 . 2012-08-17 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-17 06:25 . 2012-08-17 06:26 -------- d-----w- C:\FRST 2012-08-16 20:12 . 2012-08-16 20:12 -------- d-----w- c:\users\RMM\AppData\Roaming\Malwarebytes 2012-08-16 20:12 . 2012-08-16 20:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-16 20:12 . 2012-08-16 20:12 -------- d-----w- c:\programdata\Malwarebytes 2012-08-16 20:12 . 2012-07-03 19:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-15 21:55 . 2012-08-15 21:55 -------- d-----w- c:\users\RMM\AppData\Roaming\HPAppData 2012-08-15 21:45 . 2012-08-15 21:45 -------- d-----w- c:\users\RMM\AppData\Roaming\PC Utility Kit 2012-08-15 21:45 . 2012-08-15 21:45 -------- d-----w- c:\users\RMM\AppData\Roaming\DriverCure 2012-08-15 21:44 . 2012-08-15 21:44 -------- d-----w- c:\program files (x86)\Common Files\PC Utility Kit 2012-08-15 21:44 . 2012-08-15 21:44 -------- d-----w- c:\programdata\PC Utility Kit 2012-08-15 21:44 . 2012-08-15 21:44 -------- d-----w- c:\program files (x86)\PC Utility Kit 2012-08-15 21:02 . 2012-08-15 21:02 -------- d-----w- c:\windows\Downloaded Installations 2012-08-15 21:02 . 2012-08-15 21:02 -------- d-sh--w- c:\windows\ftpcache 2012-08-15 03:28 . 2012-04-18 02:13 43640 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2012-08-15 03:01 . 2012-08-15 03:01 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-15 01:23 . 2012-08-15 22:05 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E 2012-08-14 16:12 . 2012-08-16 22:17 -------- d-----w- c:\users\RMM\AppData\Local\NPE 2012-08-14 16:06 . 2012-08-17 00:11 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys 2012-08-11 22:52 . 2012-08-11 22:52 -------- d--h--w- c:\windows\AxInstSV . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-17 18:42 . 2010-02-28 04:06 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll 2012-08-15 17:18 . 2012-05-08 14:11 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-15 17:18 . 2011-06-02 01:48 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 04:51 . 2010-02-09 06:31 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-12 03:08 . 2012-07-12 04:55 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:43 . 2012-07-11 13:18 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-08 15:59 . 2010-04-13 22:07 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe 2012-06-08 15:59 . 2010-02-28 04:06 58288 ------w- c:\windows\SysWow64\rpcnet.exe 2012-06-06 06:06 . 2012-07-11 13:18 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 13:18 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 13:18 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 13:18 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 13:18 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 13:18 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-24 15:12 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-24 15:12 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-24 15:12 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-24 15:12 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-24 15:12 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-24 15:12 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-24 15:12 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 21:19 . 2012-06-24 15:11 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 21:15 . 2012-06-24 15:11 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 12:49 . 2012-07-12 04:50 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-06-02 12:17 . 2012-07-12 04:50 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-06-02 12:12 . 2012-07-12 04:50 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 12:05 . 2012-07-12 04:50 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-02 12:05 . 2012-07-12 04:50 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 12:04 . 2012-07-12 04:50 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 12:04 . 2012-07-12 04:50 237056 ----a-w- c:\windows\system32\url.dll 2012-06-02 12:03 . 2012-07-12 04:50 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-02 12:01 . 2012-07-12 04:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 12:00 . 2012-07-12 04:50 818688 ----a-w- c:\windows\system32\jscript.dll 2012-06-02 11:59 . 2012-07-12 04:50 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-02 11:57 . 2012-07-12 04:50 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-02 11:57 . 2012-07-12 04:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 11:54 . 2012-07-12 04:50 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-02 08:33 . 2012-07-12 04:50 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-02 08:25 . 2012-07-12 04:50 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-02 08:25 . 2012-07-12 04:50 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20 . 2012-07-12 04:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16 . 2012-07-12 04:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50 . 2012-07-11 13:18 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 13:18 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-11 13:18 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-11 13:18 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 13:18 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 13:18 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 13:18 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 13:18 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 13:18 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Skype"="c:\program files (x86)\Skype\\Phone\Skype.exe" [2010-04-06 26102056] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432] "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472] "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-08-29 75048] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104] . c:\users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] Dropbox.lnk - c:\users\RMM\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] 2009-06-24 22:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli FAPassSync Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-09 1038088] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008] R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [2009-08-06 987648] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-11-08 63760] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-08-16 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120815.002\IDSvia64.sys [2012-06-14 509088] S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-08 55056] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-08 61712] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/02/14 12:15];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-08-29 01:36 146928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-08 931640] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 35104] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 17:18] . 2012-08-16 c:\windows\Tasks\PC Utility Kit Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-08-17 c:\windows\Tasks\PC Utility Kit Update3.job - c:\program files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe [2012-03-27 19:30] . 2012-08-16 c:\windows\Tasks\PC Utility Kit.job - c:\program files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe [2012-04-10 21:55] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Norton Vulnerability Protection: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-FAStartup - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-ComcastHSI - c:\program files (x86)\support.com\uninstall\chsi_uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\windows\SysWOW64\rpcnet.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe . ************************************************************************** . Completion time: 2012-08-17 12:50:14 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-17 18:50 . Pre-Run: 323,449,208,832 bytes free Post-Run: 327,395,770,368 bytes free . - - End Of File - - 43B1A225540FE729F2329B5363201466
-
I am working on a friend's system (Windows 7 Home Premium 64) that has Norton Antivirus on it, and the other day he downloaded an "Adobe Update" that turned out to not be an Adobe Update. I ran Malwarebytes and it identified three issues: c:\Windows\Installer\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U\00000008. c:\Windows\Installer\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U\000000cb. c:\Windows\Installer\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U\80000032. I finally managed to delete those from a Command Prompt window. Now, Malwarebytes is showing that the system is clean, but Norton is showing that trojan.zeroaccess!inf4 is still alive in the services.exe I ran Farbar and then ran a services.exe on Farbar as well and am attaching both of those reports. I don't normally use Windows machines and am consequently even more behind the curve than normal. Any help is greatly appreciated, thanks. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.17.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 RMM :: RMM-PC [administrator] Protection: Enabled 8/17/2012 12:12:35 AM mbam-log-2012-08-17 (00-12-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206281 Time elapsed: 5 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool Version: 15-08-2012 Ran by SYSTEM at 17-08-2012 02:00:39 Running from E:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-25] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.) HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] () HKLM-x32\...\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95496 2009-06-24] (Sensible Vision ) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [FAStartup] [x] HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] () HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-07-16] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-16] (CyberLink Corp.) HKLM-x32\...\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink) HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\RMM\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation) HKU\RMM\...\Run: [skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized [26102056 2010-04-06] (Skype Technologies S.A.) HKU\RMM\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKLM\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161008 2009-09-17] () HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks) HKLM-x32\...\RunOnce: [sTToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-09-17] () Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Lsa: [Notification Packages] scecli FAPassSync Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\RMM\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\RMM\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ====== 2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2008-01-11] (Microsoft Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.) 3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation) 2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation) 2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [931640 2011-11-07] (Trusteer Ltd.) 2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [271760 2009-04-16] () 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.) ========================== Drivers (Whitelisted) ============= 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [1385120 2012-08-10] (Symantec Corporation) 1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120815.002\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.021\ENG64.SYS [120440 2012-08-17] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.021\EX64.SYS [2068600 2012-08-17] (Symantec Corporation) 3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-06] (Ralink Technology Corp.) 1 RapportCerberus_34302; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [397520 2011-12-15] () 1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2011-11-07] (Trusteer Ltd.) 0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2011-11-07] (Trusteer Ltd.) 1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2011-11-07] (Trusteer Ltd.) 1 SRTSP; C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-23] (Symantec Corporation) 1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2012-04-17] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation) 2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-17 01:25 - 2012-08-17 01:26 - 00000000 ____D C:\FRST 2012-08-17 00:07 - 2012-08-17 00:07 - 00003720 ____A C:\{08A08690-5029-4DD2-93BD-219B6FE370E8} 2012-08-17 00:07 - 2012-08-17 00:07 - 00000061 ____A C:\Users\RMM\Application Data\mbam.context.scan 2012-08-17 00:07 - 2012-08-17 00:07 - 00000061 ____A C:\Users\RMM\AppData\Roaming\mbam.context.scan 2012-08-16 23:04 - 2012-08-16 23:05 - 00001207 ____A C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk 2012-08-16 22:12 - 2012-08-16 22:12 - 00003792 ____A C:\{97BD8F1A-6284-481E-BBF0-E3A50C4673B4} 2012-08-16 19:16 - 2012-08-16 19:16 - 00003720 ____A C:\{8FF1BC36-C401-45AF-8BBC-2F3C0617FA76} 2012-08-16 18:28 - 2012-08-16 18:28 - 00003760 ____A C:\{9B7B57C2-6A07-42EF-B7C3-DD56177B78E2} 2012-08-16 17:24 - 2012-08-16 17:24 - 00003760 ____A C:\{38CAEDBB-D3B6-4F27-AA3F-739BAE03DD39} 2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{7FEB4892-BC97-4F0C-A0C0-E61B2AFBAB3D} 2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{657D4874-07E7-41D2-A920-60E2C8BD0E55} 2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\Local Settings\{7FEB4892-BC97-4F0C-A0C0-E61B2AFBAB3D} 2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\Local Settings\{657D4874-07E7-41D2-A920-60E2C8BD0E55} 2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\AppData\Local\{7FEB4892-BC97-4F0C-A0C0-E61B2AFBAB3D} 2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\AppData\Local\{657D4874-07E7-41D2-A920-60E2C8BD0E55} 2012-08-16 17:00 - 2012-08-16 17:00 - 00003792 ____A C:\{1B5ED7CC-C2F5-4D13-8AEA-C43738DBD970} 2012-08-16 16:54 - 2012-08-16 16:54 - 00003760 ____A C:\{AFC8B51A-8808-44EE-A490-57D79F83B654} 2012-08-16 16:43 - 2012-08-16 16:43 - 00003760 ____A C:\{B5E60680-26A6-414B-AC0B-EC147D941ECD} 2012-08-16 16:28 - 2012-08-16 16:28 - 00003792 ____A C:\{924A804A-642C-468C-95A8-057C39B3A191} 2012-08-16 16:26 - 2012-08-16 16:26 - 00003760 ____A C:\{C4877D03-D463-402E-9F66-E1B5EFEEC6AC} 2012-08-16 16:24 - 2012-08-16 16:24 - 00003760 ____A C:\{5E9C62BB-DC5F-44C3-9C31-AD2C4D005624} 2012-08-16 16:23 - 2012-08-16 16:23 - 00003752 ____A C:\{3E430B90-8895-43E4-A52A-6F167DFCE4E4} 2012-08-16 16:21 - 2012-08-16 16:21 - 00003760 ____A C:\{A5974494-044E-432C-A6D1-41279C05C090} 2012-08-16 16:19 - 2012-08-16 16:19 - 00003792 ____A C:\{E1616212-E3A9-488C-ACAC-BCD28FBFD2B6} 2012-08-16 16:17 - 2012-08-16 16:17 - 00003760 ____A C:\{08B1F027-9D8B-40FA-B55D-509484305936} 2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Users\RMM\Application Data\Malwarebytes 2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Users\RMM\AppData\Roaming\Malwarebytes 2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes 2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-16 15:12 - 2012-07-03 14:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-16 15:10 - 2012-08-16 15:11 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\RMM\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-15 16:45 - 2012-08-15 19:00 - 00000476 ____A C:\Windows\Tasks\PC Utility Kit Registration3.job 2012-08-15 16:45 - 2012-08-15 16:45 - 00000000 ____D C:\Users\RMM\Application Data\PC Utility Kit 2012-08-15 16:45 - 2012-08-15 16:45 - 00000000 ____D C:\Users\RMM\Application Data\DriverCure 2012-08-15 16:45 - 2012-08-15 16:45 - 00000000 ____D C:\Users\RMM\AppData\Roaming\PC Utility Kit 2012-08-15 16:45 - 2012-08-15 16:45 - 00000000 ____D C:\Users\RMM\AppData\Roaming\DriverCure 2012-08-15 16:44 - 2012-08-16 17:20 - 00000442 ____A C:\Windows\Tasks\PC Utility Kit Update3.job 2012-08-15 16:44 - 2012-08-16 17:20 - 00000440 ____A C:\Windows\Tasks\PC Utility Kit.job 2012-08-15 16:44 - 2012-08-15 16:44 - 00001234 ____A C:\Users\RMM\Desktop\PC Utility Kit.lnk 2012-08-15 16:44 - 2012-08-15 16:44 - 00000000 ____D C:\Users\All Users\PC Utility Kit 2012-08-15 16:44 - 2012-08-15 16:44 - 00000000 ____D C:\Users\All Users\Application Data\PC Utility Kit 2012-08-15 16:44 - 2012-08-15 16:44 - 00000000 ____D C:\Program Files (x86)\PC Utility Kit 2012-08-15 16:36 - 2012-08-15 16:37 - 04765704 ____A (Red Dog Media, Inc.) C:\Users\RMM\Downloads\PC Utility Kit Installer.exe 2012-08-15 16:34 - 2012-08-15 16:34 - 00003760 ____A C:\{DB641AAF-55E2-42C9-A9ED-757B07662B39} 2012-08-15 16:06 - 2012-08-15 16:06 - 00002114 ____A C:\Users\RMM\Desktop\aswMBR.txt 2012-08-15 16:06 - 2012-08-15 16:06 - 00000512 ____A C:\Users\RMM\Desktop\MBR.dat 2012-08-15 16:02 - 2012-08-15 16:02 - 00000000 __SHD C:\Windows\ftpcache 2012-08-15 16:02 - 2012-08-15 16:02 - 00000000 ____D C:\Windows\Downloaded Installations 2012-08-15 15:47 - 2012-08-15 15:47 - 00003760 ____A C:\{1C072F82-80CD-485B-83D5-52CBA779E41A} 2012-08-15 15:45 - 2012-08-15 15:45 - 00003792 ____A C:\{FC5F50EA-8B5D-455A-893A-FFBF42C2EB25} 2012-08-15 15:38 - 2012-08-15 15:38 - 00003792 ____A C:\{7503E6A2-FC1E-4F37-98DB-F29268D1701A} 2012-08-15 15:37 - 2012-08-15 15:37 - 00003760 ____A C:\{92A78B61-AC8A-4D9B-A314-B5E6CE7F7DA1} 2012-08-15 15:31 - 2012-08-15 15:31 - 00003792 ____A C:\{AD996293-A8AB-481A-B42A-DA33FBD9C63F} 2012-08-15 15:30 - 2012-08-15 15:30 - 00003760 ____A C:\{DC8BE0B0-42F6-457C-85D7-C10A9E9D660F} 2012-08-15 15:16 - 2012-08-15 15:16 - 00000856 ____A C:\Users\RMM\Downloads\Downloads - Shortcut.lnk 2012-08-15 14:24 - 2012-08-15 14:26 - 04731392 ____A (AVAST Software) C:\Users\RMM\Downloads\aswMBR.exe 2012-08-15 14:22 - 2012-08-15 14:22 - 00003792 ____A C:\{5963860B-E195-4BBA-AB90-9B7E7C3671A7} 2012-08-15 13:42 - 2012-08-15 13:42 - 00003720 ____A C:\{4C3147A9-BC32-4899-8D6F-8A047FA0EED5} 2012-08-15 12:38 - 2012-08-15 12:38 - 00003760 ____A C:\{0CF61C86-FE61-4A64-9937-66E5919030E5} 2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{A637E329-1310-49F7-8F38-4569D17FDB61} 2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{9697EFFD-403C-4745-A91D-41600FE071B6} 2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\Local Settings\{A637E329-1310-49F7-8F38-4569D17FDB61} 2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\Local Settings\{9697EFFD-403C-4745-A91D-41600FE071B6} 2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\AppData\Local\{A637E329-1310-49F7-8F38-4569D17FDB61} 2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\AppData\Local\{9697EFFD-403C-4745-A91D-41600FE071B6} 2012-08-14 22:48 - 2012-08-14 22:48 - 00003792 ____A C:\{FB76A57B-1113-452C-B6B9-93F335A15D8F} 2012-08-14 22:28 - 2012-04-17 21:13 - 00043640 ___RA (Symantec Corporation) C:\Windows\System32\Drivers\SymIMV.sys 2012-08-14 22:23 - 2012-08-14 22:23 - 00003720 ____A C:\{B4109F30-66E0-49E2-B6D2-1CC0F13EA7C7} 2012-08-14 22:01 - 2012-08-14 22:01 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-08-14 21:49 - 2012-08-14 21:49 - 00023769 ____A C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta 2012-08-14 21:48 - 2012-08-14 21:48 - 00000057 ____A C:\Users\All Users\Application Data\Ament.ini 2012-08-14 21:48 - 2012-08-14 21:48 - 00000057 ____A C:\Users\All Users\Ament.ini 2012-08-14 21:41 - 2012-08-14 21:42 - 54097776 ____A C:\Users\RMM\Downloads\PSB210_231.exe 2012-08-14 21:24 - 2012-08-14 21:24 - 00003760 ____A C:\{BBD3734D-E889-43B0-A857-B4CC06C8EA78} 2012-08-14 21:18 - 2012-08-14 21:18 - 00003760 ____A C:\{50FA2A9F-E2A9-4322-91ED-E81D59F4FEC5} 2012-08-14 14:31 - 2012-08-14 14:31 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(4).exe 2012-08-14 13:54 - 2012-08-14 13:54 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(3).exe 2012-08-14 13:53 - 2012-08-14 13:53 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(2).exe 2012-08-14 13:35 - 2012-08-14 13:35 - 00003760 ____A C:\{ED9F493B-59B8-417B-A4DA-C0D2B8B3199B} 2012-08-14 13:25 - 2012-08-14 13:25 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr.exe 2012-08-14 13:18 - 2012-08-14 13:18 - 00003792 ____A C:\{FFDB7126-BC32-4C79-B49C-9C3E16D3B044} 2012-08-14 12:13 - 2012-08-14 12:14 - 00003760 ____A C:\{321D1C4C-872E-4658-A7D8-43653EC0844F} 2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{FA1CF1D2-FD66-483E-9FA2-E72BFED0CEF4} 2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{A659029B-D9FD-42A8-BE71-C9081FA369DF} 2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\Local Settings\{FA1CF1D2-FD66-483E-9FA2-E72BFED0CEF4} 2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\Local Settings\{A659029B-D9FD-42A8-BE71-C9081FA369DF} 2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{FA1CF1D2-FD66-483E-9FA2-E72BFED0CEF4} 2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{A659029B-D9FD-42A8-BE71-C9081FA369DF} 2012-08-14 11:12 - 2012-08-16 17:17 - 00000000 ____D C:\Users\RMM\Local Settings\NPE 2012-08-14 11:12 - 2012-08-16 17:17 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\NPE 2012-08-14 11:12 - 2012-08-16 17:17 - 00000000 ____D C:\Users\RMM\AppData\Local\NPE 2012-08-14 11:12 - 2012-08-14 11:12 - 02841104 ____A (Symantec Corporation) C:\Users\RMM\Downloads\NPE.exe 2012-08-14 11:06 - 2012-08-16 19:11 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys 2012-08-14 11:05 - 2012-08-14 11:05 - 01805736 ____A (Symantec Corporation) C:\Users\RMM\Downloads\FixZeroAccess.exe 2012-08-14 00:04 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{05DB830E-2A99-4969-9EA2-7F34FB8D1B3D} 2012-08-14 00:04 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\Local Settings\{05DB830E-2A99-4969-9EA2-7F34FB8D1B3D} 2012-08-14 00:04 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\AppData\Local\{05DB830E-2A99-4969-9EA2-7F34FB8D1B3D} 2012-08-13 08:45 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{B9F73F73-B830-472A-B73C-16EFB047B9C7} 2012-08-13 08:45 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\Local Settings\{B9F73F73-B830-472A-B73C-16EFB047B9C7} 2012-08-13 08:45 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\AppData\Local\{B9F73F73-B830-472A-B73C-16EFB047B9C7} 2012-08-13 08:45 - 2012-08-13 08:45 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{89A2C94F-4866-4CC8-934D-0F92B4B76518} 2012-08-13 08:45 - 2012-08-13 08:45 - 00000000 ____D C:\Users\RMM\Local Settings\{89A2C94F-4866-4CC8-934D-0F92B4B76518} 2012-08-13 08:45 - 2012-08-13 08:45 - 00000000 ____D C:\Users\RMM\AppData\Local\{89A2C94F-4866-4CC8-934D-0F92B4B76518} 2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F6F60CF3-E7B5-4460-BA5E-7C50E4880127} 2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{99FFF4B5-2A37-4FEF-9202-3C2078AB6309} 2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\Local Settings\{F6F60CF3-E7B5-4460-BA5E-7C50E4880127} 2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\Local Settings\{99FFF4B5-2A37-4FEF-9202-3C2078AB6309} 2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\AppData\Local\{F6F60CF3-E7B5-4460-BA5E-7C50E4880127} 2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\AppData\Local\{99FFF4B5-2A37-4FEF-9202-3C2078AB6309} 2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F0328180-0ECD-4A21-A37C-FF946F2765EE} 2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{09554217-218F-4D25-90E4-4F81B6C0DDD5} 2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\Local Settings\{F0328180-0ECD-4A21-A37C-FF946F2765EE} 2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\Local Settings\{09554217-218F-4D25-90E4-4F81B6C0DDD5} 2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\AppData\Local\{F0328180-0ECD-4A21-A37C-FF946F2765EE} 2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\AppData\Local\{09554217-218F-4D25-90E4-4F81B6C0DDD5} 2012-08-11 17:52 - 2012-08-11 17:52 - 00000000 ___HD C:\Windows\AxInstSV 2012-08-11 11:14 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{837D1F1C-3597-41B3-A30C-07A708DAF902} 2012-08-11 11:14 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\Local Settings\{837D1F1C-3597-41B3-A30C-07A708DAF902} 2012-08-11 11:14 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\AppData\Local\{837D1F1C-3597-41B3-A30C-07A708DAF902} 2012-08-11 11:13 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F882A269-9FDD-4815-A2D6-E83B1E8D84C1} 2012-08-11 11:13 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\Local Settings\{F882A269-9FDD-4815-A2D6-E83B1E8D84C1} 2012-08-11 11:13 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\AppData\Local\{F882A269-9FDD-4815-A2D6-E83B1E8D84C1} 2012-08-10 23:13 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{119B9C3A-093C-47A5-B24A-5DE1FAD9E1E4} 2012-08-10 23:13 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\Local Settings\{119B9C3A-093C-47A5-B24A-5DE1FAD9E1E4} 2012-08-10 23:13 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\AppData\Local\{119B9C3A-093C-47A5-B24A-5DE1FAD9E1E4} 2012-08-10 09:22 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{AC115FEE-ED27-4B62-A56E-9F59D7DCDA12} 2012-08-10 09:22 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\Local Settings\{AC115FEE-ED27-4B62-A56E-9F59D7DCDA12} 2012-08-10 09:22 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\AppData\Local\{AC115FEE-ED27-4B62-A56E-9F59D7DCDA12} 2012-08-10 09:22 - 2012-08-10 09:23 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{E9C68CDF-6D2F-4D7F-A845-31C93F6BBEB1} 2012-08-10 09:22 - 2012-08-10 09:23 - 00000000 ____D C:\Users\RMM\Local Settings\{E9C68CDF-6D2F-4D7F-A845-31C93F6BBEB1} 2012-08-10 09:22 - 2012-08-10 09:23 - 00000000 ____D C:\Users\RMM\AppData\Local\{E9C68CDF-6D2F-4D7F-A845-31C93F6BBEB1} 2012-08-09 21:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{3E5898FE-CC5A-4AB8-91CB-D510FC7394D1} 2012-08-09 21:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\Local Settings\{3E5898FE-CC5A-4AB8-91CB-D510FC7394D1} 2012-08-09 21:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\AppData\Local\{3E5898FE-CC5A-4AB8-91CB-D510FC7394D1} 2012-08-09 09:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D9885B25-37DF-49CD-83DF-FBCECD18C2FB} 2012-08-09 09:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\Local Settings\{D9885B25-37DF-49CD-83DF-FBCECD18C2FB} 2012-08-09 09:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\AppData\Local\{D9885B25-37DF-49CD-83DF-FBCECD18C2FB} 2012-08-09 09:18 - 2012-08-09 09:18 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{991CF80A-6D78-4746-9592-18C07DE0D60F} 2012-08-09 09:18 - 2012-08-09 09:18 - 00000000 ____D C:\Users\RMM\Local Settings\{991CF80A-6D78-4746-9592-18C07DE0D60F} 2012-08-09 09:18 - 2012-08-09 09:18 - 00000000 ____D C:\Users\RMM\AppData\Local\{991CF80A-6D78-4746-9592-18C07DE0D60F} 2012-08-08 12:27 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{675CBA03-E7C3-41B3-9C13-0F40A5586FFF} 2012-08-08 12:27 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\Local Settings\{675CBA03-E7C3-41B3-9C13-0F40A5586FFF} 2012-08-08 12:27 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\AppData\Local\{675CBA03-E7C3-41B3-9C13-0F40A5586FFF} 2012-08-08 12:26 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F60F0D4B-06AF-4DEF-8B75-8D53D5F92673} 2012-08-08 12:26 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\Local Settings\{F60F0D4B-06AF-4DEF-8B75-8D53D5F92673} 2012-08-08 12:26 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\AppData\Local\{F60F0D4B-06AF-4DEF-8B75-8D53D5F92673} 2012-08-08 00:26 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D67EA215-9F25-4610-9A89-FA536602AF56} 2012-08-08 00:26 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\Local Settings\{D67EA215-9F25-4610-9A89-FA536602AF56} 2012-08-08 00:26 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\AppData\Local\{D67EA215-9F25-4610-9A89-FA536602AF56} 2012-08-07 12:25 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{76CB3C6B-97C6-4AF3-AA21-3965DBB2B1F3} 2012-08-07 12:25 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\Local Settings\{76CB3C6B-97C6-4AF3-AA21-3965DBB2B1F3} 2012-08-07 12:25 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\AppData\Local\{76CB3C6B-97C6-4AF3-AA21-3965DBB2B1F3} 2012-08-07 12:25 - 2012-08-07 12:26 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{2B39B171-CE07-41FD-BBE6-2BF2DBF389FD} 2012-08-07 12:25 - 2012-08-07 12:26 - 00000000 ____D C:\Users\RMM\Local Settings\{2B39B171-CE07-41FD-BBE6-2BF2DBF389FD} 2012-08-07 12:25 - 2012-08-07 12:26 - 00000000 ____D C:\Users\RMM\AppData\Local\{2B39B171-CE07-41FD-BBE6-2BF2DBF389FD} 2012-08-07 00:25 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{593B54A5-82EA-44D3-BA96-2CC0017D55EF} 2012-08-07 00:25 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\Local Settings\{593B54A5-82EA-44D3-BA96-2CC0017D55EF} 2012-08-07 00:25 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\AppData\Local\{593B54A5-82EA-44D3-BA96-2CC0017D55EF} 2012-08-06 12:24 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{91D3D61E-800A-495E-B315-62E7D04D5377} 2012-08-06 12:24 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\Local Settings\{91D3D61E-800A-495E-B315-62E7D04D5377} 2012-08-06 12:24 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\AppData\Local\{91D3D61E-800A-495E-B315-62E7D04D5377} 2012-08-06 12:24 - 2012-08-06 12:24 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{5633E9FE-3E8D-4D58-BDA8-9DC77EF82D3E} 2012-08-06 12:24 - 2012-08-06 12:24 - 00000000 ____D C:\Users\RMM\Local Settings\{5633E9FE-3E8D-4D58-BDA8-9DC77EF82D3E} 2012-08-06 12:24 - 2012-08-06 12:24 - 00000000 ____D C:\Users\RMM\AppData\Local\{5633E9FE-3E8D-4D58-BDA8-9DC77EF82D3E} 2012-08-06 00:24 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{FDB91CF9-3094-46E1-B264-FB81B1B93C0E} 2012-08-06 00:24 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\Local Settings\{FDB91CF9-3094-46E1-B264-FB81B1B93C0E} 2012-08-06 00:24 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\AppData\Local\{FDB91CF9-3094-46E1-B264-FB81B1B93C0E} 2012-08-06 00:23 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{3F0D996E-6247-4B0F-B818-3999076A925D} 2012-08-06 00:23 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\Local Settings\{3F0D996E-6247-4B0F-B818-3999076A925D} 2012-08-06 00:23 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\AppData\Local\{3F0D996E-6247-4B0F-B818-3999076A925D} 2012-08-05 09:40 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{1D300A15-51E3-4990-BE39-C0CE1BD5EBC7} 2012-08-05 09:40 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\Local Settings\{1D300A15-51E3-4990-BE39-C0CE1BD5EBC7} 2012-08-05 09:40 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\AppData\Local\{1D300A15-51E3-4990-BE39-C0CE1BD5EBC7} 2012-08-05 09:39 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{8474DDF2-EAD0-459C-B40F-B8277E36432B} 2012-08-05 09:39 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\Local Settings\{8474DDF2-EAD0-459C-B40F-B8277E36432B} 2012-08-05 09:39 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\AppData\Local\{8474DDF2-EAD0-459C-B40F-B8277E36432B} 2012-08-04 12:47 - 2012-08-04 12:48 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{463D5658-B30B-42B3-8E5D-2030832BC0E8} 2012-08-04 12:47 - 2012-08-04 12:48 - 00000000 ____D C:\Users\RMM\Local Settings\{463D5658-B30B-42B3-8E5D-2030832BC0E8} 2012-08-04 12:47 - 2012-08-04 12:48 - 00000000 ____D C:\Users\RMM\AppData\Local\{463D5658-B30B-42B3-8E5D-2030832BC0E8} 2012-08-04 12:47 - 2012-08-04 12:47 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{28F7CEF4-E731-479D-AF05-59F0ED2C2787} 2012-08-04 12:47 - 2012-08-04 12:47 - 00000000 ____D C:\Users\RMM\Local Settings\{28F7CEF4-E731-479D-AF05-59F0ED2C2787} 2012-08-04 12:47 - 2012-08-04 12:47 - 00000000 ____D C:\Users\RMM\AppData\Local\{28F7CEF4-E731-479D-AF05-59F0ED2C2787} 2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F8A91784-BA0E-48A2-B46E-0CC2988CC242} 2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{DB4EA400-5C5B-4B32-B397-8DE70B21C33B} 2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\Local Settings\{F8A91784-BA0E-48A2-B46E-0CC2988CC242} 2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\Local Settings\{DB4EA400-5C5B-4B32-B397-8DE70B21C33B} 2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\AppData\Local\{F8A91784-BA0E-48A2-B46E-0CC2988CC242} 2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\AppData\Local\{DB4EA400-5C5B-4B32-B397-8DE70B21C33B} 2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{6B057843-2ACA-4A9A-AE30-4DBC774971C2} 2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{52D300EF-52F5-4D3B-859E-2C4631FDD93D} 2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\Local Settings\{6B057843-2ACA-4A9A-AE30-4DBC774971C2} 2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\Local Settings\{52D300EF-52F5-4D3B-859E-2C4631FDD93D} 2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\AppData\Local\{6B057843-2ACA-4A9A-AE30-4DBC774971C2} 2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\AppData\Local\{52D300EF-52F5-4D3B-859E-2C4631FDD93D} 2012-08-03 00:15 - 2012-08-03 00:16 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{4DA5AD36-5D87-47B2-BBAC-E4000FCA7BFC} 2012-08-03 00:15 - 2012-08-03 00:16 - 00000000 ____D C:\Users\RMM\Local Settings\{4DA5AD36-5D87-47B2-BBAC-E4000FCA7BFC} 2012-08-03 00:15 - 2012-08-03 00:16 - 00000000 ____D C:\Users\RMM\AppData\Local\{4DA5AD36-5D87-47B2-BBAC-E4000FCA7BFC} 2012-08-02 08:46 - 2012-08-03 00:15 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{34FFEAFE-29B4-40E4-9A72-DFCAFFA9C2E3} 2012-08-02 08:46 - 2012-08-03 00:15 - 00000000 ____D C:\Users\RMM\Local Settings\{34FFEAFE-29B4-40E4-9A72-DFCAFFA9C2E3} 2012-08-02 08:46 - 2012-08-03 00:15 - 00000000 ____D C:\Users\RMM\AppData\Local\{34FFEAFE-29B4-40E4-9A72-DFCAFFA9C2E3} 2012-08-02 08:46 - 2012-08-02 08:46 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{0940972B-E206-43CC-AC82-2E09491CA6FA} 2012-08-02 08:46 - 2012-08-02 08:46 - 00000000 ____D C:\Users\RMM\Local Settings\{0940972B-E206-43CC-AC82-2E09491CA6FA} 2012-08-02 08:46 - 2012-08-02 08:46 - 00000000 ____D C:\Users\RMM\AppData\Local\{0940972B-E206-43CC-AC82-2E09491CA6FA} 2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{96EC2E17-4384-46FE-ACE0-FC5842A59C14} 2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{60117C8A-9AD0-4919-B211-476FC6083680} 2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\Local Settings\{96EC2E17-4384-46FE-ACE0-FC5842A59C14} 2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\Local Settings\{60117C8A-9AD0-4919-B211-476FC6083680} 2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\AppData\Local\{96EC2E17-4384-46FE-ACE0-FC5842A59C14} 2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\AppData\Local\{60117C8A-9AD0-4919-B211-476FC6083680} 2012-08-01 00:01 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{3F0F3C9E-6870-4426-B90A-0A1BA1346D86} 2012-08-01 00:01 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\Local Settings\{3F0F3C9E-6870-4426-B90A-0A1BA1346D86} 2012-08-01 00:01 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\AppData\Local\{3F0F3C9E-6870-4426-B90A-0A1BA1346D86} 2012-07-31 10:32 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{B09D69B9-F64B-4E78-8659-C1535B5327E0} 2012-07-31 10:32 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\Local Settings\{B09D69B9-F64B-4E78-8659-C1535B5327E0} 2012-07-31 10:32 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\AppData\Local\{B09D69B9-F64B-4E78-8659-C1535B5327E0} 2012-07-31 10:32 - 2012-07-31 10:32 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{79207371-F4B0-42D6-90A6-6792E2B2D1F1} 2012-07-31 10:32 - 2012-07-31 10:32 - 00000000 ____D C:\Users\RMM\Local Settings\{79207371-F4B0-42D6-90A6-6792E2B2D1F1} 2012-07-31 10:32 - 2012-07-31 10:32 - 00000000 ____D C:\Users\RMM\AppData\Local\{79207371-F4B0-42D6-90A6-6792E2B2D1F1} 2012-07-30 22:31 - 2012-07-30 22:32 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{13967209-734A-46EE-8378-F75FC02BFEFB} 2012-07-30 22:31 - 2012-07-30 22:32 - 00000000 ____D C:\Users\RMM\Local Settings\{13967209-734A-46EE-8378-F75FC02BFEFB} 2012-07-30 22:31 - 2012-07-30 22:32 - 00000000 ____D C:\Users\RMM\AppData\Local\{13967209-734A-46EE-8378-F75FC02BFEFB} 2012-07-30 10:31 - 2012-07-30 22:31 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{A9B999A4-00BA-4D85-B94B-D4A4ADC08EF8} 2012-07-30 10:31 - 2012-07-30 22:31 - 00000000 ____D C:\Users\RMM\Local Settings\{A9B999A4-00BA-4D85-B94B-D4A4ADC08EF8} 2012-07-30 10:31 - 2012-07-30 22:31 - 00000000 ____D C:\Users\RMM\AppData\Local\{A9B999A4-00BA-4D85-B94B-D4A4ADC08EF8} 2012-07-30 10:31 - 2012-07-30 10:31 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{7D5DD3AC-B5EE-4962-86EA-D98BB26D8C2C} 2012-07-30 10:31 - 2012-07-30 10:31 - 00000000 ____D C:\Users\RMM\Local Settings\{7D5DD3AC-B5EE-4962-86EA-D98BB26D8C2C} 2012-07-30 10:31 - 2012-07-30 10:31 - 00000000 ____D C:\Users\RMM\AppData\Local\{7D5DD3AC-B5EE-4962-86EA-D98BB26D8C2C} 2012-07-29 22:30 - 2012-07-29 22:31 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{ED4CD015-95E9-4D1E-A1A9-15375DD5EFEB} 2012-07-29 22:30 - 2012-07-29 22:31 - 00000000 ____D C:\Users\RMM\Local Settings\{ED4CD015-95E9-4D1E-A1A9-15375DD5EFEB} 2012-07-29 22:30 - 2012-07-29 22:31 - 00000000 ____D C:\Users\RMM\AppData\Local\{ED4CD015-95E9-4D1E-A1A9-15375DD5EFEB} 2012-07-29 10:30 - 2012-07-29 22:30 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{0624BC34-907A-4F4B-9306-AE9A37580D04} 2012-07-29 10:30 - 2012-07-29 22:30 - 00000000 ____D C:\Users\RMM\Local Settings\{0624BC34-907A-4F4B-9306-AE9A37580D04} 2012-07-29 10:30 - 2012-07-29 22:30 - 00000000 ____D C:\Users\RMM\AppData\Local\{0624BC34-907A-4F4B-9306-AE9A37580D04} 2012-07-29 10:30 - 2012-07-29 10:30 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{39D7EA90-31E8-43F4-BB89-04EB06D8A4E3} 2012-07-29 10:30 - 2012-07-29 10:30 - 00000000 ____D C:\Users\RMM\Local Settings\{39D7EA90-31E8-43F4-BB89-04EB06D8A4E3} 2012-07-29 10:30 - 2012-07-29 10:30 - 00000000 ____D C:\Users\RMM\AppData\Local\{39D7EA90-31E8-43F4-BB89-04EB06D8A4E3} 2012-07-28 22:29 - 2012-07-28 22:30 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{6C4A065D-3118-420D-A326-6D4D1BAAD61F} 2012-07-28 22:29 - 2012-07-28 22:30 - 00000000 ____D C:\Users\RMM\Local Settings\{6C4A065D-3118-420D-A326-6D4D1BAAD61F} 2012-07-28 22:29 - 2012-07-28 22:30 - 00000000 ____D C:\Users\RMM\AppData\Local\{6C4A065D-3118-420D-A326-6D4D1BAAD61F} 2012-07-28 22:29 - 2012-07-28 22:29 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{3CC97B82-DAEF-4309-A3AF-A9EB65D84CA1} 2012-07-28 22:29 - 2012-07-28 22:29 - 00000000 ____D C:\Users\RMM\Local Settings\{3CC97B82-DAEF-4309-A3AF-A9EB65D84CA1} 2012-07-28 22:29 - 2012-07-28 22:29 - 00000000 ____D C:\Users\RMM\AppData\Local\{3CC97B82-DAEF-4309-A3AF-A9EB65D84CA1} 2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{EBE28A12-BD75-447B-B9ED-220B04132C69} 2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{51DDDA2E-2F45-467B-AA5E-9C06AF4E78B8} 2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\Local Settings\{EBE28A12-BD75-447B-B9ED-220B04132C69} 2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\Local Settings\{51DDDA2E-2F45-467B-AA5E-9C06AF4E78B8} 2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\AppData\Local\{EBE28A12-BD75-447B-B9ED-220B04132C69} 2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\AppData\Local\{51DDDA2E-2F45-467B-AA5E-9C06AF4E78B8} 2012-07-27 12:51 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{4E0A70B0-5A67-418D-83BA-C1DE9DCAA350} 2012-07-27 12:51 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\Local Settings\{4E0A70B0-5A67-418D-83BA-C1DE9DCAA350} 2012-07-27 12:51 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\AppData\Local\{4E0A70B0-5A67-418D-83BA-C1DE9DCAA350} 2012-07-27 12:50 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{4751DAAB-8D45-4430-A540-0FF564C9799E} 2012-07-27 12:50 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\Local Settings\{4751DAAB-8D45-4430-A540-0FF564C9799E} 2012-07-27 12:50 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\AppData\Local\{4751DAAB-8D45-4430-A540-0FF564C9799E} 2012-07-27 00:50 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{591F3CE8-744D-43AC-8040-1E1887FDA0C5} 2012-07-27 00:50 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\Local Settings\{591F3CE8-744D-43AC-8040-1E1887FDA0C5} 2012-07-27 00:50 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\AppData\Local\{591F3CE8-744D-43AC-8040-1E1887FDA0C5} 2012-07-26 11:06 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{BE44E587-A7D0-4EE8-A3DD-18F05C6CAA05} 2012-07-26 11:06 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\Local Settings\{BE44E587-A7D0-4EE8-A3DD-18F05C6CAA05} 2012-07-26 11:06 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\AppData\Local\{BE44E587-A7D0-4EE8-A3DD-18F05C6CAA05} 2012-07-26 11:06 - 2012-07-26 11:06 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{1ED25BEE-AFF3-4E48-979D-C3F71CD01F48} 2012-07-26 11:06 - 2012-07-26 11:06 - 00000000 ____D C:\Users\RMM\Local Settings\{1ED25BEE-AFF3-4E48-979D-C3F71CD01F48} 2012-07-26 11:06 - 2012-07-26 11:06 - 00000000 ____D C:\Users\RMM\AppData\Local\{1ED25BEE-AFF3-4E48-979D-C3F71CD01F48} 2012-07-25 23:05 - 2012-07-25 23:06 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{5D92EC0E-D32E-4FD5-B387-4455B75B147A} 2012-07-25 23:05 - 2012-07-25 23:06 - 00000000 ____D C:\Users\RMM\Local Settings\{5D92EC0E-D32E-4FD5-B387-4455B75B147A} 2012-07-25 23:05 - 2012-07-25 23:06 - 00000000 ____D C:\Users\RMM\AppData\Local\{5D92EC0E-D32E-4FD5-B387-4455B75B147A} 2012-07-25 11:05 - 2012-07-25 23:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{25947CF4-129E-4F04-8B7B-F5C6C1F1D290} 2012-07-25 11:05 - 2012-07-25 23:05 - 00000000 ____D C:\Users\RMM\Local Settings\{25947CF4-129E-4F04-8B7B-F5C6C1F1D290} 2012-07-25 11:05 - 2012-07-25 23:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{25947CF4-129E-4F04-8B7B-F5C6C1F1D290} 2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{5F3E208D-29BA-494D-9D4E-A4CDF749AC63} 2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\RMM\Local Settings\{5F3E208D-29BA-494D-9D4E-A4CDF749AC63} 2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{5F3E208D-29BA-494D-9D4E-A4CDF749AC63} 2012-07-24 23:04 - 2012-07-24 23:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{2A306726-00D0-455E-9D20-0F7384B484BB} 2012-07-24 23:04 - 2012-07-24 23:05 - 00000000 ____D C:\Users\RMM\Local Settings\{2A306726-00D0-455E-9D20-0F7384B484BB} 2012-07-24 23:04 - 2012-07-24 23:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{2A306726-00D0-455E-9D20-0F7384B484BB} 2012-07-24 11:04 - 2012-07-24 23:04 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D05B55E7-7005-47F3-9105-570DAD623928} 2012-07-24 11:04 - 2012-07-24 23:04 - 00000000 ____D C:\Users\RMM\Local Settings\{D05B55E7-7005-47F3-9105-570DAD623928} 2012-07-24 11:04 - 2012-07-24 23:04 - 00000000 ____D C:\Users\RMM\AppData\Local\{D05B55E7-7005-47F3-9105-570DAD623928} 2012-07-24 11:04 - 2012-07-24 11:04 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{AE4DEE3D-2C59-4223-B77C-E57733C55994} 2012-07-24 11:04 - 2012-07-24 11:04 - 00000000 ____D C:\Users\RMM\Local Settings\{AE4DEE3D-2C59-4223-B77C-E57733C55994} 2012-07-24 11:04 - 2012-07-24 11:04 - 00000000 ____D C:\Users\RMM\AppData\Local\{AE4DEE3D-2C59-4223-B77C-E57733C55994} 2012-07-23 23:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{C80711FD-DE96-4198-A832-25BBA3E7E453} 2012-07-23 23:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\Local Settings\{C80711FD-DE96-4198-A832-25BBA3E7E453} 2012-07-23 23:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\AppData\Local\{C80711FD-DE96-4198-A832-25BBA3E7E453} 2012-07-23 11:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{85C1CAEF-D585-4298-AFEA-069813DCACC3} 2012-07-23 11:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\Local Settings\{85C1CAEF-D585-4298-AFEA-069813DCACC3} 2012-07-23 11:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\AppData\Local\{85C1CAEF-D585-4298-AFEA-069813DCACC3} 2012-07-23 11:03 - 2012-07-23 11:03 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{90DDC845-624E-46D5-BDAD-177F007D6CB0} 2012-07-23 11:03 - 2012-07-23 11:03 - 00000000 ____D C:\Users\RMM\Local Settings\{90DDC845-624E-46D5-BDAD-177F007D6CB0} 2012-07-23 11:03 - 2012-07-23 11:03 - 00000000 ____D C:\Users\RMM\AppData\Local\{90DDC845-624E-46D5-BDAD-177F007D6CB0} 2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{AD726F8B-2977-400D-AFA0-7F836174ADE3} 2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{4D60AC6A-E8BF-43CE-B354-0E0063DB2E4B} 2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\Local Settings\{AD726F8B-2977-400D-AFA0-7F836174ADE3} 2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\Local Settings\{4D60AC6A-E8BF-43CE-B354-0E0063DB2E4B} 2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\AppData\Local\{AD726F8B-2977-400D-AFA0-7F836174ADE3} 2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\AppData\Local\{4D60AC6A-E8BF-43CE-B354-0E0063DB2E4B} 2012-07-22 00:41 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D0650365-2E00-44B3-AD69-30377163F88E} 2012-07-22 00:41 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\Local Settings\{D0650365-2E00-44B3-AD69-30377163F88E} 2012-07-22 00:41 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{D0650365-2E00-44B3-AD69-30377163F88E} 2012-07-21 12:28 - 2012-07-21 12:28 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{9E895D5D-E94D-4142-A96E-81BEC88D8855} 2012-07-21 12:28 - 2012-07-21 12:28 - 00000000 ____D C:\Users\RMM\Local Settings\{9E895D5D-E94D-4142-A96E-81BEC88D8855} 2012-07-21 12:28 - 2012-07-21 12:28 - 00000000 ____D C:\Users\RMM\AppData\Local\{9E895D5D-E94D-4142-A96E-81BEC88D8855} 2012-07-21 12:27 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{E91597F3-A23C-4C69-BE16-D90E8E18F004} 2012-07-21 12:27 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\Local Settings\{E91597F3-A23C-4C69-BE16-D90E8E18F004} 2012-07-21 12:27 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{E91597F3-A23C-4C69-BE16-D90E8E18F004} 2012-07-21 00:27 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D7FBD547-B5C2-43D3-A7B2-150F850E7613} 2012-07-21 00:27 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\Local Settings\{D7FBD547-B5C2-43D3-A7B2-150F850E7613} 2012-07-21 00:27 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\AppData\Local\{D7FBD547-B5C2-43D3-A7B2-150F850E7613} 2012-07-20 11:42 - 2012-07-20 11:42 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{1A8A2434-B52F-4DB0-8A4B-C33792EA35B8} 2012-07-20 11:42 - 2012-07-20 11:42 - 00000000 ____D C:\Users\RMM\Local Settings\{1A8A2434-B52F-4DB0-8A4B-C33792EA35B8} 2012-07-20 11:42 - 2012-07-20 11:42 - 00000000 ____D C:\Users\RMM\AppData\Local\{1A8A2434-B52F-4DB0-8A4B-C33792EA35B8} 2012-07-20 11:41 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{30D51098-FAEF-41A3-895A-0921E9930B45} 2012-07-20 11:41 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\Local Settings\{30D51098-FAEF-41A3-895A-0921E9930B45} 2012-07-20 11:41 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\AppData\Local\{30D51098-FAEF-41A3-895A-0921E9930B45} 2012-07-19 23:41 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{2567E23A-9109-460A-91A1-C21D453DB40E} 2012-07-19 23:41 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\Local Settings\{2567E23A-9109-460A-91A1-C21D453DB40E} 2012-07-19 23:41 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{2567E23A-9109-460A-91A1-C21D453DB40E} 2012-07-19 15:52 - 2012-07-19 15:52 - 20275048 ____A (Microsoft Corporation) C:\Users\RMM\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE 2012-07-19 11:40 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{C80B05FD-6D1C-46BC-88E0-993C381DBE66} 2012-07-19 11:40 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\Local Settings\{C80B05FD-6D1C-46BC-88E0-993C381DBE66} 2012-07-19 11:40 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{C80B05FD-6D1C-46BC-88E0-993C381DBE66} 2012-07-19 11:40 - 2012-07-19 11:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F1C5AD37-A60D-457E-9A80-8311F8600FA3} 2012-07-19 11:40 - 2012-07-19 11:41 - 00000000 ____D C:\Users\RMM\Local Settings\{F1C5AD37-A60D-457E-9A80-8311F8600FA3} 2012-07-19 11:40 - 2012-07-19 11:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{F1C5AD37-A60D-457E-9A80-8311F8600FA3} 2012-07-18 22:48 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{E47E6D1D-AA7C-4B94-A734-4F4B901F5DA5} 2012-07-18 22:48 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\Local Settings\{E47E6D1D-AA7C-4B94-A734-4F4B901F5DA5} 2012-07-18 22:48 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\AppData\Local\{E47E6D1D-AA7C-4B94-A734-4F4B901F5DA5} 2012-07-18 10:47 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{777675C5-D0CC-4E85-83B8-ECC74E85B907} 2012-07-18 10:47 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\Local Settings\{777675C5-D0CC-4E85-83B8-ECC74E85B907} 2012-07-18 10:47 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\AppData\Local\{777675C5-D0CC-4E85-83B8-ECC74E85B907} 2012-07-18 10:47 - 2012-07-18 10:47 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{B0B58347-A620-4A51-82DA-70C8A9122907} 2012-07-18 10:47 - 2012-07-18 10:47 - 00000000 ____D C:\Users\RMM\Local Settings\{B0B58347-A620-4A51-82DA-70C8A9122907} 2012-07-18 10:47 - 2012-07-18 10:47 - 00000000 ____D C:\Users\RMM\AppData\Local\{B0B58347-A620-4A51-82DA-70C8A9122907} ============ 3 Months Modified Files ======================== 2012-08-17 01:56 - 2009-07-13 23:51 - 00253218 ____A C:\Windows\setupact.log 2012-08-17 01:53 - 2010-01-26 05:29 - 00000073 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log 2012-08-17 01:52 - 2010-02-27 23:06 - 00058288 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2012-08-17 01:52 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-17 01:42 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-17 01:42 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-17 01:38 - 2009-07-14 00:13 - 00803420 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-17 01:18 - 2012-05-08 09:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-17 00:07 - 2012-08-17 00:07 - 00003720 ____A C:\{08A08690-5029-4DD2-93BD-219B6FE370E8} 2012-08-17 00:07 - 2012-08-17 00:07 - 00000061 ____A C:\Users\RMM\Application Data\mbam.context.scan 2012-08-17 00:07 - 2012-08-17 00:07 - 00000061 ____A C:\Users\RMM\AppData\Roaming\mbam.context.scan 2012-08-17 00:02 - 2010-01-26 06:44 - 00499516 ____A C:\Windows\PFRO.log 2012-08-16 23:05 - 2012-08-16 23:04 - 00001207 ____A C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk 2012-08-16 22:12 - 2012-08-16 22:12 - 00003792 ____A C:\{97BD8F1A-6284-481E-BBF0-E3A50C4673B4} 2012-08-16 19:16 - 2012-08-16 19:16 - 00003720 ____A C:\{8FF1BC36-C401-45AF-8BBC-2F3C0617FA76} 2012-08-16 19:11 - 2012-08-14 11:06 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys 2012-08-16 18:28 - 2012-08-16 18:28 - 00003760 ____A C:\{9B7B57C2-6A07-42EF-B7C3-DD56177B78E2} 2012-08-16 17:24 - 2012-08-16 17:24 - 00003760 ____A C:\{38CAEDBB-D3B6-4F27-AA3F-739BAE03DD39} 2012-08-16 17:20 - 2012-08-15 16:44 - 00000442 ____A C:\Windows\Tasks\PC Utility Kit Update3.job 2012-08-16 17:20 - 2012-08-15 16:44 - 00000440 ____A C:\Windows\Tasks\PC Utility Kit.job 2012-08-16 17:00 - 2012-08-16 17:00 - 00003792 ____A C:\{1B5ED7CC-C2F5-4D13-8AEA-C43738DBD970} 2012-08-16 16:54 - 2012-08-16 16:54 - 00003760 ____A C:\{AFC8B51A-8808-44EE-A490-57D79F83B654} 2012-08-16 16:43 - 2012-08-16 16:43 - 00003760 ____A C:\{B5E60680-26A6-414B-AC0B-EC147D941ECD} 2012-08-16 16:28 - 2012-08-16 16:28 - 00003792 ____A C:\{924A804A-642C-468C-95A8-057C39B3A191} 2012-08-16 16:26 - 2012-08-16 16:26 - 00003760 ____A C:\{C4877D03-D463-402E-9F66-E1B5EFEEC6AC} 2012-08-16 16:24 - 2012-08-16 16:24 - 00003760 ____A C:\{5E9C62BB-DC5F-44C3-9C31-AD2C4D005624} 2012-08-16 16:23 - 2012-08-16 16:23 - 00003752 ____A C:\{3E430B90-8895-43E4-A52A-6F167DFCE4E4} 2012-08-16 16:21 - 2012-08-16 16:21 - 00003760 ____A C:\{A5974494-044E-432C-A6D1-41279C05C090} 2012-08-16 16:19 - 2012-08-16 16:19 - 00003792 ____A C:\{E1616212-E3A9-488C-ACAC-BCD28FBFD2B6} 2012-08-16 16:17 - 2012-08-16 16:17 - 00003760 ____A C:\{08B1F027-9D8B-40FA-B55D-509484305936} 2012-08-16 15:11 - 2012-08-16 15:10 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\RMM\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-15 19:00 - 2012-08-15 16:45 - 00000476 ____A C:\Windows\Tasks\PC Utility Kit Registration3.job 2012-08-15 16:44 - 2012-08-15 16:44 - 00001234 ____A C:\Users\RMM\Desktop\PC Utility Kit.lnk 2012-08-15 16:37 - 2012-08-15 16:36 - 04765704 ____A (Red Dog Media, Inc.) C:\Users\RMM\Downloads\PC Utility Kit Installer.exe 2012-08-15 16:34 - 2012-08-15 16:34 - 00003760 ____A C:\{DB641AAF-55E2-42C9-A9ED-757B07662B39} 2012-08-15 16:06 - 2012-08-15 16:06 - 00002114 ____A C:\Users\RMM\Desktop\aswMBR.txt 2012-08-15 16:06 - 2012-08-15 16:06 - 00000512 ____A C:\Users\RMM\Desktop\MBR.dat 2012-08-15 15:47 - 2012-08-15 15:47 - 00003760 ____A C:\{1C072F82-80CD-485B-83D5-52CBA779E41A} 2012-08-15 15:45 - 2012-08-15 15:45 - 00003792 ____A C:\{FC5F50EA-8B5D-455A-893A-FFBF42C2EB25} 2012-08-15 15:38 - 2012-08-15 15:38 - 00003792 ____A C:\{7503E6A2-FC1E-4F37-98DB-F29268D1701A} 2012-08-15 15:37 - 2012-08-15 15:37 - 00003760 ____A C:\{92A78B61-AC8A-4D9B-A314-B5E6CE7F7DA1} 2012-08-15 15:31 - 2012-08-15 15:31 - 00003792 ____A C:\{AD996293-A8AB-481A-B42A-DA33FBD9C63F} 2012-08-15 15:30 - 2012-08-15 15:30 - 00003760 ____A C:\{DC8BE0B0-42F6-457C-85D7-C10A9E9D660F} 2012-08-15 15:16 - 2012-08-15 15:16 - 00000856 ____A C:\Users\RMM\Downloads\Downloads - Shortcut.lnk 2012-08-15 14:37 - 2009-07-14 00:10 - 01932677 ____A C:\Windows\WindowsUpdate.log 2012-08-15 14:26 - 2012-08-15 14:24 - 04731392 ____A (AVAST Software) C:\Users\RMM\Downloads\aswMBR.exe 2012-08-15 14:22 - 2012-08-15 14:22 - 00003792 ____A C:\{5963860B-E195-4BBA-AB90-9B7E7C3671A7} 2012-08-15 13:42 - 2012-08-15 13:42 - 00003720 ____A C:\{4C3147A9-BC32-4899-8D6F-8A047FA0EED5} 2012-08-15 12:38 - 2012-08-15 12:38 - 00003760 ____A C:\{0CF61C86-FE61-4A64-9937-66E5919030E5} 2012-08-15 12:18 - 2012-05-08 09:11 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-15 12:18 - 2011-06-01 20:48 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-14 22:48 - 2012-08-14 22:48 - 00003792 ____A C:\{FB76A57B-1113-452C-B6B9-93F335A15D8F} 2012-08-14 22:23 - 2012-08-14 22:23 - 00003720 ____A C:\{B4109F30-66E0-49E2-B6D2-1CC0F13EA7C7} 2012-08-14 21:49 - 2012-08-14 21:49 - 00023769 ____A C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta 2012-08-14 21:48 - 2012-08-14 21:48 - 00000057 ____A C:\Users\All Users\Application Data\Ament.ini 2012-08-14 21:48 - 2012-08-14 21:48 - 00000057 ____A C:\Users\All Users\Ament.ini 2012-08-14 21:42 - 2012-08-14 21:41 - 54097776 ____A C:\Users\RMM\Downloads\PSB210_231.exe 2012-08-14 21:24 - 2012-08-14 21:24 - 00003760 ____A C:\{BBD3734D-E889-43B0-A857-B4CC06C8EA78} 2012-08-14 21:18 - 2012-08-14 21:18 - 00003760 ____A C:\{50FA2A9F-E2A9-4322-91ED-E81D59F4FEC5} 2012-08-14 21:14 - 2010-02-09 03:05 - 00002503 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk 2012-08-14 21:14 - 2010-02-09 03:05 - 00002503 ____A C:\Users\All Users\Desktop\Norton Internet Security.lnk 2012-08-14 14:31 - 2012-08-14 14:31 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(4).exe 2012-08-14 13:54 - 2012-08-14 13:54 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(3).exe 2012-08-14 13:53 - 2012-08-14 13:53 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(2).exe 2012-08-14 13:35 - 2012-08-14 13:35 - 00003760 ____A C:\{ED9F493B-59B8-417B-A4DA-C0D2B8B3199B} 2012-08-14 13:25 - 2012-08-14 13:25 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr.exe 2012-08-14 13:18 - 2012-08-14 13:18 - 00003792 ____A C:\{FFDB7126-BC32-4C79-B49C-9C3E16D3B044} 2012-08-14 12:14 - 2012-08-14 12:13 - 00003760 ____A C:\{321D1C4C-872E-4658-A7D8-43653EC0844F} 2012-08-14 11:12 - 2012-08-14 11:12 - 02841104 ____A (Symantec Corporation) C:\Users\RMM\Downloads\NPE.exe 2012-08-14 11:05 - 2012-08-14 11:05 - 01805736 ____A (Symantec Corporation) C:\Users\RMM\Downloads\FixZeroAccess.exe 2012-07-19 15:52 - 2012-07-19 15:52 - 20275048 ____A (Microsoft Corporation) C:\Users\RMM\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE 2012-07-16 17:16 - 2012-07-16 17:15 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-07-16 17:16 - 2012-07-16 17:15 - 00002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk 2012-07-12 08:49 - 2009-07-13 23:45 - 03018408 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 23:55 - 2009-07-13 21:34 - 00000478 ____A C:\Windows\win.ini 2012-07-11 23:51 - 2010-02-09 01:31 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-03 14:46 - 2012-08-16 15:12 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-29 00:24 - 2012-06-20 21:53 - 00002096 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2012-06-29 00:24 - 2012-06-20 21:53 - 00002096 ____A C:\Users\All Users\Desktop\McAfee Security Scan Plus.lnk 2012-06-25 00:15 - 2010-01-26 05:13 - 00032519 ____A C:\Windows\DirectX.log 2012-06-20 07:52 - 2009-07-14 00:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-15 09:42 - 2012-06-15 09:42 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-15 09:42 - 2012-06-15 09:42 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-06-11 22:08 - 2012-07-11 23:55 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-09 00:43 - 2012-07-11 08:18 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 23:41 - 2012-07-11 08:18 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-08 10:59 - 2010-04-13 17:07 - 00013160 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\Upgrd.exe 2012-06-08 10:59 - 2010-02-27 23:06 - 00058288 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe 2012-06-06 01:06 - 2012-07-11 08:18 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-06 01:06 - 2012-07-11 08:18 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-06 01:02 - 2012-07-11 08:18 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-06 00:05 - 2012-07-11 08:18 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-06 00:05 - 2012-07-11 08:18 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-06 00:03 - 2012-07-11 08:18 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-03 23:15 - 2011-08-11 14:19 - 00001013 ____A C:\Users\RMM\Desktop\Dropbox.lnk 2012-06-02 17:19 - 2012-06-24 10:12 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 17:19 - 2012-06-24 10:12 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 17:19 - 2012-06-24 10:12 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 17:19 - 2012-06-24 10:12 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 17:19 - 2012-06-24 10:12 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 17:15 - 2012-06-24 10:12 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 17:15 - 2012-06-24 10:12 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 16:19 - 2012-06-24 10:11 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 16:15 - 2012-06-24 10:11 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 12:21 - 2012-06-02 12:21 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-06-02 12:21 - 2012-06-02 12:21 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk 2012-06-02 07:49 - 2012-07-11 23:50 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 07:17 - 2012-07-11 23:50 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 07:12 - 2012-07-11 23:50 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 07:05 - 2012-07-11 23:50 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 07:05 - 2012-07-11 23:50 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 07:04 - 2012-07-11 23:50 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 07:04 - 2012-07-11 23:50 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 07:03 - 2012-07-11 23:50 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 07:01 - 2012-07-11 23:50 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 07:00 - 2012-07-11 23:50 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 06:59 - 2012-07-11 23:50 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 06:57 - 2012-07-11 23:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 06:57 - 2012-07-11 23:50 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 06:54 - 2012-07-11 23:50 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 04:07 - 2012-07-11 23:50 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 03:43 - 2012-07-11 23:50 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 03:33 - 2012-07-11 23:50 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 03:26 - 2012-07-11 23:50 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 03:25 - 2012-07-11 23:50 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 03:25 - 2012-07-11 23:50 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 03:23 - 2012-07-11 23:50 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 03:21 - 2012-07-11 23:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 03:20 - 2012-07-11 23:50 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 03:19 - 2012-07-11 23:50 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 03:19 - 2012-07-11 23:50 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 03:17 - 2012-07-11 23:50 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 03:16 - 2012-07-11 23:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 03:14 - 2012-07-11 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-02 00:50 - 2012-07-11 08:18 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-02 00:48 - 2012-07-11 08:18 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-02 00:48 - 2012-07-11 08:18 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-02 00:45 - 2012-07-11 08:18 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-02 00:44 - 2012-07-11 08:18 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 23:40 - 2012-07-11 08:18 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 23:40 - 2012-07-11 08:18 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 23:39 - 2012-07-11 08:18 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 23:34 - 2012-07-11 08:18 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll ZeroAccess: C:\Users\RMM\AppData\Local\{d3ed6ce9-2bc9-d767-2346-e38c72483d20} C:\Users\RMM\AppData\Local\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\@ C:\Users\RMM\AppData\Local\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\L C:\Users\RMM\AppData\Local\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 9% Total physical RAM: 8156.85 MB Available physical RAM: 7351.02 MB Total Pagefile: 8155 MB Available Pagefile: 7351.45 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:288.85 GB) NTFS 3 Drive e: () (Removable) (Total:0.48 GB) (Free:0.05 GB) FAT 4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.99 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 488 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 14 GB 39 MB Partition 3 Primary 451 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 39 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 F RECOVERY NTFS Partition 14 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 451 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 488 MB 116 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E FAT Removable 488 MB Healthy ================================================================================== Last Boot: 2012-08-07 10:49 ======================= End Of Log ========================== Farbar Recovery Scan Tool Version: 15-08-2012 Ran by SYSTEM at 2012-08-17 02:04:20 Running from E:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======