Jump to content

Recommended Posts

I am working on a friend's system (Windows 7 Home Premium 64) that has Norton Antivirus on it, and the other day he downloaded an "Adobe Update" that turned out to not be an Adobe Update.

I ran Malwarebytes and it identified three issues:

c:\Windows\Installer\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U\00000008.

c:\Windows\Installer\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U\000000cb.

c:\Windows\Installer\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U\80000032.

I finally managed to delete those from a Command Prompt window. Now, Malwarebytes is showing that the system is clean, but Norton is showing that trojan.zeroaccess!inf4 is still alive in the services.exe

I ran Farbar and then ran a services.exe on Farbar as well and am attaching both of those reports.

I don't normally use Windows machines and am consequently even more behind the curve than normal.

Any help is greatly appreciated, thanks.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.17.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

RMM :: RMM-PC [administrator]

Protection: Enabled

8/17/2012 12:12:35 AM

mbam-log-2012-08-17 (00-12-35).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206281

Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool Version: 15-08-2012

Ran by SYSTEM at 17-08-2012 02:00:39

Running from E:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-25] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)

HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-25] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()

HKLM-x32\...\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95496 2009-06-24] (Sensible Vision )

HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [FAStartup] [x]

HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()

HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)

HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-07-16] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-16] (CyberLink Corp.)

HKLM-x32\...\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink)

HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)

HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)

HKU\RMM\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\RMM\...\Run: [skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized [26102056 2010-04-06] (Skype Technologies S.A.)

HKU\RMM\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKLM\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161008 2009-09-17] ()

HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)

HKLM-x32\...\RunOnce: [sTToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-09-17] ()

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]

Lsa: [Notification Packages] scecli

FAPassSync

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\RMM\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\RMM\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2008-01-11] (Microsoft Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)

3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)

2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)

2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [931640 2011-11-07] (Trusteer Ltd.)

2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [271760 2009-04-16] ()

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [1385120 2012-08-10] (Symantec Corporation)

1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120815.002\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.021\ENG64.SYS [120440 2012-08-17] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.021\EX64.SYS [2068600 2012-08-17] (Symantec Corporation)

3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-06] (Ralink Technology Corp.)

1 RapportCerberus_34302; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [397520 2011-12-15] ()

1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2011-11-07] (Trusteer Ltd.)

0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2011-11-07] (Trusteer Ltd.)

1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2011-11-07] (Trusteer Ltd.)

1 SRTSP; C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-23] (Symantec Corporation)

1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2012-04-17] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)

2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-17 01:25 - 2012-08-17 01:26 - 00000000 ____D C:\FRST

2012-08-17 00:07 - 2012-08-17 00:07 - 00003720 ____A C:\{08A08690-5029-4DD2-93BD-219B6FE370E8}

2012-08-17 00:07 - 2012-08-17 00:07 - 00000061 ____A C:\Users\RMM\Application Data\mbam.context.scan

2012-08-17 00:07 - 2012-08-17 00:07 - 00000061 ____A C:\Users\RMM\AppData\Roaming\mbam.context.scan

2012-08-16 23:04 - 2012-08-16 23:05 - 00001207 ____A C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk

2012-08-16 22:12 - 2012-08-16 22:12 - 00003792 ____A C:\{97BD8F1A-6284-481E-BBF0-E3A50C4673B4}

2012-08-16 19:16 - 2012-08-16 19:16 - 00003720 ____A C:\{8FF1BC36-C401-45AF-8BBC-2F3C0617FA76}

2012-08-16 18:28 - 2012-08-16 18:28 - 00003760 ____A C:\{9B7B57C2-6A07-42EF-B7C3-DD56177B78E2}

2012-08-16 17:24 - 2012-08-16 17:24 - 00003760 ____A C:\{38CAEDBB-D3B6-4F27-AA3F-739BAE03DD39}

2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{7FEB4892-BC97-4F0C-A0C0-E61B2AFBAB3D}

2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{657D4874-07E7-41D2-A920-60E2C8BD0E55}

2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\Local Settings\{7FEB4892-BC97-4F0C-A0C0-E61B2AFBAB3D}

2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\Local Settings\{657D4874-07E7-41D2-A920-60E2C8BD0E55}

2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\AppData\Local\{7FEB4892-BC97-4F0C-A0C0-E61B2AFBAB3D}

2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\AppData\Local\{657D4874-07E7-41D2-A920-60E2C8BD0E55}

2012-08-16 17:00 - 2012-08-16 17:00 - 00003792 ____A C:\{1B5ED7CC-C2F5-4D13-8AEA-C43738DBD970}

2012-08-16 16:54 - 2012-08-16 16:54 - 00003760 ____A C:\{AFC8B51A-8808-44EE-A490-57D79F83B654}

2012-08-16 16:43 - 2012-08-16 16:43 - 00003760 ____A C:\{B5E60680-26A6-414B-AC0B-EC147D941ECD}

2012-08-16 16:28 - 2012-08-16 16:28 - 00003792 ____A C:\{924A804A-642C-468C-95A8-057C39B3A191}

2012-08-16 16:26 - 2012-08-16 16:26 - 00003760 ____A C:\{C4877D03-D463-402E-9F66-E1B5EFEEC6AC}

2012-08-16 16:24 - 2012-08-16 16:24 - 00003760 ____A C:\{5E9C62BB-DC5F-44C3-9C31-AD2C4D005624}

2012-08-16 16:23 - 2012-08-16 16:23 - 00003752 ____A C:\{3E430B90-8895-43E4-A52A-6F167DFCE4E4}

2012-08-16 16:21 - 2012-08-16 16:21 - 00003760 ____A C:\{A5974494-044E-432C-A6D1-41279C05C090}

2012-08-16 16:19 - 2012-08-16 16:19 - 00003792 ____A C:\{E1616212-E3A9-488C-ACAC-BCD28FBFD2B6}

2012-08-16 16:17 - 2012-08-16 16:17 - 00003760 ____A C:\{08B1F027-9D8B-40FA-B55D-509484305936}

2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Users\RMM\Application Data\Malwarebytes

2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Users\RMM\AppData\Roaming\Malwarebytes

2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes

2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-16 15:12 - 2012-07-03 14:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-16 15:10 - 2012-08-16 15:11 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\RMM\Downloads\mbam-setup-1.62.0.1300.exe

2012-08-15 16:45 - 2012-08-15 19:00 - 00000476 ____A C:\Windows\Tasks\PC Utility Kit Registration3.job

2012-08-15 16:45 - 2012-08-15 16:45 - 00000000 ____D C:\Users\RMM\Application Data\PC Utility Kit

2012-08-15 16:45 - 2012-08-15 16:45 - 00000000 ____D C:\Users\RMM\Application Data\DriverCure

2012-08-15 16:45 - 2012-08-15 16:45 - 00000000 ____D C:\Users\RMM\AppData\Roaming\PC Utility Kit

2012-08-15 16:45 - 2012-08-15 16:45 - 00000000 ____D C:\Users\RMM\AppData\Roaming\DriverCure

2012-08-15 16:44 - 2012-08-16 17:20 - 00000442 ____A C:\Windows\Tasks\PC Utility Kit Update3.job

2012-08-15 16:44 - 2012-08-16 17:20 - 00000440 ____A C:\Windows\Tasks\PC Utility Kit.job

2012-08-15 16:44 - 2012-08-15 16:44 - 00001234 ____A C:\Users\RMM\Desktop\PC Utility Kit.lnk

2012-08-15 16:44 - 2012-08-15 16:44 - 00000000 ____D C:\Users\All Users\PC Utility Kit

2012-08-15 16:44 - 2012-08-15 16:44 - 00000000 ____D C:\Users\All Users\Application Data\PC Utility Kit

2012-08-15 16:44 - 2012-08-15 16:44 - 00000000 ____D C:\Program Files (x86)\PC Utility Kit

2012-08-15 16:36 - 2012-08-15 16:37 - 04765704 ____A (Red Dog Media, Inc.) C:\Users\RMM\Downloads\PC Utility Kit Installer.exe

2012-08-15 16:34 - 2012-08-15 16:34 - 00003760 ____A C:\{DB641AAF-55E2-42C9-A9ED-757B07662B39}

2012-08-15 16:06 - 2012-08-15 16:06 - 00002114 ____A C:\Users\RMM\Desktop\aswMBR.txt

2012-08-15 16:06 - 2012-08-15 16:06 - 00000512 ____A C:\Users\RMM\Desktop\MBR.dat

2012-08-15 16:02 - 2012-08-15 16:02 - 00000000 __SHD C:\Windows\ftpcache

2012-08-15 16:02 - 2012-08-15 16:02 - 00000000 ____D C:\Windows\Downloaded Installations

2012-08-15 15:47 - 2012-08-15 15:47 - 00003760 ____A C:\{1C072F82-80CD-485B-83D5-52CBA779E41A}

2012-08-15 15:45 - 2012-08-15 15:45 - 00003792 ____A C:\{FC5F50EA-8B5D-455A-893A-FFBF42C2EB25}

2012-08-15 15:38 - 2012-08-15 15:38 - 00003792 ____A C:\{7503E6A2-FC1E-4F37-98DB-F29268D1701A}

2012-08-15 15:37 - 2012-08-15 15:37 - 00003760 ____A C:\{92A78B61-AC8A-4D9B-A314-B5E6CE7F7DA1}

2012-08-15 15:31 - 2012-08-15 15:31 - 00003792 ____A C:\{AD996293-A8AB-481A-B42A-DA33FBD9C63F}

2012-08-15 15:30 - 2012-08-15 15:30 - 00003760 ____A C:\{DC8BE0B0-42F6-457C-85D7-C10A9E9D660F}

2012-08-15 15:16 - 2012-08-15 15:16 - 00000856 ____A C:\Users\RMM\Downloads\Downloads - Shortcut.lnk

2012-08-15 14:24 - 2012-08-15 14:26 - 04731392 ____A (AVAST Software) C:\Users\RMM\Downloads\aswMBR.exe

2012-08-15 14:22 - 2012-08-15 14:22 - 00003792 ____A C:\{5963860B-E195-4BBA-AB90-9B7E7C3671A7}

2012-08-15 13:42 - 2012-08-15 13:42 - 00003720 ____A C:\{4C3147A9-BC32-4899-8D6F-8A047FA0EED5}

2012-08-15 12:38 - 2012-08-15 12:38 - 00003760 ____A C:\{0CF61C86-FE61-4A64-9937-66E5919030E5}

2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{A637E329-1310-49F7-8F38-4569D17FDB61}

2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{9697EFFD-403C-4745-A91D-41600FE071B6}

2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\Local Settings\{A637E329-1310-49F7-8F38-4569D17FDB61}

2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\Local Settings\{9697EFFD-403C-4745-A91D-41600FE071B6}

2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\AppData\Local\{A637E329-1310-49F7-8F38-4569D17FDB61}

2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\AppData\Local\{9697EFFD-403C-4745-A91D-41600FE071B6}

2012-08-14 22:48 - 2012-08-14 22:48 - 00003792 ____A C:\{FB76A57B-1113-452C-B6B9-93F335A15D8F}

2012-08-14 22:28 - 2012-04-17 21:13 - 00043640 ___RA (Symantec Corporation) C:\Windows\System32\Drivers\SymIMV.sys

2012-08-14 22:23 - 2012-08-14 22:23 - 00003720 ____A C:\{B4109F30-66E0-49E2-B6D2-1CC0F13EA7C7}

2012-08-14 22:01 - 2012-08-14 22:01 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-08-14 21:49 - 2012-08-14 21:49 - 00023769 ____A C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta

2012-08-14 21:48 - 2012-08-14 21:48 - 00000057 ____A C:\Users\All Users\Application Data\Ament.ini

2012-08-14 21:48 - 2012-08-14 21:48 - 00000057 ____A C:\Users\All Users\Ament.ini

2012-08-14 21:41 - 2012-08-14 21:42 - 54097776 ____A C:\Users\RMM\Downloads\PSB210_231.exe

2012-08-14 21:24 - 2012-08-14 21:24 - 00003760 ____A C:\{BBD3734D-E889-43B0-A857-B4CC06C8EA78}

2012-08-14 21:18 - 2012-08-14 21:18 - 00003760 ____A C:\{50FA2A9F-E2A9-4322-91ED-E81D59F4FEC5}

2012-08-14 14:31 - 2012-08-14 14:31 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(4).exe

2012-08-14 13:54 - 2012-08-14 13:54 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(3).exe

2012-08-14 13:53 - 2012-08-14 13:53 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(2).exe

2012-08-14 13:35 - 2012-08-14 13:35 - 00003760 ____A C:\{ED9F493B-59B8-417B-A4DA-C0D2B8B3199B}

2012-08-14 13:25 - 2012-08-14 13:25 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr.exe

2012-08-14 13:18 - 2012-08-14 13:18 - 00003792 ____A C:\{FFDB7126-BC32-4C79-B49C-9C3E16D3B044}

2012-08-14 12:13 - 2012-08-14 12:14 - 00003760 ____A C:\{321D1C4C-872E-4658-A7D8-43653EC0844F}

2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{FA1CF1D2-FD66-483E-9FA2-E72BFED0CEF4}

2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{A659029B-D9FD-42A8-BE71-C9081FA369DF}

2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\Local Settings\{FA1CF1D2-FD66-483E-9FA2-E72BFED0CEF4}

2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\Local Settings\{A659029B-D9FD-42A8-BE71-C9081FA369DF}

2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{FA1CF1D2-FD66-483E-9FA2-E72BFED0CEF4}

2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{A659029B-D9FD-42A8-BE71-C9081FA369DF}

2012-08-14 11:12 - 2012-08-16 17:17 - 00000000 ____D C:\Users\RMM\Local Settings\NPE

2012-08-14 11:12 - 2012-08-16 17:17 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\NPE

2012-08-14 11:12 - 2012-08-16 17:17 - 00000000 ____D C:\Users\RMM\AppData\Local\NPE

2012-08-14 11:12 - 2012-08-14 11:12 - 02841104 ____A (Symantec Corporation) C:\Users\RMM\Downloads\NPE.exe

2012-08-14 11:06 - 2012-08-16 19:11 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys

2012-08-14 11:05 - 2012-08-14 11:05 - 01805736 ____A (Symantec Corporation) C:\Users\RMM\Downloads\FixZeroAccess.exe

2012-08-14 00:04 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{05DB830E-2A99-4969-9EA2-7F34FB8D1B3D}

2012-08-14 00:04 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\Local Settings\{05DB830E-2A99-4969-9EA2-7F34FB8D1B3D}

2012-08-14 00:04 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\AppData\Local\{05DB830E-2A99-4969-9EA2-7F34FB8D1B3D}

2012-08-13 08:45 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{B9F73F73-B830-472A-B73C-16EFB047B9C7}

2012-08-13 08:45 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\Local Settings\{B9F73F73-B830-472A-B73C-16EFB047B9C7}

2012-08-13 08:45 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\AppData\Local\{B9F73F73-B830-472A-B73C-16EFB047B9C7}

2012-08-13 08:45 - 2012-08-13 08:45 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{89A2C94F-4866-4CC8-934D-0F92B4B76518}

2012-08-13 08:45 - 2012-08-13 08:45 - 00000000 ____D C:\Users\RMM\Local Settings\{89A2C94F-4866-4CC8-934D-0F92B4B76518}

2012-08-13 08:45 - 2012-08-13 08:45 - 00000000 ____D C:\Users\RMM\AppData\Local\{89A2C94F-4866-4CC8-934D-0F92B4B76518}

2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F6F60CF3-E7B5-4460-BA5E-7C50E4880127}

2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{99FFF4B5-2A37-4FEF-9202-3C2078AB6309}

2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\Local Settings\{F6F60CF3-E7B5-4460-BA5E-7C50E4880127}

2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\Local Settings\{99FFF4B5-2A37-4FEF-9202-3C2078AB6309}

2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\AppData\Local\{F6F60CF3-E7B5-4460-BA5E-7C50E4880127}

2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\AppData\Local\{99FFF4B5-2A37-4FEF-9202-3C2078AB6309}

2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F0328180-0ECD-4A21-A37C-FF946F2765EE}

2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{09554217-218F-4D25-90E4-4F81B6C0DDD5}

2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\Local Settings\{F0328180-0ECD-4A21-A37C-FF946F2765EE}

2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\Local Settings\{09554217-218F-4D25-90E4-4F81B6C0DDD5}

2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\AppData\Local\{F0328180-0ECD-4A21-A37C-FF946F2765EE}

2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\AppData\Local\{09554217-218F-4D25-90E4-4F81B6C0DDD5}

2012-08-11 17:52 - 2012-08-11 17:52 - 00000000 ___HD C:\Windows\AxInstSV

2012-08-11 11:14 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{837D1F1C-3597-41B3-A30C-07A708DAF902}

2012-08-11 11:14 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\Local Settings\{837D1F1C-3597-41B3-A30C-07A708DAF902}

2012-08-11 11:14 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\AppData\Local\{837D1F1C-3597-41B3-A30C-07A708DAF902}

2012-08-11 11:13 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F882A269-9FDD-4815-A2D6-E83B1E8D84C1}

2012-08-11 11:13 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\Local Settings\{F882A269-9FDD-4815-A2D6-E83B1E8D84C1}

2012-08-11 11:13 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\AppData\Local\{F882A269-9FDD-4815-A2D6-E83B1E8D84C1}

2012-08-10 23:13 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{119B9C3A-093C-47A5-B24A-5DE1FAD9E1E4}

2012-08-10 23:13 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\Local Settings\{119B9C3A-093C-47A5-B24A-5DE1FAD9E1E4}

2012-08-10 23:13 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\AppData\Local\{119B9C3A-093C-47A5-B24A-5DE1FAD9E1E4}

2012-08-10 09:22 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{AC115FEE-ED27-4B62-A56E-9F59D7DCDA12}

2012-08-10 09:22 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\Local Settings\{AC115FEE-ED27-4B62-A56E-9F59D7DCDA12}

2012-08-10 09:22 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\AppData\Local\{AC115FEE-ED27-4B62-A56E-9F59D7DCDA12}

2012-08-10 09:22 - 2012-08-10 09:23 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{E9C68CDF-6D2F-4D7F-A845-31C93F6BBEB1}

2012-08-10 09:22 - 2012-08-10 09:23 - 00000000 ____D C:\Users\RMM\Local Settings\{E9C68CDF-6D2F-4D7F-A845-31C93F6BBEB1}

2012-08-10 09:22 - 2012-08-10 09:23 - 00000000 ____D C:\Users\RMM\AppData\Local\{E9C68CDF-6D2F-4D7F-A845-31C93F6BBEB1}

2012-08-09 21:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{3E5898FE-CC5A-4AB8-91CB-D510FC7394D1}

2012-08-09 21:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\Local Settings\{3E5898FE-CC5A-4AB8-91CB-D510FC7394D1}

2012-08-09 21:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\AppData\Local\{3E5898FE-CC5A-4AB8-91CB-D510FC7394D1}

2012-08-09 09:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D9885B25-37DF-49CD-83DF-FBCECD18C2FB}

2012-08-09 09:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\Local Settings\{D9885B25-37DF-49CD-83DF-FBCECD18C2FB}

2012-08-09 09:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\AppData\Local\{D9885B25-37DF-49CD-83DF-FBCECD18C2FB}

2012-08-09 09:18 - 2012-08-09 09:18 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{991CF80A-6D78-4746-9592-18C07DE0D60F}

2012-08-09 09:18 - 2012-08-09 09:18 - 00000000 ____D C:\Users\RMM\Local Settings\{991CF80A-6D78-4746-9592-18C07DE0D60F}

2012-08-09 09:18 - 2012-08-09 09:18 - 00000000 ____D C:\Users\RMM\AppData\Local\{991CF80A-6D78-4746-9592-18C07DE0D60F}

2012-08-08 12:27 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{675CBA03-E7C3-41B3-9C13-0F40A5586FFF}

2012-08-08 12:27 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\Local Settings\{675CBA03-E7C3-41B3-9C13-0F40A5586FFF}

2012-08-08 12:27 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\AppData\Local\{675CBA03-E7C3-41B3-9C13-0F40A5586FFF}

2012-08-08 12:26 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F60F0D4B-06AF-4DEF-8B75-8D53D5F92673}

2012-08-08 12:26 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\Local Settings\{F60F0D4B-06AF-4DEF-8B75-8D53D5F92673}

2012-08-08 12:26 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\AppData\Local\{F60F0D4B-06AF-4DEF-8B75-8D53D5F92673}

2012-08-08 00:26 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D67EA215-9F25-4610-9A89-FA536602AF56}

2012-08-08 00:26 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\Local Settings\{D67EA215-9F25-4610-9A89-FA536602AF56}

2012-08-08 00:26 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\AppData\Local\{D67EA215-9F25-4610-9A89-FA536602AF56}

2012-08-07 12:25 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{76CB3C6B-97C6-4AF3-AA21-3965DBB2B1F3}

2012-08-07 12:25 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\Local Settings\{76CB3C6B-97C6-4AF3-AA21-3965DBB2B1F3}

2012-08-07 12:25 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\AppData\Local\{76CB3C6B-97C6-4AF3-AA21-3965DBB2B1F3}

2012-08-07 12:25 - 2012-08-07 12:26 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{2B39B171-CE07-41FD-BBE6-2BF2DBF389FD}

2012-08-07 12:25 - 2012-08-07 12:26 - 00000000 ____D C:\Users\RMM\Local Settings\{2B39B171-CE07-41FD-BBE6-2BF2DBF389FD}

2012-08-07 12:25 - 2012-08-07 12:26 - 00000000 ____D C:\Users\RMM\AppData\Local\{2B39B171-CE07-41FD-BBE6-2BF2DBF389FD}

2012-08-07 00:25 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{593B54A5-82EA-44D3-BA96-2CC0017D55EF}

2012-08-07 00:25 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\Local Settings\{593B54A5-82EA-44D3-BA96-2CC0017D55EF}

2012-08-07 00:25 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\AppData\Local\{593B54A5-82EA-44D3-BA96-2CC0017D55EF}

2012-08-06 12:24 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{91D3D61E-800A-495E-B315-62E7D04D5377}

2012-08-06 12:24 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\Local Settings\{91D3D61E-800A-495E-B315-62E7D04D5377}

2012-08-06 12:24 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\AppData\Local\{91D3D61E-800A-495E-B315-62E7D04D5377}

2012-08-06 12:24 - 2012-08-06 12:24 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{5633E9FE-3E8D-4D58-BDA8-9DC77EF82D3E}

2012-08-06 12:24 - 2012-08-06 12:24 - 00000000 ____D C:\Users\RMM\Local Settings\{5633E9FE-3E8D-4D58-BDA8-9DC77EF82D3E}

2012-08-06 12:24 - 2012-08-06 12:24 - 00000000 ____D C:\Users\RMM\AppData\Local\{5633E9FE-3E8D-4D58-BDA8-9DC77EF82D3E}

2012-08-06 00:24 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{FDB91CF9-3094-46E1-B264-FB81B1B93C0E}

2012-08-06 00:24 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\Local Settings\{FDB91CF9-3094-46E1-B264-FB81B1B93C0E}

2012-08-06 00:24 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\AppData\Local\{FDB91CF9-3094-46E1-B264-FB81B1B93C0E}

2012-08-06 00:23 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{3F0D996E-6247-4B0F-B818-3999076A925D}

2012-08-06 00:23 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\Local Settings\{3F0D996E-6247-4B0F-B818-3999076A925D}

2012-08-06 00:23 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\AppData\Local\{3F0D996E-6247-4B0F-B818-3999076A925D}

2012-08-05 09:40 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{1D300A15-51E3-4990-BE39-C0CE1BD5EBC7}

2012-08-05 09:40 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\Local Settings\{1D300A15-51E3-4990-BE39-C0CE1BD5EBC7}

2012-08-05 09:40 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\AppData\Local\{1D300A15-51E3-4990-BE39-C0CE1BD5EBC7}

2012-08-05 09:39 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{8474DDF2-EAD0-459C-B40F-B8277E36432B}

2012-08-05 09:39 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\Local Settings\{8474DDF2-EAD0-459C-B40F-B8277E36432B}

2012-08-05 09:39 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\AppData\Local\{8474DDF2-EAD0-459C-B40F-B8277E36432B}

2012-08-04 12:47 - 2012-08-04 12:48 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{463D5658-B30B-42B3-8E5D-2030832BC0E8}

2012-08-04 12:47 - 2012-08-04 12:48 - 00000000 ____D C:\Users\RMM\Local Settings\{463D5658-B30B-42B3-8E5D-2030832BC0E8}

2012-08-04 12:47 - 2012-08-04 12:48 - 00000000 ____D C:\Users\RMM\AppData\Local\{463D5658-B30B-42B3-8E5D-2030832BC0E8}

2012-08-04 12:47 - 2012-08-04 12:47 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{28F7CEF4-E731-479D-AF05-59F0ED2C2787}

2012-08-04 12:47 - 2012-08-04 12:47 - 00000000 ____D C:\Users\RMM\Local Settings\{28F7CEF4-E731-479D-AF05-59F0ED2C2787}

2012-08-04 12:47 - 2012-08-04 12:47 - 00000000 ____D C:\Users\RMM\AppData\Local\{28F7CEF4-E731-479D-AF05-59F0ED2C2787}

2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F8A91784-BA0E-48A2-B46E-0CC2988CC242}

2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{DB4EA400-5C5B-4B32-B397-8DE70B21C33B}

2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\Local Settings\{F8A91784-BA0E-48A2-B46E-0CC2988CC242}

2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\Local Settings\{DB4EA400-5C5B-4B32-B397-8DE70B21C33B}

2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\AppData\Local\{F8A91784-BA0E-48A2-B46E-0CC2988CC242}

2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\AppData\Local\{DB4EA400-5C5B-4B32-B397-8DE70B21C33B}

2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{6B057843-2ACA-4A9A-AE30-4DBC774971C2}

2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{52D300EF-52F5-4D3B-859E-2C4631FDD93D}

2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\Local Settings\{6B057843-2ACA-4A9A-AE30-4DBC774971C2}

2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\Local Settings\{52D300EF-52F5-4D3B-859E-2C4631FDD93D}

2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\AppData\Local\{6B057843-2ACA-4A9A-AE30-4DBC774971C2}

2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\AppData\Local\{52D300EF-52F5-4D3B-859E-2C4631FDD93D}

2012-08-03 00:15 - 2012-08-03 00:16 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{4DA5AD36-5D87-47B2-BBAC-E4000FCA7BFC}

2012-08-03 00:15 - 2012-08-03 00:16 - 00000000 ____D C:\Users\RMM\Local Settings\{4DA5AD36-5D87-47B2-BBAC-E4000FCA7BFC}

2012-08-03 00:15 - 2012-08-03 00:16 - 00000000 ____D C:\Users\RMM\AppData\Local\{4DA5AD36-5D87-47B2-BBAC-E4000FCA7BFC}

2012-08-02 08:46 - 2012-08-03 00:15 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{34FFEAFE-29B4-40E4-9A72-DFCAFFA9C2E3}

2012-08-02 08:46 - 2012-08-03 00:15 - 00000000 ____D C:\Users\RMM\Local Settings\{34FFEAFE-29B4-40E4-9A72-DFCAFFA9C2E3}

2012-08-02 08:46 - 2012-08-03 00:15 - 00000000 ____D C:\Users\RMM\AppData\Local\{34FFEAFE-29B4-40E4-9A72-DFCAFFA9C2E3}

2012-08-02 08:46 - 2012-08-02 08:46 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{0940972B-E206-43CC-AC82-2E09491CA6FA}

2012-08-02 08:46 - 2012-08-02 08:46 - 00000000 ____D C:\Users\RMM\Local Settings\{0940972B-E206-43CC-AC82-2E09491CA6FA}

2012-08-02 08:46 - 2012-08-02 08:46 - 00000000 ____D C:\Users\RMM\AppData\Local\{0940972B-E206-43CC-AC82-2E09491CA6FA}

2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{96EC2E17-4384-46FE-ACE0-FC5842A59C14}

2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{60117C8A-9AD0-4919-B211-476FC6083680}

2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\Local Settings\{96EC2E17-4384-46FE-ACE0-FC5842A59C14}

2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\Local Settings\{60117C8A-9AD0-4919-B211-476FC6083680}

2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\AppData\Local\{96EC2E17-4384-46FE-ACE0-FC5842A59C14}

2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\AppData\Local\{60117C8A-9AD0-4919-B211-476FC6083680}

2012-08-01 00:01 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{3F0F3C9E-6870-4426-B90A-0A1BA1346D86}

2012-08-01 00:01 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\Local Settings\{3F0F3C9E-6870-4426-B90A-0A1BA1346D86}

2012-08-01 00:01 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\AppData\Local\{3F0F3C9E-6870-4426-B90A-0A1BA1346D86}

2012-07-31 10:32 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{B09D69B9-F64B-4E78-8659-C1535B5327E0}

2012-07-31 10:32 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\Local Settings\{B09D69B9-F64B-4E78-8659-C1535B5327E0}

2012-07-31 10:32 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\AppData\Local\{B09D69B9-F64B-4E78-8659-C1535B5327E0}

2012-07-31 10:32 - 2012-07-31 10:32 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{79207371-F4B0-42D6-90A6-6792E2B2D1F1}

2012-07-31 10:32 - 2012-07-31 10:32 - 00000000 ____D C:\Users\RMM\Local Settings\{79207371-F4B0-42D6-90A6-6792E2B2D1F1}

2012-07-31 10:32 - 2012-07-31 10:32 - 00000000 ____D C:\Users\RMM\AppData\Local\{79207371-F4B0-42D6-90A6-6792E2B2D1F1}

2012-07-30 22:31 - 2012-07-30 22:32 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{13967209-734A-46EE-8378-F75FC02BFEFB}

2012-07-30 22:31 - 2012-07-30 22:32 - 00000000 ____D C:\Users\RMM\Local Settings\{13967209-734A-46EE-8378-F75FC02BFEFB}

2012-07-30 22:31 - 2012-07-30 22:32 - 00000000 ____D C:\Users\RMM\AppData\Local\{13967209-734A-46EE-8378-F75FC02BFEFB}

2012-07-30 10:31 - 2012-07-30 22:31 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{A9B999A4-00BA-4D85-B94B-D4A4ADC08EF8}

2012-07-30 10:31 - 2012-07-30 22:31 - 00000000 ____D C:\Users\RMM\Local Settings\{A9B999A4-00BA-4D85-B94B-D4A4ADC08EF8}

2012-07-30 10:31 - 2012-07-30 22:31 - 00000000 ____D C:\Users\RMM\AppData\Local\{A9B999A4-00BA-4D85-B94B-D4A4ADC08EF8}

2012-07-30 10:31 - 2012-07-30 10:31 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{7D5DD3AC-B5EE-4962-86EA-D98BB26D8C2C}

2012-07-30 10:31 - 2012-07-30 10:31 - 00000000 ____D C:\Users\RMM\Local Settings\{7D5DD3AC-B5EE-4962-86EA-D98BB26D8C2C}

2012-07-30 10:31 - 2012-07-30 10:31 - 00000000 ____D C:\Users\RMM\AppData\Local\{7D5DD3AC-B5EE-4962-86EA-D98BB26D8C2C}

2012-07-29 22:30 - 2012-07-29 22:31 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{ED4CD015-95E9-4D1E-A1A9-15375DD5EFEB}

2012-07-29 22:30 - 2012-07-29 22:31 - 00000000 ____D C:\Users\RMM\Local Settings\{ED4CD015-95E9-4D1E-A1A9-15375DD5EFEB}

2012-07-29 22:30 - 2012-07-29 22:31 - 00000000 ____D C:\Users\RMM\AppData\Local\{ED4CD015-95E9-4D1E-A1A9-15375DD5EFEB}

2012-07-29 10:30 - 2012-07-29 22:30 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{0624BC34-907A-4F4B-9306-AE9A37580D04}

2012-07-29 10:30 - 2012-07-29 22:30 - 00000000 ____D C:\Users\RMM\Local Settings\{0624BC34-907A-4F4B-9306-AE9A37580D04}

2012-07-29 10:30 - 2012-07-29 22:30 - 00000000 ____D C:\Users\RMM\AppData\Local\{0624BC34-907A-4F4B-9306-AE9A37580D04}

2012-07-29 10:30 - 2012-07-29 10:30 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{39D7EA90-31E8-43F4-BB89-04EB06D8A4E3}

2012-07-29 10:30 - 2012-07-29 10:30 - 00000000 ____D C:\Users\RMM\Local Settings\{39D7EA90-31E8-43F4-BB89-04EB06D8A4E3}

2012-07-29 10:30 - 2012-07-29 10:30 - 00000000 ____D C:\Users\RMM\AppData\Local\{39D7EA90-31E8-43F4-BB89-04EB06D8A4E3}

2012-07-28 22:29 - 2012-07-28 22:30 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{6C4A065D-3118-420D-A326-6D4D1BAAD61F}

2012-07-28 22:29 - 2012-07-28 22:30 - 00000000 ____D C:\Users\RMM\Local Settings\{6C4A065D-3118-420D-A326-6D4D1BAAD61F}

2012-07-28 22:29 - 2012-07-28 22:30 - 00000000 ____D C:\Users\RMM\AppData\Local\{6C4A065D-3118-420D-A326-6D4D1BAAD61F}

2012-07-28 22:29 - 2012-07-28 22:29 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{3CC97B82-DAEF-4309-A3AF-A9EB65D84CA1}

2012-07-28 22:29 - 2012-07-28 22:29 - 00000000 ____D C:\Users\RMM\Local Settings\{3CC97B82-DAEF-4309-A3AF-A9EB65D84CA1}

2012-07-28 22:29 - 2012-07-28 22:29 - 00000000 ____D C:\Users\RMM\AppData\Local\{3CC97B82-DAEF-4309-A3AF-A9EB65D84CA1}

2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{EBE28A12-BD75-447B-B9ED-220B04132C69}

2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{51DDDA2E-2F45-467B-AA5E-9C06AF4E78B8}

2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\Local Settings\{EBE28A12-BD75-447B-B9ED-220B04132C69}

2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\Local Settings\{51DDDA2E-2F45-467B-AA5E-9C06AF4E78B8}

2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\AppData\Local\{EBE28A12-BD75-447B-B9ED-220B04132C69}

2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\AppData\Local\{51DDDA2E-2F45-467B-AA5E-9C06AF4E78B8}

2012-07-27 12:51 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{4E0A70B0-5A67-418D-83BA-C1DE9DCAA350}

2012-07-27 12:51 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\Local Settings\{4E0A70B0-5A67-418D-83BA-C1DE9DCAA350}

2012-07-27 12:51 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\AppData\Local\{4E0A70B0-5A67-418D-83BA-C1DE9DCAA350}

2012-07-27 12:50 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{4751DAAB-8D45-4430-A540-0FF564C9799E}

2012-07-27 12:50 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\Local Settings\{4751DAAB-8D45-4430-A540-0FF564C9799E}

2012-07-27 12:50 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\AppData\Local\{4751DAAB-8D45-4430-A540-0FF564C9799E}

2012-07-27 00:50 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{591F3CE8-744D-43AC-8040-1E1887FDA0C5}

2012-07-27 00:50 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\Local Settings\{591F3CE8-744D-43AC-8040-1E1887FDA0C5}

2012-07-27 00:50 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\AppData\Local\{591F3CE8-744D-43AC-8040-1E1887FDA0C5}

2012-07-26 11:06 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{BE44E587-A7D0-4EE8-A3DD-18F05C6CAA05}

2012-07-26 11:06 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\Local Settings\{BE44E587-A7D0-4EE8-A3DD-18F05C6CAA05}

2012-07-26 11:06 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\AppData\Local\{BE44E587-A7D0-4EE8-A3DD-18F05C6CAA05}

2012-07-26 11:06 - 2012-07-26 11:06 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{1ED25BEE-AFF3-4E48-979D-C3F71CD01F48}

2012-07-26 11:06 - 2012-07-26 11:06 - 00000000 ____D C:\Users\RMM\Local Settings\{1ED25BEE-AFF3-4E48-979D-C3F71CD01F48}

2012-07-26 11:06 - 2012-07-26 11:06 - 00000000 ____D C:\Users\RMM\AppData\Local\{1ED25BEE-AFF3-4E48-979D-C3F71CD01F48}

2012-07-25 23:05 - 2012-07-25 23:06 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{5D92EC0E-D32E-4FD5-B387-4455B75B147A}

2012-07-25 23:05 - 2012-07-25 23:06 - 00000000 ____D C:\Users\RMM\Local Settings\{5D92EC0E-D32E-4FD5-B387-4455B75B147A}

2012-07-25 23:05 - 2012-07-25 23:06 - 00000000 ____D C:\Users\RMM\AppData\Local\{5D92EC0E-D32E-4FD5-B387-4455B75B147A}

2012-07-25 11:05 - 2012-07-25 23:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{25947CF4-129E-4F04-8B7B-F5C6C1F1D290}

2012-07-25 11:05 - 2012-07-25 23:05 - 00000000 ____D C:\Users\RMM\Local Settings\{25947CF4-129E-4F04-8B7B-F5C6C1F1D290}

2012-07-25 11:05 - 2012-07-25 23:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{25947CF4-129E-4F04-8B7B-F5C6C1F1D290}

2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{5F3E208D-29BA-494D-9D4E-A4CDF749AC63}

2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\RMM\Local Settings\{5F3E208D-29BA-494D-9D4E-A4CDF749AC63}

2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{5F3E208D-29BA-494D-9D4E-A4CDF749AC63}

2012-07-24 23:04 - 2012-07-24 23:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{2A306726-00D0-455E-9D20-0F7384B484BB}

2012-07-24 23:04 - 2012-07-24 23:05 - 00000000 ____D C:\Users\RMM\Local Settings\{2A306726-00D0-455E-9D20-0F7384B484BB}

2012-07-24 23:04 - 2012-07-24 23:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{2A306726-00D0-455E-9D20-0F7384B484BB}

2012-07-24 11:04 - 2012-07-24 23:04 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D05B55E7-7005-47F3-9105-570DAD623928}

2012-07-24 11:04 - 2012-07-24 23:04 - 00000000 ____D C:\Users\RMM\Local Settings\{D05B55E7-7005-47F3-9105-570DAD623928}

2012-07-24 11:04 - 2012-07-24 23:04 - 00000000 ____D C:\Users\RMM\AppData\Local\{D05B55E7-7005-47F3-9105-570DAD623928}

2012-07-24 11:04 - 2012-07-24 11:04 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{AE4DEE3D-2C59-4223-B77C-E57733C55994}

2012-07-24 11:04 - 2012-07-24 11:04 - 00000000 ____D C:\Users\RMM\Local Settings\{AE4DEE3D-2C59-4223-B77C-E57733C55994}

2012-07-24 11:04 - 2012-07-24 11:04 - 00000000 ____D C:\Users\RMM\AppData\Local\{AE4DEE3D-2C59-4223-B77C-E57733C55994}

2012-07-23 23:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{C80711FD-DE96-4198-A832-25BBA3E7E453}

2012-07-23 23:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\Local Settings\{C80711FD-DE96-4198-A832-25BBA3E7E453}

2012-07-23 23:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\AppData\Local\{C80711FD-DE96-4198-A832-25BBA3E7E453}

2012-07-23 11:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{85C1CAEF-D585-4298-AFEA-069813DCACC3}

2012-07-23 11:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\Local Settings\{85C1CAEF-D585-4298-AFEA-069813DCACC3}

2012-07-23 11:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\AppData\Local\{85C1CAEF-D585-4298-AFEA-069813DCACC3}

2012-07-23 11:03 - 2012-07-23 11:03 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{90DDC845-624E-46D5-BDAD-177F007D6CB0}

2012-07-23 11:03 - 2012-07-23 11:03 - 00000000 ____D C:\Users\RMM\Local Settings\{90DDC845-624E-46D5-BDAD-177F007D6CB0}

2012-07-23 11:03 - 2012-07-23 11:03 - 00000000 ____D C:\Users\RMM\AppData\Local\{90DDC845-624E-46D5-BDAD-177F007D6CB0}

2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{AD726F8B-2977-400D-AFA0-7F836174ADE3}

2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{4D60AC6A-E8BF-43CE-B354-0E0063DB2E4B}

2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\Local Settings\{AD726F8B-2977-400D-AFA0-7F836174ADE3}

2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\Local Settings\{4D60AC6A-E8BF-43CE-B354-0E0063DB2E4B}

2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\AppData\Local\{AD726F8B-2977-400D-AFA0-7F836174ADE3}

2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\AppData\Local\{4D60AC6A-E8BF-43CE-B354-0E0063DB2E4B}

2012-07-22 00:41 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D0650365-2E00-44B3-AD69-30377163F88E}

2012-07-22 00:41 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\Local Settings\{D0650365-2E00-44B3-AD69-30377163F88E}

2012-07-22 00:41 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{D0650365-2E00-44B3-AD69-30377163F88E}

2012-07-21 12:28 - 2012-07-21 12:28 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{9E895D5D-E94D-4142-A96E-81BEC88D8855}

2012-07-21 12:28 - 2012-07-21 12:28 - 00000000 ____D C:\Users\RMM\Local Settings\{9E895D5D-E94D-4142-A96E-81BEC88D8855}

2012-07-21 12:28 - 2012-07-21 12:28 - 00000000 ____D C:\Users\RMM\AppData\Local\{9E895D5D-E94D-4142-A96E-81BEC88D8855}

2012-07-21 12:27 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{E91597F3-A23C-4C69-BE16-D90E8E18F004}

2012-07-21 12:27 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\Local Settings\{E91597F3-A23C-4C69-BE16-D90E8E18F004}

2012-07-21 12:27 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{E91597F3-A23C-4C69-BE16-D90E8E18F004}

2012-07-21 00:27 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D7FBD547-B5C2-43D3-A7B2-150F850E7613}

2012-07-21 00:27 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\Local Settings\{D7FBD547-B5C2-43D3-A7B2-150F850E7613}

2012-07-21 00:27 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\AppData\Local\{D7FBD547-B5C2-43D3-A7B2-150F850E7613}

2012-07-20 11:42 - 2012-07-20 11:42 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{1A8A2434-B52F-4DB0-8A4B-C33792EA35B8}

2012-07-20 11:42 - 2012-07-20 11:42 - 00000000 ____D C:\Users\RMM\Local Settings\{1A8A2434-B52F-4DB0-8A4B-C33792EA35B8}

2012-07-20 11:42 - 2012-07-20 11:42 - 00000000 ____D C:\Users\RMM\AppData\Local\{1A8A2434-B52F-4DB0-8A4B-C33792EA35B8}

2012-07-20 11:41 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{30D51098-FAEF-41A3-895A-0921E9930B45}

2012-07-20 11:41 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\Local Settings\{30D51098-FAEF-41A3-895A-0921E9930B45}

2012-07-20 11:41 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\AppData\Local\{30D51098-FAEF-41A3-895A-0921E9930B45}

2012-07-19 23:41 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{2567E23A-9109-460A-91A1-C21D453DB40E}

2012-07-19 23:41 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\Local Settings\{2567E23A-9109-460A-91A1-C21D453DB40E}

2012-07-19 23:41 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{2567E23A-9109-460A-91A1-C21D453DB40E}

2012-07-19 15:52 - 2012-07-19 15:52 - 20275048 ____A (Microsoft Corporation) C:\Users\RMM\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE

2012-07-19 11:40 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{C80B05FD-6D1C-46BC-88E0-993C381DBE66}

2012-07-19 11:40 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\Local Settings\{C80B05FD-6D1C-46BC-88E0-993C381DBE66}

2012-07-19 11:40 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{C80B05FD-6D1C-46BC-88E0-993C381DBE66}

2012-07-19 11:40 - 2012-07-19 11:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F1C5AD37-A60D-457E-9A80-8311F8600FA3}

2012-07-19 11:40 - 2012-07-19 11:41 - 00000000 ____D C:\Users\RMM\Local Settings\{F1C5AD37-A60D-457E-9A80-8311F8600FA3}

2012-07-19 11:40 - 2012-07-19 11:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{F1C5AD37-A60D-457E-9A80-8311F8600FA3}

2012-07-18 22:48 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{E47E6D1D-AA7C-4B94-A734-4F4B901F5DA5}

2012-07-18 22:48 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\Local Settings\{E47E6D1D-AA7C-4B94-A734-4F4B901F5DA5}

2012-07-18 22:48 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\AppData\Local\{E47E6D1D-AA7C-4B94-A734-4F4B901F5DA5}

2012-07-18 10:47 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{777675C5-D0CC-4E85-83B8-ECC74E85B907}

2012-07-18 10:47 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\Local Settings\{777675C5-D0CC-4E85-83B8-ECC74E85B907}

2012-07-18 10:47 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\AppData\Local\{777675C5-D0CC-4E85-83B8-ECC74E85B907}

2012-07-18 10:47 - 2012-07-18 10:47 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{B0B58347-A620-4A51-82DA-70C8A9122907}

2012-07-18 10:47 - 2012-07-18 10:47 - 00000000 ____D C:\Users\RMM\Local Settings\{B0B58347-A620-4A51-82DA-70C8A9122907}

2012-07-18 10:47 - 2012-07-18 10:47 - 00000000 ____D C:\Users\RMM\AppData\Local\{B0B58347-A620-4A51-82DA-70C8A9122907}

============ 3 Months Modified Files ========================

2012-08-17 01:56 - 2009-07-13 23:51 - 00253218 ____A C:\Windows\setupact.log

2012-08-17 01:53 - 2010-01-26 05:29 - 00000073 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log

2012-08-17 01:52 - 2010-02-27 23:06 - 00058288 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll

2012-08-17 01:52 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-17 01:42 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-17 01:42 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-17 01:38 - 2009-07-14 00:13 - 00803420 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-17 01:18 - 2012-05-08 09:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-17 00:07 - 2012-08-17 00:07 - 00003720 ____A C:\{08A08690-5029-4DD2-93BD-219B6FE370E8}

2012-08-17 00:07 - 2012-08-17 00:07 - 00000061 ____A C:\Users\RMM\Application Data\mbam.context.scan

2012-08-17 00:07 - 2012-08-17 00:07 - 00000061 ____A C:\Users\RMM\AppData\Roaming\mbam.context.scan

2012-08-17 00:02 - 2010-01-26 06:44 - 00499516 ____A C:\Windows\PFRO.log

2012-08-16 23:05 - 2012-08-16 23:04 - 00001207 ____A C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk

2012-08-16 22:12 - 2012-08-16 22:12 - 00003792 ____A C:\{97BD8F1A-6284-481E-BBF0-E3A50C4673B4}

2012-08-16 19:16 - 2012-08-16 19:16 - 00003720 ____A C:\{8FF1BC36-C401-45AF-8BBC-2F3C0617FA76}

2012-08-16 19:11 - 2012-08-14 11:06 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys

2012-08-16 18:28 - 2012-08-16 18:28 - 00003760 ____A C:\{9B7B57C2-6A07-42EF-B7C3-DD56177B78E2}

2012-08-16 17:24 - 2012-08-16 17:24 - 00003760 ____A C:\{38CAEDBB-D3B6-4F27-AA3F-739BAE03DD39}

2012-08-16 17:20 - 2012-08-15 16:44 - 00000442 ____A C:\Windows\Tasks\PC Utility Kit Update3.job

2012-08-16 17:20 - 2012-08-15 16:44 - 00000440 ____A C:\Windows\Tasks\PC Utility Kit.job

2012-08-16 17:00 - 2012-08-16 17:00 - 00003792 ____A C:\{1B5ED7CC-C2F5-4D13-8AEA-C43738DBD970}

2012-08-16 16:54 - 2012-08-16 16:54 - 00003760 ____A C:\{AFC8B51A-8808-44EE-A490-57D79F83B654}

2012-08-16 16:43 - 2012-08-16 16:43 - 00003760 ____A C:\{B5E60680-26A6-414B-AC0B-EC147D941ECD}

2012-08-16 16:28 - 2012-08-16 16:28 - 00003792 ____A C:\{924A804A-642C-468C-95A8-057C39B3A191}

2012-08-16 16:26 - 2012-08-16 16:26 - 00003760 ____A C:\{C4877D03-D463-402E-9F66-E1B5EFEEC6AC}

2012-08-16 16:24 - 2012-08-16 16:24 - 00003760 ____A C:\{5E9C62BB-DC5F-44C3-9C31-AD2C4D005624}

2012-08-16 16:23 - 2012-08-16 16:23 - 00003752 ____A C:\{3E430B90-8895-43E4-A52A-6F167DFCE4E4}

2012-08-16 16:21 - 2012-08-16 16:21 - 00003760 ____A C:\{A5974494-044E-432C-A6D1-41279C05C090}

2012-08-16 16:19 - 2012-08-16 16:19 - 00003792 ____A C:\{E1616212-E3A9-488C-ACAC-BCD28FBFD2B6}

2012-08-16 16:17 - 2012-08-16 16:17 - 00003760 ____A C:\{08B1F027-9D8B-40FA-B55D-509484305936}

2012-08-16 15:11 - 2012-08-16 15:10 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\RMM\Downloads\mbam-setup-1.62.0.1300.exe

2012-08-15 19:00 - 2012-08-15 16:45 - 00000476 ____A C:\Windows\Tasks\PC Utility Kit Registration3.job

2012-08-15 16:44 - 2012-08-15 16:44 - 00001234 ____A C:\Users\RMM\Desktop\PC Utility Kit.lnk

2012-08-15 16:37 - 2012-08-15 16:36 - 04765704 ____A (Red Dog Media, Inc.) C:\Users\RMM\Downloads\PC Utility Kit Installer.exe

2012-08-15 16:34 - 2012-08-15 16:34 - 00003760 ____A C:\{DB641AAF-55E2-42C9-A9ED-757B07662B39}

2012-08-15 16:06 - 2012-08-15 16:06 - 00002114 ____A C:\Users\RMM\Desktop\aswMBR.txt

2012-08-15 16:06 - 2012-08-15 16:06 - 00000512 ____A C:\Users\RMM\Desktop\MBR.dat

2012-08-15 15:47 - 2012-08-15 15:47 - 00003760 ____A C:\{1C072F82-80CD-485B-83D5-52CBA779E41A}

2012-08-15 15:45 - 2012-08-15 15:45 - 00003792 ____A C:\{FC5F50EA-8B5D-455A-893A-FFBF42C2EB25}

2012-08-15 15:38 - 2012-08-15 15:38 - 00003792 ____A C:\{7503E6A2-FC1E-4F37-98DB-F29268D1701A}

2012-08-15 15:37 - 2012-08-15 15:37 - 00003760 ____A C:\{92A78B61-AC8A-4D9B-A314-B5E6CE7F7DA1}

2012-08-15 15:31 - 2012-08-15 15:31 - 00003792 ____A C:\{AD996293-A8AB-481A-B42A-DA33FBD9C63F}

2012-08-15 15:30 - 2012-08-15 15:30 - 00003760 ____A C:\{DC8BE0B0-42F6-457C-85D7-C10A9E9D660F}

2012-08-15 15:16 - 2012-08-15 15:16 - 00000856 ____A C:\Users\RMM\Downloads\Downloads - Shortcut.lnk

2012-08-15 14:37 - 2009-07-14 00:10 - 01932677 ____A C:\Windows\WindowsUpdate.log

2012-08-15 14:26 - 2012-08-15 14:24 - 04731392 ____A (AVAST Software) C:\Users\RMM\Downloads\aswMBR.exe

2012-08-15 14:22 - 2012-08-15 14:22 - 00003792 ____A C:\{5963860B-E195-4BBA-AB90-9B7E7C3671A7}

2012-08-15 13:42 - 2012-08-15 13:42 - 00003720 ____A C:\{4C3147A9-BC32-4899-8D6F-8A047FA0EED5}

2012-08-15 12:38 - 2012-08-15 12:38 - 00003760 ____A C:\{0CF61C86-FE61-4A64-9937-66E5919030E5}

2012-08-15 12:18 - 2012-05-08 09:11 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-15 12:18 - 2011-06-01 20:48 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-14 22:48 - 2012-08-14 22:48 - 00003792 ____A C:\{FB76A57B-1113-452C-B6B9-93F335A15D8F}

2012-08-14 22:23 - 2012-08-14 22:23 - 00003720 ____A C:\{B4109F30-66E0-49E2-B6D2-1CC0F13EA7C7}

2012-08-14 21:49 - 2012-08-14 21:49 - 00023769 ____A C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta

2012-08-14 21:48 - 2012-08-14 21:48 - 00000057 ____A C:\Users\All Users\Application Data\Ament.ini

2012-08-14 21:48 - 2012-08-14 21:48 - 00000057 ____A C:\Users\All Users\Ament.ini

2012-08-14 21:42 - 2012-08-14 21:41 - 54097776 ____A C:\Users\RMM\Downloads\PSB210_231.exe

2012-08-14 21:24 - 2012-08-14 21:24 - 00003760 ____A C:\{BBD3734D-E889-43B0-A857-B4CC06C8EA78}

2012-08-14 21:18 - 2012-08-14 21:18 - 00003760 ____A C:\{50FA2A9F-E2A9-4322-91ED-E81D59F4FEC5}

2012-08-14 21:14 - 2010-02-09 03:05 - 00002503 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk

2012-08-14 21:14 - 2010-02-09 03:05 - 00002503 ____A C:\Users\All Users\Desktop\Norton Internet Security.lnk

2012-08-14 14:31 - 2012-08-14 14:31 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(4).exe

2012-08-14 13:54 - 2012-08-14 13:54 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(3).exe

2012-08-14 13:53 - 2012-08-14 13:53 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(2).exe

2012-08-14 13:35 - 2012-08-14 13:35 - 00003760 ____A C:\{ED9F493B-59B8-417B-A4DA-C0D2B8B3199B}

2012-08-14 13:25 - 2012-08-14 13:25 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr.exe

2012-08-14 13:18 - 2012-08-14 13:18 - 00003792 ____A C:\{FFDB7126-BC32-4C79-B49C-9C3E16D3B044}

2012-08-14 12:14 - 2012-08-14 12:13 - 00003760 ____A C:\{321D1C4C-872E-4658-A7D8-43653EC0844F}

2012-08-14 11:12 - 2012-08-14 11:12 - 02841104 ____A (Symantec Corporation) C:\Users\RMM\Downloads\NPE.exe

2012-08-14 11:05 - 2012-08-14 11:05 - 01805736 ____A (Symantec Corporation) C:\Users\RMM\Downloads\FixZeroAccess.exe

2012-07-19 15:52 - 2012-07-19 15:52 - 20275048 ____A (Microsoft Corporation) C:\Users\RMM\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE

2012-07-16 17:16 - 2012-07-16 17:15 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2012-07-16 17:16 - 2012-07-16 17:15 - 00002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk

2012-07-12 08:49 - 2009-07-13 23:45 - 03018408 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 23:55 - 2009-07-13 21:34 - 00000478 ____A C:\Windows\win.ini

2012-07-11 23:51 - 2010-02-09 01:31 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-03 14:46 - 2012-08-16 15:12 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-29 00:24 - 2012-06-20 21:53 - 00002096 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2012-06-29 00:24 - 2012-06-20 21:53 - 00002096 ____A C:\Users\All Users\Desktop\McAfee Security Scan Plus.lnk

2012-06-25 00:15 - 2010-01-26 05:13 - 00032519 ____A C:\Windows\DirectX.log

2012-06-20 07:52 - 2009-07-14 00:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-06-15 09:42 - 2012-06-15 09:42 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-15 09:42 - 2012-06-15 09:42 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk

2012-06-11 22:08 - 2012-07-11 23:55 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-09 00:43 - 2012-07-11 08:18 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 23:41 - 2012-07-11 08:18 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-08 10:59 - 2010-04-13 17:07 - 00013160 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\Upgrd.exe

2012-06-08 10:59 - 2010-02-27 23:06 - 00058288 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe

2012-06-06 01:06 - 2012-07-11 08:18 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-06 01:06 - 2012-07-11 08:18 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-06 01:02 - 2012-07-11 08:18 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-06 00:05 - 2012-07-11 08:18 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-06 00:05 - 2012-07-11 08:18 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-06 00:03 - 2012-07-11 08:18 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-03 23:15 - 2011-08-11 14:19 - 00001013 ____A C:\Users\RMM\Desktop\Dropbox.lnk

2012-06-02 17:19 - 2012-06-24 10:12 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 17:19 - 2012-06-24 10:12 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 17:19 - 2012-06-24 10:12 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 17:19 - 2012-06-24 10:12 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 17:19 - 2012-06-24 10:12 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 17:15 - 2012-06-24 10:12 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 17:15 - 2012-06-24 10:12 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 16:19 - 2012-06-24 10:11 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 16:15 - 2012-06-24 10:11 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 12:21 - 2012-06-02 12:21 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-06-02 12:21 - 2012-06-02 12:21 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk

2012-06-02 07:49 - 2012-07-11 23:50 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 07:17 - 2012-07-11 23:50 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 07:12 - 2012-07-11 23:50 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 07:05 - 2012-07-11 23:50 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 07:05 - 2012-07-11 23:50 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 07:04 - 2012-07-11 23:50 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 07:04 - 2012-07-11 23:50 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 07:03 - 2012-07-11 23:50 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 07:01 - 2012-07-11 23:50 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 07:00 - 2012-07-11 23:50 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 06:59 - 2012-07-11 23:50 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 06:57 - 2012-07-11 23:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 06:57 - 2012-07-11 23:50 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 06:54 - 2012-07-11 23:50 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 04:07 - 2012-07-11 23:50 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 03:43 - 2012-07-11 23:50 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 03:33 - 2012-07-11 23:50 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 03:26 - 2012-07-11 23:50 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 03:25 - 2012-07-11 23:50 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 03:25 - 2012-07-11 23:50 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 03:23 - 2012-07-11 23:50 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 03:21 - 2012-07-11 23:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 03:20 - 2012-07-11 23:50 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 03:19 - 2012-07-11 23:50 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 03:19 - 2012-07-11 23:50 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 03:17 - 2012-07-11 23:50 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 03:16 - 2012-07-11 23:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 03:14 - 2012-07-11 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-02 00:50 - 2012-07-11 08:18 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-02 00:48 - 2012-07-11 08:18 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-02 00:48 - 2012-07-11 08:18 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-02 00:45 - 2012-07-11 08:18 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-02 00:44 - 2012-07-11 08:18 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 23:40 - 2012-07-11 08:18 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 23:40 - 2012-07-11 08:18 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 23:39 - 2012-07-11 08:18 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 23:34 - 2012-07-11 08:18 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

ZeroAccess:

C:\Users\RMM\AppData\Local\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}

C:\Users\RMM\AppData\Local\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\@

C:\Users\RMM\AppData\Local\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\L

C:\Users\RMM\AppData\Local\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%

Total physical RAM: 8156.85 MB

Available physical RAM: 7351.02 MB

Total Pagefile: 8155 MB

Available Pagefile: 7351.45 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:288.85 GB) NTFS

3 Drive e: () (Removable) (Total:0.48 GB) (Free:0.05 GB) FAT

4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.99 GB) NTFS ==>[system with boot components (obtained from reading drive)]

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 488 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 14 GB 39 MB

Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 451 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 488 MB 116 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E FAT Removable 488 MB Healthy

==================================================================================

Last Boot: 2012-08-07 10:49

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 15-08-2012

Ran by SYSTEM at 2012-08-17 02:04:20

Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Link to post
Share on other sites

hi :welcome:

Download ComboFix here :

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
    Click me
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Thanks for the help aliB. I ran combofix and got this:

ComboFix 12-08-17.03 - RMM 08/17/2012 12:28:38.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6045 [GMT -6:00]

Running from: c:\users\RMM\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\RMM\Documents\DPE.DUS

c:\users\RMM\g2mdlhlpx.exe

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))

.

.

2012-08-17 18:39 . 2012-08-17 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-17 06:25 . 2012-08-17 06:26 -------- d-----w- C:\FRST

2012-08-16 20:12 . 2012-08-16 20:12 -------- d-----w- c:\users\RMM\AppData\Roaming\Malwarebytes

2012-08-16 20:12 . 2012-08-16 20:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-16 20:12 . 2012-08-16 20:12 -------- d-----w- c:\programdata\Malwarebytes

2012-08-16 20:12 . 2012-07-03 19:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-15 21:55 . 2012-08-15 21:55 -------- d-----w- c:\users\RMM\AppData\Roaming\HPAppData

2012-08-15 21:45 . 2012-08-15 21:45 -------- d-----w- c:\users\RMM\AppData\Roaming\PC Utility Kit

2012-08-15 21:45 . 2012-08-15 21:45 -------- d-----w- c:\users\RMM\AppData\Roaming\DriverCure

2012-08-15 21:44 . 2012-08-15 21:44 -------- d-----w- c:\program files (x86)\Common Files\PC Utility Kit

2012-08-15 21:44 . 2012-08-15 21:44 -------- d-----w- c:\programdata\PC Utility Kit

2012-08-15 21:44 . 2012-08-15 21:44 -------- d-----w- c:\program files (x86)\PC Utility Kit

2012-08-15 21:02 . 2012-08-15 21:02 -------- d-----w- c:\windows\Downloaded Installations

2012-08-15 21:02 . 2012-08-15 21:02 -------- d-sh--w- c:\windows\ftpcache

2012-08-15 03:28 . 2012-04-18 02:13 43640 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2012-08-15 03:01 . 2012-08-15 03:01 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-15 01:23 . 2012-08-15 22:05 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E

2012-08-14 16:12 . 2012-08-16 22:17 -------- d-----w- c:\users\RMM\AppData\Local\NPE

2012-08-14 16:06 . 2012-08-17 00:11 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2012-08-11 22:52 . 2012-08-11 22:52 -------- d--h--w- c:\windows\AxInstSV

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-17 18:42 . 2010-02-28 04:06 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2012-08-15 17:18 . 2012-05-08 14:11 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-15 17:18 . 2011-06-02 01:48 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 04:51 . 2010-02-09 06:31 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-12 03:08 . 2012-07-12 04:55 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-11 13:18 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-08 15:59 . 2010-04-13 22:07 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe

2012-06-08 15:59 . 2010-02-28 04:06 58288 ------w- c:\windows\SysWow64\rpcnet.exe

2012-06-06 06:06 . 2012-07-11 13:18 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 13:18 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 13:18 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 13:18 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 13:18 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 13:18 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-24 15:12 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-24 15:12 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-24 15:12 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-24 15:12 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-24 15:12 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-24 15:12 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-24 15:12 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 21:19 . 2012-06-24 15:11 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 21:15 . 2012-06-24 15:11 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 12:49 . 2012-07-12 04:50 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-12 04:50 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-12 04:50 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-12 04:50 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-12 04:50 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-12 04:50 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-12 04:50 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-12 04:50 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-12 04:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-12 04:50 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-12 04:50 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-12 04:50 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-12 04:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-12 04:50 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-12 04:50 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-12 04:50 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-12 04:50 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-12 04:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-12 04:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50 . 2012-07-11 13:18 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 13:18 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-11 13:18 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-11 13:18 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 13:18 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 13:18 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 13:18 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 13:18 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 13:18 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Skype"="c:\program files (x86)\Skype\\Phone\Skype.exe" [2010-04-06 26102056]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432]

"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-08-29 75048]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-09-17 165104]

.

c:\users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

Dropbox.lnk - c:\users\RMM\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2009-06-24 22:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-09 1038088]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]

R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [2009-08-06 987648]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-11-08 63760]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-08-16 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120815.002\IDSvia64.sys [2012-06-14 509088]

S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-08 55056]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-08 61712]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/02/14 12:15];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-08-29 01:36 146928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-08 931640]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 35104]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 17:18]

.

2012-08-16 c:\windows\Tasks\PC Utility Kit Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2012-08-17 c:\windows\Tasks\PC Utility Kit Update3.job

- c:\program files (x86)\Common Files\PC Utility Kit\UUS3\Update3.exe [2012-03-27 19:30]

.

2012-08-16 c:\windows\Tasks\PC Utility Kit.job

- c:\program files (x86)\PC Utility Kit\PC Utility Kit\pcutilitykit.exe [2012-04-10 21:55]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\RMM\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Norton Vulnerability Protection: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-FAStartup - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-ComcastHSI - c:\program files (x86)\support.com\uninstall\chsi_uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\windows\SysWOW64\rpcnet.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe

c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2012-08-17 12:50:14 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-17 18:50

.

Pre-Run: 323,449,208,832 bytes free

Post-Run: 327,395,770,368 bytes free

.

- - End Of File - - 43B1A225540FE729F2329B5363201466

Link to post
Share on other sites

hi

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    OTL_Main_Tutorial.gif
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Step 2

run farbar service scanner

FSS.GIF

Tick "All" options.

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Link to post
Share on other sites

aliB, Thanks for the quick reply, here they are:

OTL logfile created on: 8/17/2012 2:31:46 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\RMM\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.07 Gb Available Physical Memory | 76.16% Memory free

15.93 Gb Paging File | 13.77 Gb Available in Paging File | 86.42% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 305.01 Gb Free Space | 67.62% Space Free | Partition Type: NTFS

Computer Name: RMM-PC | User Name: RMM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 14:30:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\RMM\Downloads\OTL.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe

PRC - [2012/06/08 09:59:01 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe

PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\RMM\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2011/11/07 22:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

PRC - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2011/06/17 11:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/01/15 21:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2009/09/17 13:06:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

PRC - [2009/09/17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2009/08/28 19:36:28 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe

PRC - [2009/07/16 21:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

PRC - [2009/07/01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2009/06/24 16:31:44 | 001,942,792 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

PRC - [2009/06/24 16:31:44 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

PRC - [2009/06/24 16:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/05/21 08:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe

PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 08:15:08 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll

MOD - [2012/06/14 08:14:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/14 08:14:34 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/30 16:01:01 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll

MOD - [2012/05/11 08:21:11 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll

MOD - [2012/05/11 07:57:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/11 07:57:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/11 07:57:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/11 07:56:56 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011/10/30 21:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/01/15 21:09:38 | 001,014,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll

MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll

MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll

MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll

MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

MOD - [2009/09/17 13:06:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

MOD - [2009/09/17 13:05:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll

MOD - [2009/09/17 13:05:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll

MOD - [2009/09/17 13:05:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll

MOD - [2009/09/17 13:05:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll

MOD - [2009/09/17 13:05:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll

MOD - [2009/09/17 13:05:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll

MOD - [2009/09/17 13:04:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll

MOD - [2009/09/17 13:04:00 | 000,115,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll

MOD - [2009/09/11 12:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll

MOD - [2009/06/24 16:32:34 | 000,089,352 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll

MOD - [2009/06/24 16:31:46 | 000,059,144 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll

MOD - [2009/06/24 16:31:00 | 000,234,760 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/02/09 02:16:50 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/06/28 22:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/06/25 04:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2012/08/15 11:18:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)

SRV - [2012/06/08 09:59:01 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)

SRV - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2011/06/17 11:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)

SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/09 02:16:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/01/26 03:59:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2009/09/17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2009/06/28 22:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)

SRV - [2009/06/24 16:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) [Auto | Running] -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/05 18:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)

SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/05 20:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2012/07/05 20:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/06/06 22:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS)

DRV:64bit: - [2012/05/21 19:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA)

DRV:64bit: - [2012/04/17 20:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS)

DRV:64bit: - [2012/04/17 20:13:31 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)

DRV:64bit: - [2012/04/17 19:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON)

DRV:64bit: - [2012/03/23 08:39:19 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/11/07 22:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)

DRV:64bit: - [2011/08/16 00:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2009/09/14 22:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)

DRV:64bit: - [2009/08/06 05:59:00 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/07/02 08:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009/07/02 08:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009/07/02 08:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009/07/02 08:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009/06/28 22:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/06/25 22:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/06/25 05:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/06/25 03:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2009/06/25 02:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2009/06/25 02:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/06/10 14:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 15:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)

DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2012/08/17 11:27:49 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.048\ex64.sys -- (NAVEX15)

DRV - [2012/08/17 11:27:49 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.048\eng64.sys -- (NAVENG)

DRV - [2012/08/10 18:25:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120811.003\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/08/08 22:38:39 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/08/08 22:38:39 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/06/14 12:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120815.002\IDSviA64.sys -- (IDSVia64)

DRV - [2011/12/15 11:03:14 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)

DRV - [2011/11/07 22:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)

DRV - [2011/11/07 22:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)

DRV - [2009/08/28 19:36:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/14 12:15:26] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5A04359D-1C2B-4838-A8B1-F7BE79EC8519}

IE:64bit: - HKLM\..\SearchScopes\{5A04359D-1C2B-4838-A8B1-F7BE79EC8519}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {F072852A-0BCC-4330-81AD-A20F66D59183}

IE - HKLM\..\SearchScopes\{F072852A-0BCC-4330-81AD-A20F66D59183}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=iglk

IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\..\SearchScopes,DefaultScope = {F072852A-0BCC-4330-81AD-A20F66D59183}

IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis

IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 2

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn\ [2012/04/02 20:35:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\coFFPlgn\ [2012/08/17 14:30:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/17 12:49:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/02 11:21:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/16 16:16:11 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/17 12:49:18 | 000,000,000 | ---D | M]

[2010/02/09 00:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RMM\AppData\Roaming\Mozilla\Extensions

[2012/06/11 16:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\extensions

[2011/01/11 16:40:27 | 000,002,470 | ---- | M] () -- C:\Users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\searchplugins\safesearch.xml

[2011/07/19 08:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/02/16 23:45:09 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/04/24 15:24:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011/04/26 23:02:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/07/19 08:06:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2012/04/02 20:35:24 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPLGN

[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2012/08/17 12:42:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-714534092-591680571-4139338378-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [FAStartup] File not found

O4 - HKLM..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-714534092-591680571-4139338378-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\RMM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-714534092-591680571-4139338378-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B51E7255-9887-472B-909E-E592F9A510ED}: DhcpNameServer = 4.2.2.2 4.2.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA405FC1-675D-4B5B-BC6A-6119799C3D87}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\cozi - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O20 - Winlogon\Notify\FastAccess: DllName - (c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 14:28:15 | 000,000,000 | R--D | C] -- C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8

[2012/08/17 12:50:17 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/08/17 12:43:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/08/17 12:25:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/08/17 12:25:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/08/17 12:25:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/17 12:02:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/17 12:01:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/17 11:17:56 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{06F0FBCB-106E-47E8-86C9-4DD30AF02154}

[2012/08/17 11:17:41 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4BD931AD-B67F-4CA7-9E4F-5D5B95E0AECA}

[2012/08/17 00:25:54 | 000,000,000 | ---D | C] -- C:\FRST

[2012/08/16 16:23:35 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{657D4874-07E7-41D2-A920-60E2C8BD0E55}

[2012/08/16 16:23:19 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{7FEB4892-BC97-4F0C-A0C0-E61B2AFBAB3D}

[2012/08/16 14:12:33 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\Malwarebytes

[2012/08/16 14:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/16 14:12:23 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/08/16 14:12:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/16 14:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/15 15:55:02 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\HPAppData

[2012/08/15 15:45:05 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\PC Utility Kit

[2012/08/15 15:45:05 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\DriverCure

[2012/08/15 15:44:39 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit

[2012/08/15 15:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Utility Kit

[2012/08/15 15:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit

[2012/08/15 15:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Utility Kit

[2012/08/15 15:02:42 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2012/08/15 15:02:32 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache

[2012/08/15 08:45:21 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{A637E329-1310-49F7-8F38-4569D17FDB61}

[2012/08/15 08:45:07 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{9697EFFD-403C-4745-A91D-41600FE071B6}

[2012/08/14 21:28:34 | 000,043,640 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys

[2012/08/14 21:01:30 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/08/14 11:05:22 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{FA1CF1D2-FD66-483E-9FA2-E72BFED0CEF4}

[2012/08/14 11:05:10 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{A659029B-D9FD-42A8-BE71-C9081FA369DF}

[2012/08/14 10:12:31 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\NPE

[2012/08/14 10:06:04 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys

[2012/08/13 23:04:40 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{05DB830E-2A99-4969-9EA2-7F34FB8D1B3D}

[2012/08/13 07:45:28 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{89A2C94F-4866-4CC8-934D-0F92B4B76518}

[2012/08/13 07:45:16 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{B9F73F73-B830-472A-B73C-16EFB047B9C7}

[2012/08/12 10:17:44 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F6F60CF3-E7B5-4460-BA5E-7C50E4880127}

[2012/08/12 10:17:32 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{99FFF4B5-2A37-4FEF-9202-3C2078AB6309}

[2012/08/11 22:14:37 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{09554217-218F-4D25-90E4-4F81B6C0DDD5}

[2012/08/11 22:14:27 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F0328180-0ECD-4A21-A37C-FF946F2765EE}

[2012/08/11 16:52:00 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV

[2012/08/11 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{837D1F1C-3597-41B3-A30C-07A708DAF902}

[2012/08/11 10:13:50 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F882A269-9FDD-4815-A2D6-E83B1E8D84C1}

[2012/08/10 22:13:24 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{119B9C3A-093C-47A5-B24A-5DE1FAD9E1E4}

[2012/08/10 08:22:59 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{E9C68CDF-6D2F-4D7F-A845-31C93F6BBEB1}

[2012/08/10 08:22:46 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{AC115FEE-ED27-4B62-A56E-9F59D7DCDA12}

[2012/08/09 20:18:47 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3E5898FE-CC5A-4AB8-91CB-D510FC7394D1}

[2012/08/09 08:18:18 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{991CF80A-6D78-4746-9592-18C07DE0D60F}

[2012/08/09 08:18:04 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D9885B25-37DF-49CD-83DF-FBCECD18C2FB}

[2012/08/08 11:27:07 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{675CBA03-E7C3-41B3-9C13-0F40A5586FFF}

[2012/08/08 11:26:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F60F0D4B-06AF-4DEF-8B75-8D53D5F92673}

[2012/08/07 23:26:23 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D67EA215-9F25-4610-9A89-FA536602AF56}

[2012/08/07 11:25:53 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{2B39B171-CE07-41FD-BBE6-2BF2DBF389FD}

[2012/08/07 11:25:42 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{76CB3C6B-97C6-4AF3-AA21-3965DBB2B1F3}

[2012/08/06 23:25:13 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{593B54A5-82EA-44D3-BA96-2CC0017D55EF}

[2012/08/06 11:24:48 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{5633E9FE-3E8D-4D58-BDA8-9DC77EF82D3E}

[2012/08/06 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{91D3D61E-800A-495E-B315-62E7D04D5377}

[2012/08/05 23:24:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{FDB91CF9-3094-46E1-B264-FB81B1B93C0E}

[2012/08/05 23:23:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3F0D996E-6247-4B0F-B818-3999076A925D}

[2012/08/05 08:40:13 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{1D300A15-51E3-4990-BE39-C0CE1BD5EBC7}

[2012/08/05 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{8474DDF2-EAD0-459C-B40F-B8277E36432B}

[2012/08/04 11:47:56 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{463D5658-B30B-42B3-8E5D-2030832BC0E8}

[2012/08/04 11:47:45 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{28F7CEF4-E731-479D-AF05-59F0ED2C2787}

[2012/08/03 23:47:16 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F8A91784-BA0E-48A2-B46E-0CC2988CC242}

[2012/08/03 23:47:00 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{DB4EA400-5C5B-4B32-B397-8DE70B21C33B}

[2012/08/03 11:16:36 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{6B057843-2ACA-4A9A-AE30-4DBC774971C2}

[2012/08/03 11:16:24 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{52D300EF-52F5-4D3B-859E-2C4631FDD93D}

[2012/08/02 23:15:58 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4DA5AD36-5D87-47B2-BBAC-E4000FCA7BFC}

[2012/08/02 07:46:22 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{0940972B-E206-43CC-AC82-2E09491CA6FA}

[2012/08/02 07:46:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{34FFEAFE-29B4-40E4-9A72-DFCAFFA9C2E3}

[2012/08/01 12:15:30 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{96EC2E17-4384-46FE-ACE0-FC5842A59C14}

[2012/08/01 12:15:05 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{60117C8A-9AD0-4919-B211-476FC6083680}

[2012/07/31 23:01:50 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3F0F3C9E-6870-4426-B90A-0A1BA1346D86}

[2012/07/31 09:32:31 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{79207371-F4B0-42D6-90A6-6792E2B2D1F1}

[2012/07/31 09:32:20 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{B09D69B9-F64B-4E78-8659-C1535B5327E0}

[2012/07/30 21:31:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{13967209-734A-46EE-8378-F75FC02BFEFB}

[2012/07/30 09:31:31 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{7D5DD3AC-B5EE-4962-86EA-D98BB26D8C2C}

[2012/07/30 09:31:19 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{A9B999A4-00BA-4D85-B94B-D4A4ADC08EF8}

[2012/07/29 21:30:52 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{ED4CD015-95E9-4D1E-A1A9-15375DD5EFEB}

[2012/07/29 09:30:25 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{39D7EA90-31E8-43F4-BB89-04EB06D8A4E3}

[2012/07/29 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{0624BC34-907A-4F4B-9306-AE9A37580D04}

[2012/07/28 21:29:53 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{6C4A065D-3118-420D-A326-6D4D1BAAD61F}

[2012/07/28 21:29:41 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3CC97B82-DAEF-4309-A3AF-A9EB65D84CA1}

[2012/07/28 09:29:14 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{EBE28A12-BD75-447B-B9ED-220B04132C69}

[2012/07/28 09:29:03 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{51DDDA2E-2F45-467B-AA5E-9C06AF4E78B8}

[2012/07/27 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4E0A70B0-5A67-418D-83BA-C1DE9DCAA350}

[2012/07/27 11:50:49 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4751DAAB-8D45-4430-A540-0FF564C9799E}

[2012/07/26 23:50:23 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{591F3CE8-744D-43AC-8040-1E1887FDA0C5}

[2012/07/26 10:06:36 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{1ED25BEE-AFF3-4E48-979D-C3F71CD01F48}

[2012/07/26 10:06:25 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{BE44E587-A7D0-4EE8-A3DD-18F05C6CAA05}

[2012/07/25 22:05:59 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{5D92EC0E-D32E-4FD5-B387-4455B75B147A}

[2012/07/25 10:05:34 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{5F3E208D-29BA-494D-9D4E-A4CDF749AC63}

[2012/07/25 10:05:23 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{25947CF4-129E-4F04-8B7B-F5C6C1F1D290}

[2012/07/24 22:04:57 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{2A306726-00D0-455E-9D20-0F7384B484BB}

[2012/07/24 10:04:28 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{AE4DEE3D-2C59-4223-B77C-E57733C55994}

[2012/07/24 10:04:14 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D05B55E7-7005-47F3-9105-570DAD623928}

[2012/07/23 22:03:47 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{C80711FD-DE96-4198-A832-25BBA3E7E453}

[2012/07/23 10:03:21 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{90DDC845-624E-46D5-BDAD-177F007D6CB0}

[2012/07/23 10:03:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{85C1CAEF-D585-4298-AFEA-069813DCACC3}

[2012/07/22 22:02:41 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4D60AC6A-E8BF-43CE-B354-0E0063DB2E4B}

[2012/07/22 22:02:30 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{AD726F8B-2977-400D-AFA0-7F836174ADE3}

[2012/07/21 23:41:34 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D0650365-2E00-44B3-AD69-30377163F88E}

[2012/07/21 11:28:06 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{9E895D5D-E94D-4142-A96E-81BEC88D8855}

[2012/07/21 11:27:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{E91597F3-A23C-4C69-BE16-D90E8E18F004}

[2012/07/20 23:27:28 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D7FBD547-B5C2-43D3-A7B2-150F850E7613}

[2012/07/20 10:42:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{1A8A2434-B52F-4DB0-8A4B-C33792EA35B8}

[2012/07/20 10:41:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{30D51098-FAEF-41A3-895A-0921E9930B45}

[2012/07/19 22:41:26 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{2567E23A-9109-460A-91A1-C21D453DB40E}

[2012/07/19 10:40:59 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F1C5AD37-A60D-457E-9A80-8311F8600FA3}

[2012/07/19 10:40:47 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{C80B05FD-6D1C-46BC-88E0-993C381DBE66}

[2012/07/18 21:48:07 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{E47E6D1D-AA7C-4B94-A734-4F4B901F5DA5}

[2010/02/09 00:40:32 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\RMM\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/08/17 14:34:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/17 14:34:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/17 14:33:54 | 000,803,420 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/17 14:33:54 | 000,678,796 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/17 14:33:54 | 000,127,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/17 14:27:12 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll

[2012/08/17 14:26:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/17 14:26:40 | 2119,839,743 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/17 12:42:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/17 12:18:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/17 11:17:39 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Update3.job

[2012/08/16 23:07:23 | 000,000,061 | ---- | M] () -- C:\Users\RMM\AppData\Roaming\mbam.context.scan

[2012/08/16 23:07:07 | 000,003,720 | ---- | M] () -- C:\{08A08690-5029-4DD2-93BD-219B6FE370E8}

[2012/08/16 22:05:18 | 000,001,207 | ---- | M] () -- C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk

[2012/08/16 21:12:49 | 000,003,792 | ---- | M] () -- C:\{97BD8F1A-6284-481E-BBF0-E3A50C4673B4}

[2012/08/16 18:16:16 | 000,003,720 | ---- | M] () -- C:\{8FF1BC36-C401-45AF-8BBC-2F3C0617FA76}

[2012/08/16 18:11:39 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys

[2012/08/16 17:28:35 | 000,003,760 | ---- | M] () -- C:\{9B7B57C2-6A07-42EF-B7C3-DD56177B78E2}

[2012/08/16 16:24:03 | 000,003,760 | ---- | M] () -- C:\{38CAEDBB-D3B6-4F27-AA3F-739BAE03DD39}

[2012/08/16 16:20:36 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit.job

[2012/08/16 16:00:54 | 000,003,792 | ---- | M] () -- C:\{1B5ED7CC-C2F5-4D13-8AEA-C43738DBD970}

[2012/08/16 15:54:09 | 000,003,760 | ---- | M] () -- C:\{AFC8B51A-8808-44EE-A490-57D79F83B654}

[2012/08/16 15:43:04 | 000,003,760 | ---- | M] () -- C:\{B5E60680-26A6-414B-AC0B-EC147D941ECD}

[2012/08/16 15:28:05 | 000,003,792 | ---- | M] () -- C:\{924A804A-642C-468C-95A8-057C39B3A191}

[2012/08/16 15:26:44 | 000,003,760 | ---- | M] () -- C:\{C4877D03-D463-402E-9F66-E1B5EFEEC6AC}

[2012/08/16 15:24:43 | 000,003,760 | ---- | M] () -- C:\{5E9C62BB-DC5F-44C3-9C31-AD2C4D005624}

[2012/08/16 15:23:40 | 000,003,752 | ---- | M] () -- C:\{3E430B90-8895-43E4-A52A-6F167DFCE4E4}

[2012/08/16 15:21:42 | 000,003,760 | ---- | M] () -- C:\{A5974494-044E-432C-A6D1-41279C05C090}

[2012/08/16 15:19:39 | 000,003,792 | ---- | M] () -- C:\{E1616212-E3A9-488C-ACAC-BCD28FBFD2B6}

[2012/08/16 15:17:39 | 000,003,760 | ---- | M] () -- C:\{08B1F027-9D8B-40FA-B55D-509484305936}

[2012/08/16 14:12:25 | 000,001,135 | ---- | M] () -- C:\Users\RMM\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/08/15 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Registration3.job

[2012/08/15 16:04:44 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038

[2012/08/15 15:44:39 | 000,001,234 | ---- | M] () -- C:\Users\RMM\Desktop\PC Utility Kit.lnk

[2012/08/15 15:34:37 | 000,003,760 | ---- | M] () -- C:\{DB641AAF-55E2-42C9-A9ED-757B07662B39}

[2012/08/15 15:06:32 | 000,000,512 | ---- | M] () -- C:\Users\RMM\Desktop\MBR.dat

[2012/08/15 14:47:35 | 000,003,760 | ---- | M] () -- C:\{1C072F82-80CD-485B-83D5-52CBA779E41A}

[2012/08/15 14:45:55 | 000,003,792 | ---- | M] () -- C:\{FC5F50EA-8B5D-455A-893A-FFBF42C2EB25}

[2012/08/15 14:38:52 | 000,003,792 | ---- | M] () -- C:\{7503E6A2-FC1E-4F37-98DB-F29268D1701A}

[2012/08/15 14:37:49 | 000,003,760 | ---- | M] () -- C:\{92A78B61-AC8A-4D9B-A314-B5E6CE7F7DA1}

[2012/08/15 14:31:17 | 000,003,792 | ---- | M] () -- C:\{AD996293-A8AB-481A-B42A-DA33FBD9C63F}

[2012/08/15 14:30:10 | 000,003,760 | ---- | M] () -- C:\{DC8BE0B0-42F6-457C-85D7-C10A9E9D660F}

[2012/08/15 13:22:13 | 000,003,792 | ---- | M] () -- C:\{5963860B-E195-4BBA-AB90-9B7E7C3671A7}

[2012/08/15 12:42:58 | 000,003,720 | ---- | M] () -- C:\{4C3147A9-BC32-4899-8D6F-8A047FA0EED5}

[2012/08/15 11:38:01 | 000,003,760 | ---- | M] () -- C:\{0CF61C86-FE61-4A64-9937-66E5919030E5}

[2012/08/14 21:48:26 | 000,003,792 | ---- | M] () -- C:\{FB76A57B-1113-452C-B6B9-93F335A15D8F}

[2012/08/14 21:28:33 | 001,967,971 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB

[2012/08/14 21:23:18 | 000,003,720 | ---- | M] () -- C:\{B4109F30-66E0-49E2-B6D2-1CC0F13EA7C7}

[2012/08/14 20:49:11 | 000,023,769 | ---- | M] () -- C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta

[2012/08/14 20:48:28 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini

[2012/08/14 20:24:06 | 000,003,760 | ---- | M] () -- C:\{BBD3734D-E889-43B0-A857-B4CC06C8EA78}

[2012/08/14 20:18:36 | 000,003,760 | ---- | M] () -- C:\{50FA2A9F-E2A9-4322-91ED-E81D59F4FEC5}

[2012/08/14 20:14:03 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/08/14 12:35:39 | 000,003,760 | ---- | M] () -- C:\{ED9F493B-59B8-417B-A4DA-C0D2B8B3199B}

[2012/08/14 12:18:34 | 000,003,792 | ---- | M] () -- C:\{FFDB7126-BC32-4C79-B49C-9C3E16D3B044}

[2012/08/14 11:14:01 | 000,003,760 | ---- | M] () -- C:\{321D1C4C-872E-4658-A7D8-43653EC0844F}

[2012/08/09 23:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini

========== Files Created - No Company Name ==========

[2012/08/17 12:25:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/08/17 12:25:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/08/17 12:25:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/08/17 12:25:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/08/17 12:25:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/16 23:07:23 | 000,000,061 | ---- | C] () -- C:\Users\RMM\AppData\Roaming\mbam.context.scan

[2012/08/16 23:07:07 | 000,003,720 | ---- | C] () -- C:\{08A08690-5029-4DD2-93BD-219B6FE370E8}

[2012/08/16 22:04:03 | 000,001,207 | ---- | C] () -- C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk

[2012/08/16 21:12:49 | 000,003,792 | ---- | C] () -- C:\{97BD8F1A-6284-481E-BBF0-E3A50C4673B4}

[2012/08/16 18:16:13 | 000,003,720 | ---- | C] () -- C:\{8FF1BC36-C401-45AF-8BBC-2F3C0617FA76}

[2012/08/16 17:28:35 | 000,003,760 | ---- | C] () -- C:\{9B7B57C2-6A07-42EF-B7C3-DD56177B78E2}

[2012/08/16 16:24:03 | 000,003,760 | ---- | C] () -- C:\{38CAEDBB-D3B6-4F27-AA3F-739BAE03DD39}

[2012/08/16 16:00:54 | 000,003,792 | ---- | C] () -- C:\{1B5ED7CC-C2F5-4D13-8AEA-C43738DBD970}

[2012/08/16 15:54:09 | 000,003,760 | ---- | C] () -- C:\{AFC8B51A-8808-44EE-A490-57D79F83B654}

[2012/08/16 15:43:03 | 000,003,760 | ---- | C] () -- C:\{B5E60680-26A6-414B-AC0B-EC147D941ECD}

[2012/08/16 15:28:05 | 000,003,792 | ---- | C] () -- C:\{924A804A-642C-468C-95A8-057C39B3A191}

[2012/08/16 15:26:43 | 000,003,760 | ---- | C] () -- C:\{C4877D03-D463-402E-9F66-E1B5EFEEC6AC}

[2012/08/16 15:24:42 | 000,003,760 | ---- | C] () -- C:\{5E9C62BB-DC5F-44C3-9C31-AD2C4D005624}

[2012/08/16 15:23:39 | 000,003,752 | ---- | C] () -- C:\{3E430B90-8895-43E4-A52A-6F167DFCE4E4}

[2012/08/16 15:21:41 | 000,003,760 | ---- | C] () -- C:\{A5974494-044E-432C-A6D1-41279C05C090}

[2012/08/16 15:19:38 | 000,003,792 | ---- | C] () -- C:\{E1616212-E3A9-488C-ACAC-BCD28FBFD2B6}

[2012/08/16 15:17:38 | 000,003,760 | ---- | C] () -- C:\{08B1F027-9D8B-40FA-B55D-509484305936}

[2012/08/16 14:12:25 | 000,001,135 | ---- | C] () -- C:\Users\RMM\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/08/15 15:45:09 | 000,000,476 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Registration3.job

[2012/08/15 15:44:38 | 000,001,234 | ---- | C] () -- C:\Users\RMM\Desktop\PC Utility Kit.lnk

[2012/08/15 15:44:34 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Update3.job

[2012/08/15 15:44:29 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit.job

[2012/08/15 15:34:37 | 000,003,760 | ---- | C] () -- C:\{DB641AAF-55E2-42C9-A9ED-757B07662B39}

[2012/08/15 15:06:32 | 000,000,512 | ---- | C] () -- C:\Users\RMM\Desktop\MBR.dat

[2012/08/15 14:47:35 | 000,003,760 | ---- | C] () -- C:\{1C072F82-80CD-485B-83D5-52CBA779E41A}

[2012/08/15 14:45:54 | 000,003,792 | ---- | C] () -- C:\{FC5F50EA-8B5D-455A-893A-FFBF42C2EB25}

[2012/08/15 14:38:51 | 000,003,792 | ---- | C] () -- C:\{7503E6A2-FC1E-4F37-98DB-F29268D1701A}

[2012/08/15 14:37:45 | 000,003,760 | ---- | C] () -- C:\{92A78B61-AC8A-4D9B-A314-B5E6CE7F7DA1}

[2012/08/15 14:31:16 | 000,003,792 | ---- | C] () -- C:\{AD996293-A8AB-481A-B42A-DA33FBD9C63F}

[2012/08/15 14:30:09 | 000,003,760 | ---- | C] () -- C:\{DC8BE0B0-42F6-457C-85D7-C10A9E9D660F}

[2012/08/15 13:22:12 | 000,003,792 | ---- | C] () -- C:\{5963860B-E195-4BBA-AB90-9B7E7C3671A7}

[2012/08/15 12:42:58 | 000,003,720 | ---- | C] () -- C:\{4C3147A9-BC32-4899-8D6F-8A047FA0EED5}

[2012/08/15 11:38:01 | 000,003,760 | ---- | C] () -- C:\{0CF61C86-FE61-4A64-9937-66E5919030E5}

[2012/08/14 21:48:26 | 000,003,792 | ---- | C] () -- C:\{FB76A57B-1113-452C-B6B9-93F335A15D8F}

[2012/08/14 21:23:18 | 000,003,720 | ---- | C] () -- C:\{B4109F30-66E0-49E2-B6D2-1CC0F13EA7C7}

[2012/08/14 20:49:11 | 000,023,769 | ---- | C] () -- C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta

[2012/08/14 20:48:28 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2012/08/14 20:24:06 | 000,003,760 | ---- | C] () -- C:\{BBD3734D-E889-43B0-A857-B4CC06C8EA78}

[2012/08/14 20:18:36 | 000,003,760 | ---- | C] () -- C:\{50FA2A9F-E2A9-4322-91ED-E81D59F4FEC5}

[2012/08/14 12:35:39 | 000,003,760 | ---- | C] () -- C:\{ED9F493B-59B8-417B-A4DA-C0D2B8B3199B}

[2012/08/14 12:18:33 | 000,003,792 | ---- | C] () -- C:\{FFDB7126-BC32-4C79-B49C-9C3E16D3B044}

[2012/08/14 11:13:57 | 000,003,760 | ---- | C] () -- C:\{321D1C4C-872E-4658-A7D8-43653EC0844F}

[2011/01/04 16:06:54 | 000,001,940 | ---- | C] () -- C:\Users\RMM\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/02/28 20:36:50 | 000,004,608 | ---- | C] () -- C:\Users\RMM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/16 23:50:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/02/09 00:24:06 | 000,002,164 | ---- | C] () -- C:\Users\RMM\AppData\Roaming\install.dat

========== LOP Check ==========

[2010/11/01 07:48:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer

[2010/11/01 07:48:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer

[2010/02/25 09:24:18 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\Absolute

[2012/08/15 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\DriverCure

[2012/08/17 14:28:42 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\Dropbox

[2012/08/15 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\PC Utility Kit

[2010/09/27 11:48:30 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\Trusteer

[2010/02/09 00:48:40 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\WildTangent

[2012/08/15 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit Registration3.job

[2012/08/17 11:17:39 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit Update3.job

[2012/08/16 16:20:36 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit.job

[2012/06/20 06:52:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2010/01/26 05:32:53 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe

[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe

[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2010/01/26 05:32:53 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe

[2010/01/26 05:32:56 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2010/01/26 05:32:56 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2004/08/04 03:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\Users\RMM\Documents\Rick Backup\WINDOWS\explorer.exe

[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2010/01/26 05:32:56 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2010/01/26 05:32:53 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe

[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2010/01/26 05:32:56 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

[2010/01/26 05:32:53 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: QMGR.DLL >

[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll

[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll

[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

[2009/07/13 19:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >

[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CNF >

[2003/12/01 00:42:12 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\RMM\Documents\My Webs\_vti_pvt\services.cnf

[2003/12/01 00:42:12 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\RMM\Documents\Rick Backup\Administrator\My Documents\My Webs\_vti_pvt\services.cnf

[2003/12/01 00:42:12 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\RMM\Documents\Rick Backup\Documents and Settings\Administrator\My Documents\My Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.EXE >

[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\Services.exe

[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\Services.exe

[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >

[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui

[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.EXE.VIR >

[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir

< MD5 for: SERVICES.LNK >

[2004/01/07 14:13:02 | 000,001,506 | ---- | M] () MD5=57BC38A14D6EF50130B6E672A5741B9A -- C:\Users\RMM\Documents\Rick Backup\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

[2004/01/07 14:13:02 | 000,001,506 | ---- | M] () MD5=57BC38A14D6EF50130B6E672A5741B9A -- C:\Users\RMM\Documents\Rick Backup\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >

[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof

[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >

[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc

[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc

[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc

[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc

[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc

[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc

[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc

[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >

[2009/04/22 13:08:52 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\Images\icons\png\24_24\services.png

< MD5 for: SERVICES.PTXML >

[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml

[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >

[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe

[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe

[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe

[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe

[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe

[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >

"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]

"ServiceDll" = %systemroot%\system32\qmgr.dll

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 8/17/2012 2:31:46 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\RMM\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.07 Gb Available Physical Memory | 76.16% Memory free

15.93 Gb Paging File | 13.77 Gb Available in Paging File | 86.42% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 305.01 Gb Free Space | 67.62% Space Free | Partition Type: NTFS

Computer Name: RMM-PC | User Name: RMM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-714534092-591680571-4139338378-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |

"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |

"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |

"{0D5DD408-718C-4EDB-91ED-1D5396B80EEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |

"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{4C2A9544-D35B-42BE-A8C0-9B21A35B8601}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |

"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |

"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |

"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |

"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |

"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |

"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety

"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety

"{13AC9B67-96DE-4DF6-9FB8-974DD24A7AD6}" = HP Photosmart Plus B210 series Basic Device Software

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java 6 Update 14 (64-bit)

"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64

"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64

"{3690900F-85EA-447F-BAD1-5CA25AA9B627}" = HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64

"{664AE3A4-2B08-401F-9D54-471C1844838B}" = HP Photosmart Plus B210 series Product Improvement Study

"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64

"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud

"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64

"{B4735ADA-2C32-4DB1-809C-D3D424343ED9}" = FastAccess

"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer

"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64

"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Shop for HP Supplies" = Shop for HP Supplies

"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{106DADAD-B062-4de5-8D1F-3FD2AD195E49}" = PC Utility Kit

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 26

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{2BB0BDFF-E193-42A0-90BE-2D59441E51D2}" = F2200

"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi

"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery

"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player

"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New

"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish

"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing

"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish

"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static

"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Help

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager

"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C222566F-1C50-4ECD-A01E-77F9C4B95458}" = DJ_AIO_03_F2200_Software_Min

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2

"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player

"ComcastHSI" = Comcast High-Speed Internet Install Wizard

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"Dell Webcam Central" = Dell Webcam Central

"GoToAssist" = GoToAssist 8.0.0.514

"HP Photo Creations" = HP Photo Creations

"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)

"NIS" = Norton Internet Security

"PROR" = Microsoft Office Professional 2007

"Rapport_msi" = Rapport

"WildTangent dell Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-714534092-591680571-4139338378-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"GoToMeeting" = GoToMeeting 4.8.0.721

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/16/2012 8:36:18 PM | Computer Name = RMM-PC | Source = Application Error | ID = 1000

Description = Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time

stamp: 0x4ce79f70 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time

stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting

process id: 0x388 Faulting application start time: 0x01cd7c1041203a1b Faulting application

path: C:\Windows\system32\LogonUI.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report

Id: 8ef5a5ee-e803-11e1-8bb2-0026b921933e

Error - 8/16/2012 11:09:23 PM | Computer Name = RMM-PC | Source = Application Error | ID = 1000

Description = Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time

stamp: 0x4ce79f70 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time

stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting

process id: 0x380 Faulting application start time: 0x01cd7c25a9728282 Faulting application

path: C:\Windows\system32\LogonUI.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report

Id: f190fa0d-e818-11e1-8ba3-0026b921933e

Error - 8/16/2012 11:46:55 PM | Computer Name = RMM-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Cozi

Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component

version required by the application conflicts with another component version already

active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/16/2012 11:46:55 PM | Computer Name = RMM-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Cozi

Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component

version required by the application conflicts with another component version already

active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/17/2012 12:33:41 AM | Computer Name = RMM-PC | Source = Application Error | ID = 1000

Description = Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time

stamp: 0x4ce79f70 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time

stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting

process id: 0x380 Faulting application start time: 0x01cd7c316e00aeda Faulting application

path: C:\Windows\system32\LogonUI.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report

Id: b8412414-e824-11e1-933c-0026b921933e

Error - 8/17/2012 12:36:49 AM | Computer Name = RMM-PC | Source = Application Error | ID = 1000

Description = Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time

stamp: 0x4ce79f70 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time

stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting

process id: 0x38c Faulting application start time: 0x01cd7c31deae4320 Faulting application

path: C:\Windows\system32\LogonUI.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report

Id: 281392b0-e825-11e1-8ba5-0026b921933e

Error - 8/17/2012 2:34:30 AM | Computer Name = RMM-PC | Source = Application Error | ID = 1000

Description = Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time

stamp: 0x4ce79f70 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time

stamp: 0x4ec4aa8e Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting

process id: 0x37c Faulting application start time: 0x01cd7c4247fbe581 Faulting application

path: C:\Windows\system32\LogonUI.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report

Id: 98b5c464-e835-11e1-8e9f-0026b921933e

Error - 8/17/2012 2:53:51 AM | Computer Name = RMM-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/17/2012 2:53:51 AM | Computer Name = RMM-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 15584

Error - 8/17/2012 2:53:51 AM | Computer Name = RMM-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 15584

[ OSession Events ]

Error - 4/6/2011 12:00:52 AM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7

seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/8/2011 6:10:52 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17

seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/17/2011 3:36:23 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 796

seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/17/2011 3:36:50 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/25/2011 8:28:57 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21

seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/25/2011 8:36:20 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19

seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/24/2011 5:35:54 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/14/2011 12:54:33 PM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1141

seconds with 180 seconds of active time. This session ended with a crash.

Error - 5/3/2012 11:22:43 AM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4908

seconds with 1260 seconds of active time. This session ended with a crash.

Error - 5/3/2012 11:28:17 AM | Computer Name = RMM-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 327

seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 8/17/2012 2:24:11 PM | Computer Name = RMM-PC | Source = Service Control Manager | ID = 7034

Description = The hpqcxs08 service terminated unexpectedly. It has done this 1

time(s).

Error - 8/17/2012 2:24:11 PM | Computer Name = RMM-PC | Source = Service Control Manager | ID = 7034

Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 8/17/2012 2:33:50 PM | Computer Name = RMM-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 8/17/2012 2:39:05 PM | Computer Name = RMM-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 8/17/2012 2:40:04 PM | Computer Name = RMM-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 8/17/2012 2:42:10 PM | Computer Name = RMM-PC | Source = Service Control Manager | ID = 7023

Description = The Windows Defender service terminated with the following error:

%%126

Error - 8/17/2012 2:43:01 PM | Computer Name = RMM-PC | Source = DCOM | ID = 10016

Description =

Error - 8/17/2012 3:06:16 PM | Computer Name = RMM-PC | Source = DCOM | ID = 10010

Description =

Error - 8/17/2012 3:06:27 PM | Computer Name = RMM-PC | Source = DCOM | ID = 10016

Description =

Error - 8/17/2012 4:28:11 PM | Computer Name = RMM-PC | Source = DCOM | ID = 10016

Description =

< End of report >

Link to post
Share on other sites

Wasn't letting me put them all in one post:

Farbar Service Scanner Version: 06-08-2012

Ran by RMM (administrator) on 17-08-2012 at 14:53:23

Running from "C:\Users\RMM\Downloads"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

BITS Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

hi

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2012/08/16 23:07:07 | 000,003,720 | ---- | C] () -- C:\{08A08690-5029-4DD2-93BD-219B6FE370E8}
    [2012/08/16 21:12:49 | 000,003,792 | ---- | C] () -- C:\{97BD8F1A-6284-481E-BBF0-E3A50C4673B4}
    [2012/08/16 18:16:13 | 000,003,720 | ---- | C] () -- C:\{8FF1BC36-C401-45AF-8BBC-2F3C0617FA76}
    [2012/08/16 17:28:35 | 000,003,760 | ---- | C] () -- C:\{9B7B57C2-6A07-42EF-B7C3-DD56177B78E2}
    [2012/08/16 16:24:03 | 000,003,760 | ---- | C] () -- C:\{38CAEDBB-D3B6-4F27-AA3F-739BAE03DD39}
    [2012/08/16 16:00:54 | 000,003,792 | ---- | C] () -- C:\{1B5ED7CC-C2F5-4D13-8AEA-C43738DBD970}
    [2012/08/16 15:54:09 | 000,003,760 | ---- | C] () -- C:\{AFC8B51A-8808-44EE-A490-57D79F83B654}
    [2012/08/16 15:43:03 | 000,003,760 | ---- | C] () -- C:\{B5E60680-26A6-414B-AC0B-EC147D941ECD}
    [2012/08/16 15:28:05 | 000,003,792 | ---- | C] () -- C:\{924A804A-642C-468C-95A8-057C39B3A191}
    [2012/08/16 15:26:43 | 000,003,760 | ---- | C] () -- C:\{C4877D03-D463-402E-9F66-E1B5EFEEC6AC}
    [2012/08/16 15:24:42 | 000,003,760 | ---- | C] () -- C:\{5E9C62BB-DC5F-44C3-9C31-AD2C4D005624}
    [2012/08/16 15:23:39 | 000,003,752 | ---- | C] () -- C:\{3E430B90-8895-43E4-A52A-6F167DFCE4E4}
    [2012/08/16 15:21:41 | 000,003,760 | ---- | C] () -- C:\{A5974494-044E-432C-A6D1-41279C05C090}
    [2012/08/16 15:19:38 | 000,003,792 | ---- | C] () -- C:\{E1616212-E3A9-488C-ACAC-BCD28FBFD2B6}
    [2012/08/16 15:17:38 | 000,003,760 | ---- | C] () -- C:\{08B1F027-9D8B-40FA-B55D-509484305936}
    [2012/08/15 15:34:37 | 000,003,760 | ---- | C] () -- C:\{DB641AAF-55E2-42C9-A9ED-757B07662B39}
    [2012/08/15 14:47:35 | 000,003,760 | ---- | C] () -- C:\{1C072F82-80CD-485B-83D5-52CBA779E41A}
    [2012/08/15 14:45:54 | 000,003,792 | ---- | C] () -- C:\{FC5F50EA-8B5D-455A-893A-FFBF42C2EB25}
    [2012/08/15 14:38:51 | 000,003,792 | ---- | C] () -- C:\{7503E6A2-FC1E-4F37-98DB-F29268D1701A}
    [2012/08/15 14:37:45 | 000,003,760 | ---- | C] () -- C:\{92A78B61-AC8A-4D9B-A314-B5E6CE7F7DA1}
    [2012/08/15 14:31:16 | 000,003,792 | ---- | C] () -- C:\{AD996293-A8AB-481A-B42A-DA33FBD9C63F}
    [2012/08/15 14:30:09 | 000,003,760 | ---- | C] () -- C:\{DC8BE0B0-42F6-457C-85D7-C10A9E9D660F}
    [2012/08/15 13:22:12 | 000,003,792 | ---- | C] () -- C:\{5963860B-E195-4BBA-AB90-9B7E7C3671A7}
    [2012/08/15 12:42:58 | 000,003,720 | ---- | C] () -- C:\{4C3147A9-BC32-4899-8D6F-8A047FA0EED5}
    [2012/08/15 11:38:01 | 000,003,760 | ---- | C] () -- C:\{0CF61C86-FE61-4A64-9937-66E5919030E5}
    [2012/08/14 21:48:26 | 000,003,792 | ---- | C] () -- C:\{FB76A57B-1113-452C-B6B9-93F335A15D8F}
    [2012/08/14 21:23:18 | 000,003,720 | ---- | C] () -- C:\{B4109F30-66E0-49E2-B6D2-1CC0F13EA7C7}
    [2012/08/14 20:24:06 | 000,003,760 | ---- | C] () -- C:\{BBD3734D-E889-43B0-A857-B4CC06C8EA78}
    [2012/08/14 20:18:36 | 000,003,760 | ---- | C] () -- C:\{50FA2A9F-E2A9-4322-91ED-E81D59F4FEC5}
    [2012/08/14 12:35:39 | 000,003,760 | ---- | C] () -- C:\{ED9F493B-59B8-417B-A4DA-C0D2B8B3199B}
    [2012/08/14 12:18:33 | 000,003,792 | ---- | C] () -- C:\{FFDB7126-BC32-4C79-B49C-9C3E16D3B044}
    [2012/08/14 11:13:57 | 000,003,760 | ---- | C] () -- C:\{321D1C4C-872E-4658-A7D8-43653EC0844F}

    :Files
    ipconfig /flushdns /c
    ipconfig /release /c
    ipconfig /renew /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download the following files:

BITS.reg

Right click BITS.reg and select merge

Accept the warnings

Reboot windows.

Open Farbar Service Scanner again and post a new scan log.

Link to post
Share on other sites

Regarding the Bits.reg, I am not clear on what you mean by "Right click...and merge" I am not getting a "merge" option. Is that after I run it?

In the meantime, here is the OTL file:

OTL logfile created on: 8/17/2012 4:00:14 PM - Run 2

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\RMM\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.64% Memory free

15.93 Gb Paging File | 13.75 Gb Available in Paging File | 86.29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.07 Gb Total Space | 305.22 Gb Free Space | 67.66% Space Free | Partition Type: NTFS

Drive E: | 488.00 Mb Total Space | 47.70 Mb Free Space | 9.78% Space Free | Partition Type: FAT

Computer Name: RMM-PC | User Name: RMM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 14:30:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\RMM\Downloads\OTL.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe

PRC - [2012/06/08 09:59:01 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe

PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\RMM\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2011/11/07 22:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

PRC - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2011/06/17 11:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2009/09/17 13:06:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

PRC - [2009/09/17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2009/08/28 19:36:28 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe

PRC - [2009/07/16 21:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

PRC - [2009/07/01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2009/06/24 16:31:44 | 001,942,792 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

PRC - [2009/06/24 16:31:44 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

PRC - [2009/06/24 16:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/05/21 08:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe

PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 08:15:08 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll

MOD - [2012/06/14 08:14:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/14 08:14:34 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/30 16:01:01 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll

MOD - [2012/05/11 08:21:11 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll

MOD - [2012/05/11 07:57:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/11 07:57:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/11 07:57:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/11 07:56:56 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011/10/30 21:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll

MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll

MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll

MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

MOD - [2009/09/17 13:06:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

MOD - [2009/09/17 13:05:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll

MOD - [2009/09/17 13:05:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll

MOD - [2009/09/17 13:05:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll

MOD - [2009/09/17 13:05:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll

MOD - [2009/09/17 13:05:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll

MOD - [2009/09/17 13:05:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll

MOD - [2009/09/17 13:04:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll

MOD - [2009/09/17 13:04:00 | 000,115,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll

MOD - [2009/09/11 12:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll

MOD - [2009/06/24 16:32:34 | 000,089,352 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll

MOD - [2009/06/24 16:31:46 | 000,059,144 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll

MOD - [2009/06/24 16:31:00 | 000,234,760 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/02/09 02:16:50 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/06/28 22:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/06/25 04:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2012/08/15 11:18:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)

SRV - [2012/06/08 09:59:01 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)

SRV - [2011/11/07 22:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2011/06/17 11:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)

SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/09 02:16:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/01/26 03:59:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2009/09/17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2009/06/28 22:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)

SRV - [2009/06/24 16:31:22 | 002,368,776 | ---- | M] (Sensible Vision ) [Auto | Running] -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/05 18:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)

SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/05 20:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2012/07/05 20:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/06/06 22:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS)

DRV:64bit: - [2012/05/21 19:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA)

DRV:64bit: - [2012/04/17 20:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS)

DRV:64bit: - [2012/04/17 20:13:31 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)

DRV:64bit: - [2012/04/17 19:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON)

DRV:64bit: - [2012/03/23 08:39:19 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/11/07 22:28:40 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)

DRV:64bit: - [2011/08/16 00:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2009/09/14 22:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)

DRV:64bit: - [2009/08/06 05:59:00 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/07/02 08:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009/07/02 08:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009/07/02 08:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009/07/02 08:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009/06/28 22:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/06/25 22:23:30 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/06/25 05:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/06/25 03:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2009/06/25 02:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2009/06/25 02:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/06/10 14:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 15:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)

DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2012/08/17 11:27:49 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.048\ex64.sys -- (NAVEX15)

DRV - [2012/08/17 11:27:49 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.048\eng64.sys -- (NAVENG)

DRV - [2012/08/10 18:25:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120811.003\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012/08/08 22:38:39 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/08/08 22:38:39 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/06/14 12:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120815.002\IDSviA64.sys -- (IDSVia64)

DRV - [2011/12/15 11:03:14 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)

DRV - [2011/11/07 22:28:40 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)

DRV - [2011/11/07 22:28:40 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)

DRV - [2009/08/28 19:36:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/14 12:15:26] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5A04359D-1C2B-4838-A8B1-F7BE79EC8519}

IE:64bit: - HKLM\..\SearchScopes\{5A04359D-1C2B-4838-A8B1-F7BE79EC8519}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {F072852A-0BCC-4330-81AD-A20F66D59183}

IE - HKLM\..\SearchScopes\{F072852A-0BCC-4330-81AD-A20F66D59183}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=iglk

IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\..\SearchScopes,DefaultScope = {F072852A-0BCC-4330-81AD-A20F66D59183}

IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis

IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 2

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn\ [2012/04/02 20:35:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\coFFPlgn\ [2012/08/17 16:00:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/17 12:49:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/02 11:21:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/16 16:16:11 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/17 12:49:18 | 000,000,000 | ---D | M]

[2010/02/09 00:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RMM\AppData\Roaming\Mozilla\Extensions

[2012/06/11 16:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\extensions

[2011/01/11 16:40:27 | 000,002,470 | ---- | M] () -- C:\Users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\searchplugins\safesearch.xml

[2011/07/19 08:06:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/02/16 23:45:09 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/04/24 15:24:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011/04/26 23:02:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/07/19 08:06:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2012/04/02 20:35:24 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPLGN

[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2012/08/17 12:42:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-714534092-591680571-4139338378-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [FAStartup] File not found

O4 - HKLM..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-714534092-591680571-4139338378-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O4 - Startup: C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\RMM\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-714534092-591680571-4139338378-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-714534092-591680571-4139338378-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B51E7255-9887-472B-909E-E592F9A510ED}: DhcpNameServer = 4.2.2.2 4.2.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA405FC1-675D-4B5B-BC6A-6119799C3D87}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\cozi - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O20 - Winlogon\Notify\FastAccess: DllName - (c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 15:58:27 | 000,000,000 | R--D | C] -- C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8

[2012/08/17 15:27:15 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/08/17 12:50:17 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/08/17 12:43:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/08/17 12:25:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/08/17 12:25:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/08/17 12:25:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/17 12:02:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/17 12:01:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/17 11:17:56 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{06F0FBCB-106E-47E8-86C9-4DD30AF02154}

[2012/08/17 11:17:41 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4BD931AD-B67F-4CA7-9E4F-5D5B95E0AECA}

[2012/08/17 00:25:54 | 000,000,000 | ---D | C] -- C:\FRST

[2012/08/16 16:23:35 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{657D4874-07E7-41D2-A920-60E2C8BD0E55}

[2012/08/16 16:23:19 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{7FEB4892-BC97-4F0C-A0C0-E61B2AFBAB3D}

[2012/08/16 14:12:33 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\Malwarebytes

[2012/08/16 14:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/16 14:12:23 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/08/16 14:12:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/16 14:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/15 15:55:02 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\HPAppData

[2012/08/15 15:45:05 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\PC Utility Kit

[2012/08/15 15:45:05 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\DriverCure

[2012/08/15 15:44:39 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Utility Kit

[2012/08/15 15:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Utility Kit

[2012/08/15 15:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit

[2012/08/15 15:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Utility Kit

[2012/08/15 15:02:42 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2012/08/15 15:02:32 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache

[2012/08/15 08:45:21 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{A637E329-1310-49F7-8F38-4569D17FDB61}

[2012/08/15 08:45:07 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{9697EFFD-403C-4745-A91D-41600FE071B6}

[2012/08/14 21:28:34 | 000,043,640 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys

[2012/08/14 21:01:30 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/08/14 11:05:22 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{FA1CF1D2-FD66-483E-9FA2-E72BFED0CEF4}

[2012/08/14 11:05:10 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{A659029B-D9FD-42A8-BE71-C9081FA369DF}

[2012/08/14 10:12:31 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\NPE

[2012/08/14 10:06:04 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys

[2012/08/13 23:04:40 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{05DB830E-2A99-4969-9EA2-7F34FB8D1B3D}

[2012/08/13 07:45:28 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{89A2C94F-4866-4CC8-934D-0F92B4B76518}

[2012/08/13 07:45:16 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{B9F73F73-B830-472A-B73C-16EFB047B9C7}

[2012/08/12 10:17:44 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F6F60CF3-E7B5-4460-BA5E-7C50E4880127}

[2012/08/12 10:17:32 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{99FFF4B5-2A37-4FEF-9202-3C2078AB6309}

[2012/08/11 22:14:37 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{09554217-218F-4D25-90E4-4F81B6C0DDD5}

[2012/08/11 22:14:27 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F0328180-0ECD-4A21-A37C-FF946F2765EE}

[2012/08/11 16:52:00 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV

[2012/08/11 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{837D1F1C-3597-41B3-A30C-07A708DAF902}

[2012/08/11 10:13:50 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F882A269-9FDD-4815-A2D6-E83B1E8D84C1}

[2012/08/10 22:13:24 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{119B9C3A-093C-47A5-B24A-5DE1FAD9E1E4}

[2012/08/10 08:22:59 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{E9C68CDF-6D2F-4D7F-A845-31C93F6BBEB1}

[2012/08/10 08:22:46 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{AC115FEE-ED27-4B62-A56E-9F59D7DCDA12}

[2012/08/09 20:18:47 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3E5898FE-CC5A-4AB8-91CB-D510FC7394D1}

[2012/08/09 08:18:18 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{991CF80A-6D78-4746-9592-18C07DE0D60F}

[2012/08/09 08:18:04 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D9885B25-37DF-49CD-83DF-FBCECD18C2FB}

[2012/08/08 11:27:07 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{675CBA03-E7C3-41B3-9C13-0F40A5586FFF}

[2012/08/08 11:26:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F60F0D4B-06AF-4DEF-8B75-8D53D5F92673}

[2012/08/07 23:26:23 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D67EA215-9F25-4610-9A89-FA536602AF56}

[2012/08/07 11:25:53 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{2B39B171-CE07-41FD-BBE6-2BF2DBF389FD}

[2012/08/07 11:25:42 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{76CB3C6B-97C6-4AF3-AA21-3965DBB2B1F3}

[2012/08/06 23:25:13 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{593B54A5-82EA-44D3-BA96-2CC0017D55EF}

[2012/08/06 11:24:48 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{5633E9FE-3E8D-4D58-BDA8-9DC77EF82D3E}

[2012/08/06 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{91D3D61E-800A-495E-B315-62E7D04D5377}

[2012/08/05 23:24:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{FDB91CF9-3094-46E1-B264-FB81B1B93C0E}

[2012/08/05 23:23:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3F0D996E-6247-4B0F-B818-3999076A925D}

[2012/08/05 08:40:13 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{1D300A15-51E3-4990-BE39-C0CE1BD5EBC7}

[2012/08/05 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{8474DDF2-EAD0-459C-B40F-B8277E36432B}

[2012/08/04 11:47:56 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{463D5658-B30B-42B3-8E5D-2030832BC0E8}

[2012/08/04 11:47:45 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{28F7CEF4-E731-479D-AF05-59F0ED2C2787}

[2012/08/03 23:47:16 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F8A91784-BA0E-48A2-B46E-0CC2988CC242}

[2012/08/03 23:47:00 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{DB4EA400-5C5B-4B32-B397-8DE70B21C33B}

[2012/08/03 11:16:36 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{6B057843-2ACA-4A9A-AE30-4DBC774971C2}

[2012/08/03 11:16:24 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{52D300EF-52F5-4D3B-859E-2C4631FDD93D}

[2012/08/02 23:15:58 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4DA5AD36-5D87-47B2-BBAC-E4000FCA7BFC}

[2012/08/02 07:46:22 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{0940972B-E206-43CC-AC82-2E09491CA6FA}

[2012/08/02 07:46:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{34FFEAFE-29B4-40E4-9A72-DFCAFFA9C2E3}

[2012/08/01 12:15:30 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{96EC2E17-4384-46FE-ACE0-FC5842A59C14}

[2012/08/01 12:15:05 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{60117C8A-9AD0-4919-B211-476FC6083680}

[2012/07/31 23:01:50 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3F0F3C9E-6870-4426-B90A-0A1BA1346D86}

[2012/07/31 09:32:31 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{79207371-F4B0-42D6-90A6-6792E2B2D1F1}

[2012/07/31 09:32:20 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{B09D69B9-F64B-4E78-8659-C1535B5327E0}

[2012/07/30 21:31:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{13967209-734A-46EE-8378-F75FC02BFEFB}

[2012/07/30 09:31:31 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{7D5DD3AC-B5EE-4962-86EA-D98BB26D8C2C}

[2012/07/30 09:31:19 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{A9B999A4-00BA-4D85-B94B-D4A4ADC08EF8}

[2012/07/29 21:30:52 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{ED4CD015-95E9-4D1E-A1A9-15375DD5EFEB}

[2012/07/29 09:30:25 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{39D7EA90-31E8-43F4-BB89-04EB06D8A4E3}

[2012/07/29 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{0624BC34-907A-4F4B-9306-AE9A37580D04}

[2012/07/28 21:29:53 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{6C4A065D-3118-420D-A326-6D4D1BAAD61F}

[2012/07/28 21:29:41 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{3CC97B82-DAEF-4309-A3AF-A9EB65D84CA1}

[2012/07/28 09:29:14 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{EBE28A12-BD75-447B-B9ED-220B04132C69}

[2012/07/28 09:29:03 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{51DDDA2E-2F45-467B-AA5E-9C06AF4E78B8}

[2012/07/27 11:51:08 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4E0A70B0-5A67-418D-83BA-C1DE9DCAA350}

[2012/07/27 11:50:49 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4751DAAB-8D45-4430-A540-0FF564C9799E}

[2012/07/26 23:50:23 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{591F3CE8-744D-43AC-8040-1E1887FDA0C5}

[2012/07/26 10:06:36 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{1ED25BEE-AFF3-4E48-979D-C3F71CD01F48}

[2012/07/26 10:06:25 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{BE44E587-A7D0-4EE8-A3DD-18F05C6CAA05}

[2012/07/25 22:05:59 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{5D92EC0E-D32E-4FD5-B387-4455B75B147A}

[2012/07/25 10:05:34 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{5F3E208D-29BA-494D-9D4E-A4CDF749AC63}

[2012/07/25 10:05:23 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{25947CF4-129E-4F04-8B7B-F5C6C1F1D290}

[2012/07/24 22:04:57 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{2A306726-00D0-455E-9D20-0F7384B484BB}

[2012/07/24 10:04:28 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{AE4DEE3D-2C59-4223-B77C-E57733C55994}

[2012/07/24 10:04:14 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D05B55E7-7005-47F3-9105-570DAD623928}

[2012/07/23 22:03:47 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{C80711FD-DE96-4198-A832-25BBA3E7E453}

[2012/07/23 10:03:21 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{90DDC845-624E-46D5-BDAD-177F007D6CB0}

[2012/07/23 10:03:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{85C1CAEF-D585-4298-AFEA-069813DCACC3}

[2012/07/22 22:02:41 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{4D60AC6A-E8BF-43CE-B354-0E0063DB2E4B}

[2012/07/22 22:02:30 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{AD726F8B-2977-400D-AFA0-7F836174ADE3}

[2012/07/21 23:41:34 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D0650365-2E00-44B3-AD69-30377163F88E}

[2012/07/21 11:28:06 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{9E895D5D-E94D-4142-A96E-81BEC88D8855}

[2012/07/21 11:27:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{E91597F3-A23C-4C69-BE16-D90E8E18F004}

[2012/07/20 23:27:28 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{D7FBD547-B5C2-43D3-A7B2-150F850E7613}

[2012/07/20 10:42:09 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{1A8A2434-B52F-4DB0-8A4B-C33792EA35B8}

[2012/07/20 10:41:55 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{30D51098-FAEF-41A3-895A-0921E9930B45}

[2012/07/19 22:41:26 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{2567E23A-9109-460A-91A1-C21D453DB40E}

[2012/07/19 10:40:59 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{F1C5AD37-A60D-457E-9A80-8311F8600FA3}

[2012/07/19 10:40:47 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{C80B05FD-6D1C-46BC-88E0-993C381DBE66}

[2012/07/18 21:48:07 | 000,000,000 | ---D | C] -- C:\Users\RMM\AppData\Local\{E47E6D1D-AA7C-4B94-A734-4F4B901F5DA5}

[2010/02/09 00:40:32 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\RMM\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/08/17 16:06:21 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/17 16:06:21 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/17 16:04:45 | 000,803,420 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/17 16:04:45 | 000,678,796 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/17 16:04:45 | 000,127,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/17 15:57:36 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll

[2012/08/17 15:56:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/17 15:56:47 | 2119,839,743 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/17 15:18:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/17 12:42:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/17 11:17:39 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Update3.job

[2012/08/16 23:07:23 | 000,000,061 | ---- | M] () -- C:\Users\RMM\AppData\Roaming\mbam.context.scan

[2012/08/16 22:05:18 | 000,001,207 | ---- | M] () -- C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk

[2012/08/16 18:11:39 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys

[2012/08/16 16:20:36 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit.job

[2012/08/16 14:12:25 | 000,001,135 | ---- | M] () -- C:\Users\RMM\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/08/15 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Registration3.job

[2012/08/15 16:04:44 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038

[2012/08/15 15:44:39 | 000,001,234 | ---- | M] () -- C:\Users\RMM\Desktop\PC Utility Kit.lnk

[2012/08/15 15:06:32 | 000,000,512 | ---- | M] () -- C:\Users\RMM\Desktop\MBR.dat

[2012/08/14 21:28:33 | 001,967,971 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB

[2012/08/14 20:49:11 | 000,023,769 | ---- | M] () -- C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta

[2012/08/14 20:48:28 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini

[2012/08/14 20:14:03 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/08/09 23:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini

========== Files Created - No Company Name ==========

[2012/08/17 12:25:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/08/17 12:25:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/08/17 12:25:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/08/17 12:25:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/08/17 12:25:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/16 23:07:23 | 000,000,061 | ---- | C] () -- C:\Users\RMM\AppData\Roaming\mbam.context.scan

[2012/08/16 22:04:03 | 000,001,207 | ---- | C] () -- C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk

[2012/08/16 14:12:25 | 000,001,135 | ---- | C] () -- C:\Users\RMM\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/08/15 15:45:09 | 000,000,476 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Registration3.job

[2012/08/15 15:44:38 | 000,001,234 | ---- | C] () -- C:\Users\RMM\Desktop\PC Utility Kit.lnk

[2012/08/15 15:44:34 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit Update3.job

[2012/08/15 15:44:29 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\PC Utility Kit.job

[2012/08/15 15:06:32 | 000,000,512 | ---- | C] () -- C:\Users\RMM\Desktop\MBR.dat

[2012/08/14 20:49:11 | 000,023,769 | ---- | C] () -- C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta

[2012/08/14 20:48:28 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2011/01/04 16:06:54 | 000,001,940 | ---- | C] () -- C:\Users\RMM\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/02/28 20:36:50 | 000,004,608 | ---- | C] () -- C:\Users\RMM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/16 23:50:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/02/09 00:24:06 | 000,002,164 | ---- | C] () -- C:\Users\RMM\AppData\Roaming\install.dat

========== LOP Check ==========

[2010/11/01 07:48:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer

[2010/11/01 07:48:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer

[2010/02/25 09:24:18 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\Absolute

[2012/08/15 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\DriverCure

[2012/08/17 15:59:21 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\Dropbox

[2012/08/15 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\PC Utility Kit

[2010/09/27 11:48:30 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\Trusteer

[2010/02/09 00:48:40 | 000,000,000 | ---D | M] -- C:\Users\RMM\AppData\Roaming\WildTangent

[2012/08/15 18:00:00 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit Registration3.job

[2012/08/17 11:17:39 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit Update3.job

[2012/08/16 16:20:36 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\PC Utility Kit.job

[2012/06/20 06:52:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Ok, thanks, here it is:

Farbar Service Scanner Version: 06-08-2012

Ran by RMM (administrator) on 17-08-2012 at 16:57:53

Running from "C:\Users\RMM\Downloads"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Step 2

ESET Online Scanner

  1. Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

      Things i would like to see in your reply:
      • Malwarebytes Results.
      • Eset scanner report.
      • Update on how your computer is running

Link to post
Share on other sites

<p>

<style id="_clearly_component__css" type="text/css">

#next_pages_container { width: 5px; hight: 5px; position: absolute; top: -100px; left: -100px; z-index: 2147483647 !important; }</style>

aliB, thanks for the continued help, here are those two files:</p>

<p> </p>

<p> </p>

<p> </p>

<p> </p>

<div>Malwarebytes Anti-Malware (Trial) 1.62.0.1300</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Database version: v2012.08.18.05</div>

<div> </div>

<div>Windows 7 Service Pack 1 x64 NTFS</div>

<div>Internet Explorer 9.0.8112.16421</div>

<div>RMM :: RMM-PC [administrator]</div>

<div> </div>

<div>Protection: Enabled</div>

<div> </div>

<div>8/18/2012 2:06:03 PM</div>

<div>mbam-log-2012-08-18 (14-06-03).txt</div>

<div> </div>

<div>Scan type: Quick scan</div>

<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>

<div>Scan options disabled: P2P</div>

<div>Objects scanned: 200563</div>

<div>Time elapsed: 3 minute(s), 28 second(s)</div>

<div> </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Keys Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Files Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>(end)</div>

<div> </div>

<div> </div>

<div> </div>

<p> </p>

<p> </p>

<div>C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Patched.B.Gen trojan<span class="Apple-tab-span" style="white-space:pre"> </span>deleted - quarantined</div>

<div>C:\Users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\extensions\milesskgrs@milesskgrs.org.xpi<span class="Apple-tab-span" style="white-space:pre"> </span>JS/Redirector.NCA trojan<span class="Apple-tab-span" style="white-space:pre"> </span>deleted - quarantined</div>

<div>C:\Users\RMM\Documents\Rick Backup\Program Files\Common Files\Real\Toolbar\RealBar.dll<span class="Apple-tab-span" style="white-space:pre"> </span>probably a variant of Win32/Adware.Toolbar.Visicom.AB application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div> </div>

<div id="_clearly_component__next_pages_container"> </div>

Link to post
Share on other sites

That last post didn't come out the way I expected, and I don't know how to edit it, I'll try again:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.18.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

RMM :: RMM-PC [administrator]

Protection: Enabled

8/18/2012 2:06:03 PM

mbam-log-2012-08-18 (14-06-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 200563

Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan deleted - quarantined

C:\Users\RMM\AppData\Roaming\Mozilla\Firefox\Profiles\pgy2c6en.default\extensions\milesskgrs@milesskgrs.org.xpi JS/Redirector.NCA trojan deleted - quarantined

C:\Users\RMM\Documents\Rick Backup\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application cleaned by deleting - quarantined

Link to post
Share on other sites

hi

Congratulations your logs appear clean :thumbsup:

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Combofix_uninstall_image.jpg

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

    [*]Click Here to learn how to keep a backup of your important files

    [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Stay safe :wave:

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.