Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old October 16th, 2012, 09:38 PM
jessman1128 jessman1128 is offline
Member
 
Join Date: Jan 2010
O/S: Windows XP Pro
Location: Michigan, USA
Posts: 53
Windows 7 says it detected VirTool:Win32/BeeInject

Windows 7 Professional 64-bit is reporting that it detected VirTool:Win32/BeeInject on my system. I've run scans with numerous programs (SpyBot Search & Destroy, AdAware, Malware Bytes, Microsoft Security Essentials, HitmanPro, Prevx, TDSSKiller, etc.) and none of them have found anything except tracking cookies.

Is this a false alarm, or do I need to dig deeper? If I need to dig deeper, please advise me on the best way to go about doing that.

Thank you!
Reply With Quote


  #2  
Old October 17th, 2012, 12:51 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,513
Hello jessman1128,

Just a tad curious about this:

Quote:
Windows 7 Professional 64-bit is reporting that it detected VirTool:Win32/BeeInject on my system.
Windows 7 doesn't have the functions to check or create warnings like that, so really does suggest fake security software there. Why don't we take a look.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


A lot, but comprehensive, and will make sure we get a good view of everything.
Reply With Quote
  #3  
Old October 17th, 2012, 05:09 AM
jessman1128 jessman1128 is offline
Member
 
Join Date: Jan 2010
O/S: Windows XP Pro
Location: Michigan, USA
Posts: 53
Thanks for the info. I'll follow your instructions tomorrow. Just wanted to quickly reply to your first comment about Windows 7. The message about VirTool:Win32/BeeInject is showing up in the Windows Action Center under the Security section. The exact message is below:

Windows has detected VirTool:Win32/BeeInject, a known PC virus, on your PC. VirTool:Win32/BeeInject has caused your PC to stop working properly 3 times, last occurring on 10/15/2012 11:40 AM.

I received this message after agreeing to let Windows send information to Microsoft about various program crashes that have occurred over the past month or two. In previous versions of Windows as soon as a program crashed it would prompt to send info to Microsoft to check for a solution to the program. I guess in Windows 7 it saves crash info in the background and pools it all together until I tell it what to do with it. After submitting it to Microsoft, that's when it came back and said I had that virus.
Reply With Quote
  #4  
Old October 17th, 2012, 03:41 PM
jessman1128 jessman1128 is offline
Member
 
Join Date: Jan 2010
O/S: Windows XP Pro
Location: Michigan, USA
Posts: 53
(Post 1 of 2)
Here are the requested logs. OTL only created an OTL.txt file; no Extras.txt.

OTL.txt:
OTL logfile created on: 10/17/2012 9:47:10 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GR_Olson\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 62.00% Memory free
7.85 Gb Paging File | 6.22 Gb Available in Paging File | 79.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146.28 Gb Total Space | 62.62 Gb Free Space | 42.81% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.86 Gb Free Space | 93.40% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: E6410_IMAGE | User Name: GR_Olson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/17 09:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GR_Olson\Desktop\OTL.exe
PRC - [2012/08/16 11:21:34 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2012/08/14 10:52:28 | 001,014,624 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\GR_Olson\AppData\Roaming\Dropbox\bin\Drop box.exe
PRC - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/04/25 03:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 03:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2011/01/12 17:11:48 | 000,623,960 | ---- | M] (Avaya) -- C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/15 20:07:52 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/05/04 16:06:34 | 000,327,680 | ---- | M] (DeviceVM, Inc.) -- D:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe
PRC - [2010/05/04 16:06:34 | 000,147,456 | ---- | M] (DeviceVM, Inc.) -- D:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
PRC - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
PRC - [2004/12/14 02:12:46 | 000,196,608 | ---- | M] (Adobe Systems Incorporated.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrodist.exe
PRC - [2004/12/14 02:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/13 13:32:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\7b7fbe651c6e72f12099a298654c9594 \System.Windows.Forms.ni.dll
MOD - [2012/07/13 13:16:38 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\Syste m.Drawing.ni.dll
MOD - [2012/06/05 15:50:20 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAS torUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUti l.ni.dll
MOD - [2012/06/04 18:35:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c \System.Runtime.Remoting.ni.dll
MOD - [2012/06/04 18:35:03 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xm l.ni.dll
MOD - [2012/06/04 18:35:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d \System.Configuration.ni.dll
MOD - [2012/06/04 18:34:59 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/04 18:34:54 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni .dll
MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2005/08/22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/16 11:23:17 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/11/03 17:48:42 | 002,117,120 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2010/10/28 15:05:50 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2010/10/28 15:05:48 | 001,035,680 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2010/10/16 17:17:30 | 003,427,176 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2010/10/15 20:07:52 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/24 18:07:24 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2010/07/19 19:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/07/19 18:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/05/26 07:54:32 | 000,258,560 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/05/26 07:53:26 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009/12/07 00:22:14 | 001,793,976 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (uvnc_service)
SRV:64bit: - [2009/10/22 20:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/01/12 17:11:48 | 000,623,960 | ---- | M] (Avaya) [Auto | Running] -- C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe -- (NvcSvcMgr)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/07/13 15:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/05/04 16:06:34 | 000,327,680 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- D:\Program Files (x86)\Dell\Reader 2.1\DVMExportService.exe -- (DvmMDES)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/01/10 13:01:38 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallF ilterService.exe -- (InstallFilterService)
SRV - [2009/12/07 06:10:00 | 000,094,208 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\Windows\cwbrxd.exe -- (Cwbrxd)
SRV - [2009/10/22 20:07:00 | 000,178,920 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2009/10/22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/10/22 20:07:00 | 000,019,720 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/08 12:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/25 02:49:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011/04/04 14:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/03/31 14:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2011/03/26 11:34:25 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/03/26 11:34:25 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/03/26 11:34:25 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/03/26 11:34:25 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/03/26 11:34:25 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/11 09:20:32 | 000,080,448 | ---- | M] (Nortel Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\nvcwfpco.sys -- (nvcwfpco)
DRV:64bit: - [2011/01/11 09:20:28 | 000,044,096 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ntnvca.sys -- (NT_NvcA)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/20 18:58:40 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2010/07/14 08:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/06/21 13:07:24 | 000,304,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/05/26 07:54:38 | 000,506,880 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/04/06 04:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2010/04/01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/21 15:25:04 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2010/03/21 15:25:04 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2010/03/21 15:25:04 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 23:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/28 11:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/01/18 08:56:26 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/01/18 08:56:26 | 000,021,040 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdfltn.sys -- (stdflt)
DRV:64bit: - [2009/10/26 16:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/22 20:07:00 | 000,469,144 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/10/22 20:07:00 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/10/22 20:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2009/10/22 20:07:00 | 000,083,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2009/10/22 20:07:00 | 000,077,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/06/04 14:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2007/11/02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2010/05/04 16:06:34 | 000,020,624 | ---- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- D:\Program Files (x86)\Dell\Reader 2.1\dvmio_x64.sys -- (DVMIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1009212948-3647497400-3120408578-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-1009212948-3647497400-3120408578-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate06122012
IE - HKU\S-1-5-21-1009212948-3647497400-3120408578-1001\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-21-1009212948-3647497400-3120408578-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1009212948-3647497400-3120408578-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1009212948-3647497400-3120408578-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local;192.168.*.*


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GR_Olson\AppData\Local\Google\Update\1.3. 21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GR_Olson\AppData\Local\Google\Update\1.3. 21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: swagbucks.com (Enabled)
CHR - default_search_provider: search_url = http://www.swagbucks.com/?sfp=h&t=w&p=1&isHomeMain=true&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\GR_Olson\AppData\Local\Google\Chrome\Appl ication\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\GR_Olson\AppData\Local\Google\Chrome\Appl ication\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\GR_Olson\AppData\Local\Google\Chrome\Appl ication\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\GR_Olson\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\GR_Olson\AppData\Local\Google\Chrome\Appl ication\plugins\npatgpc.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\GR_Olson\AppData\Local\Google\Chrome\Appl ication\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\GR_Olson\AppData\Local\Google\Update\1.3. 21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: TooManyTabs for Chrome = C:\Users\GR_Olson\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadoji ibgbdp\1.9.2_0\
CHR - Extension: Session Manager = C:\Users\GR_Olson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdb bkcjfi\0.4_0\
CHR - Extension: YouTube = C:\Users\GR_Olson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\GR_Olson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\GR_Olson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblc afcmpi\8.3_0\
CHR - Extension: Do Not Track Plus = C:\Users\GR_Olson\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkoba efekcd\2.2.0.510_0\
CHR - Extension: AdBlock = C:\Users\GR_Olson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom\2.5.45_0\
CHR - Extension: Detroit Tigers = C:\Users\GR_Olson\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhpigoifmplaaillkieaemdhh bhikgo\0.6.4.9_0\
CHR - Extension: Gmail = C:\Users\GR_Olson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

O1 HOSTS File: ([2012/10/15 09:36:39 | 000,444,506 | R--- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 172.16.200.151 S103XK3M
O1 - Hosts: 172.16.200.151 AS400
O1 - Hosts: 172.16.200.150 AS400Server
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 15265 more lines...
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1009212948-3647497400-3120408578-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DellBtrEvent] D:\Program Files (x86)\Dell\Reader 2.1\DellBtrEvent.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NVC] C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe (Avaya)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1009212948-3647497400-3120408578-1001..\Run: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\GR_Olson\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\GR_Olson\AppData\Roaming\Dropbox\bin\Drop box.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\GR_Olson\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer\Advanced\Folder\Hidden\SHOW ALL: CheckedValue = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing

Last edited by Jintan; October 18th, 2012 at 12:47 AM.
Reply With Quote
  #5  
Old October 17th, 2012, 03:42 PM
jessman1128 jessman1128 is offline
Member
 
Join Date: Jan 2010
O/S: Windows XP Pro
Location: Michigan, USA
Posts: 53
(Post 2 of 2)

OTL.txt, continued

O15 - HKU\S-1-5-21-1009212948-3647497400-3120408578-1001\..Trusted Domains: emc.com ([vdc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/W...x/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect2.pb.com/dana-cached/...etupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{E7303544-A359-4D80-B3EC-A5B7C9D92C94}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1009212948-3647497400-3120408578-1001..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1009212948-3647497400-3120408578-1001\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/17 09:46:49 | 000,000,000 | ---D | C] -- C:\Users\GR_Olson\Desktop\old files
[2012/10/17 09:33:01 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\GR_Olson\Desktop\aswMBR.exe
[2012/10/17 09:22:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\GR_Olson\Desktop\OTL.exe
[2012/10/16 17:48:00 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012/10/16 17:47:28 | 000,000,000 | ---D | C] -- C:\Users\GR_Olson\AppData\Local\Logos4
[2012/10/16 16:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/10/16 16:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/16 14:18:04 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/10/16 14:03:25 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/10/16 14:03:24 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/10/16 11:54:16 | 000,000,000 | ---D | C] -- C:\Users\GR_Olson\AppData\Roaming\SUPERAntiSpyware .com
[2012/10/16 11:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/15 23:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/10/15 23:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/15 20:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3 Cutter and Joiner
[2012/10/15 20:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3 Cutter and Joiner
[2012/10/15 11:52:23 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/10/15 11:52:23 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/10/15 11:52:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/10/15 11:44:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/15 11:22:50 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/10/15 10:47:26 | 000,000,000 | ---D | C] -- C:\Users\GR_Olson\AppData\Roaming\Malwarebytes
[2012/10/15 10:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/15 10:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/15 09:41:03 | 000,000,000 | ---D | C] -- C:\Users\GR_Olson\AppData\Roaming\LavasoftStatisti cs
[2012/10/15 09:36:03 | 000,000,000 | ---D | C] -- C:\Users\GR_Olson\AppData\Local\Downloaded Installations
[2012/10/15 09:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/10/15 09:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/10/15 09:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/10/15 09:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/10/15 09:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/10/11 01:57:39 | 000,000,000 | ---D | C] -- C:\Users\GR_Olson\AppData\Local\{A9D155F9-6E34-4A70-8065-F48BAFC1E42E}
[2012/10/10 10:47:46 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/10 10:47:45 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/10 10:47:45 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/10 10:47:38 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/10 10:47:38 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/10 10:47:38 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/10 10:47:37 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/10 10:47:36 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/10 10:47:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/10 10:47:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/10 10:47:34 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/10 10:47:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/10 10:47:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/10 10:47:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/10 10:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 10:47:33 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 10:47:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 10:47:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 10:47:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 10:47:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 10:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 10:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 10:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 10:47:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 10:47:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 10:47:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/10 10:47:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 10:47:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 10:47:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 10:47:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 10:47:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 10:47:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 10:47:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 10:47:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 10:47:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 10:47:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 10:47:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 10:47:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 10:47:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 10:47:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 10:47:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 10:47:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 10:47:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 10:47:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 10:47:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 10:47:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 10:47:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 10:47:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 10:47:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 10:47:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 10:47:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 10:47:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 10:47:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 10:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 10:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 10:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 10:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 10:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 10:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 10:47:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 10:47:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 10:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 10:47:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 10:47:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 10:47:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 10:47:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 10:47:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 10:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 10:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 10:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 10:47:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 10:47:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/10 10:46:44 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 10:45:49 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 10:45:48 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/07 13:59:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/10/07 13:59:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/10/07 13:59:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/10/07 13:59:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/10/07 13:59:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/10/07 13:59:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/10/07 13:59:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/10/07 13:59:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/10/07 13:59:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/10/07 13:59:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/10/07 13:59:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/10/07 13:59:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/10/07 13:59:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/10/07 13:59:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/10/07 13:59:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/10/05 16:06:06 | 000,000,000 | ---D | C] -- C:\Users\GR_Olson\Documents\10-05-2012
[2012/10/04 22:28:50 | 000,000,000 | ---D | C] -- C:\Users\GR_Olson\AppData\Roaming\Motorola
[2012/10/04 22:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/10/01 15:29:03 | 000,000,000 | ---D | C] -- C:\Users\GR_Olson\Documents\ListApi
[2012/09/27 12:59:18 | 000,000,000 | ---D | C] -- C:\Users\GR_Olson\Documents\09-27-2012
[2012/09/26 15:44:32 | 000,000,000 | ---D | C] -- C:\Users\GR_Olson\Documents\09-26-2012
[2012/09/25 22:27:45 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/25 16:36:01 | 000,000,000 | ---D | C] -- C:\Users\GR_Olson\AppData\Roaming\Walgreens
[2012/09/20 15:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/20 15:00:15 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/09/20 14:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/20 14:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/09/20 14:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/20 14:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/17 09:44:48 | 000,527,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/17 09:44:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/17 09:44:24 | 3162,894,336 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/17 09:43:39 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata
[2012/10/17 09:33:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\GR_Olson\Desktop\aswMBR.exe
[2012/10/17 09:22:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GR_Olson\Desktop\OTL.exe
[2012/10/17 08:58:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1009212948-3647497400-3120408578-1001UA.job
[2012/10/16 23:46:42 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1009212948-3647497400-3120408578-1001Core.job
[2012/10/16 17:54:13 | 000,002,306 | ---- | M] () -- C:\Users\GR_Olson\Desktop\Logos Bible Software 4.lnk
[2012/10/16 16:34:30 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/16 16:34:30 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/16 16:29:17 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/16 15:25:21 | 000,604,068 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash
[2012/10/16 15:25:19 | 000,604,057 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121016152519.gnucash
[2012/10/16 15:20:09 | 000,604,035 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121016152009.gnucash
[2012/10/16 14:14:15 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/16 14:14:15 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/16 14:14:15 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/16 12:42:29 | 000,603,883 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121016124229.gnucash
[2012/10/15 16:25:53 | 000,603,887 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121015162553.gnucash
[2012/10/15 16:14:24 | 000,603,971 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121015161424.gnucash
[2012/10/15 14:30:25 | 000,000,053 | ---- | M] () -- C:\Windows\wininit.ini
[2012/10/15 14:26:56 | 000,603,975 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121015142656.gnucash
[2012/10/15 14:24:27 | 000,602,879 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121015142427.gnucash
[2012/10/15 14:05:16 | 000,602,305 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121015140516.gnucash
[2012/10/15 11:58:07 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/15 11:58:07 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/15 09:36:39 | 000,444,506 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2012/10/10 21:00:45 | 000,002,509 | ---- | M] () -- C:\Users\GR_Olson\Desktop\Google Chrome.lnk
[2012/10/10 13:17:54 | 000,602,304 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121010131754.gnucash
[2012/10/10 11:27:01 | 000,601,841 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121010112701.gnucash
[2012/10/08 15:47:02 | 000,601,686 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121008154702.gnucash
[2012/10/08 12:51:26 | 000,601,683 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121008125126.gnucash
[2012/10/08 12:33:41 | 000,601,180 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121008123341.gnucash
[2012/10/05 17:57:20 | 000,601,175 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121005175720.gnucash
[2012/10/05 14:51:28 | 000,600,767 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121005145128.gnucash
[2012/10/02 09:29:19 | 000,600,767 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121002092918.gnucash
[2012/10/01 17:01:29 | 000,601,181 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121001170129.gnucash
[2012/10/01 16:55:59 | 000,600,962 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121001165559.gnucash
[2012/10/01 16:50:51 | 000,601,035 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121001165051.gnucash
[2012/10/01 16:40:34 | 000,600,159 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121001164034.gnucash
[2012/09/28 15:47:53 | 000,600,068 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120928154753.gnucash
[2012/09/28 15:39:47 | 000,599,952 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120928153947.gnucash
[2012/09/28 15:36:17 | 000,102,975 | ---- | M] () -- C:\Users\GR_Olson\Documents\HealthPort payment confirmation.pdf
[2012/09/28 14:53:51 | 000,599,637 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120928145351.gnucash
[2012/09/28 11:09:47 | 000,599,259 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120928110947.gnucash
[2012/09/28 11:03:32 | 000,598,815 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120928110332.gnucash
[2012/09/28 09:54:18 | 000,598,324 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120928095418.gnucash
[2012/09/27 17:09:19 | 000,598,326 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120927170919.gnucash
[2012/09/27 15:16:59 | 000,598,228 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120927151659.gnucash
[2012/09/27 14:22:43 | 000,598,120 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120927142243.gnucash
[2012/09/27 13:09:48 | 000,065,745 | ---- | M] () -- C:\Users\GR_Olson\Documents\adrienne allied waste fax.pdf
[2012/09/26 17:46:34 | 000,597,913 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120926174634.gnucash
[2012/09/26 17:05:08 | 000,597,867 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120926170508.gnucash
[2012/09/26 16:58:32 | 000,597,272 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120926165832.gnucash
[2012/09/26 15:59:30 | 000,170,134 | ---- | M] () -- C:\Users\GR_Olson\Documents\2011 MI Schedule W.pdf
[2012/09/26 15:59:16 | 000,169,227 | ---- | M] () -- C:\Users\GR_Olson\Documents\2011 MI 1040 page 2.pdf
[2012/09/26 15:58:23 | 000,177,356 | ---- | M] () -- C:\Users\GR_Olson\Documents\2011 MI 1040 page 1.pdf
[2012/09/25 16:29:08 | 000,597,162 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925162908.gnucash
[2012/09/25 15:57:19 | 000,597,029 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925155719.gnucash
[2012/09/25 15:50:16 | 000,596,895 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925155016.gnucash
[2012/09/25 15:37:16 | 000,596,773 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925153716.gnucash
[2012/09/25 15:24:57 | 000,596,790 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925152457.gnucash
[2012/09/25 15:19:41 | 000,596,576 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925151941.gnucash
[2012/09/25 15:14:26 | 000,595,769 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925151426.gnucash
[2012/09/25 10:08:11 | 000,595,669 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925100811.gnucash
[2012/09/21 18:15:23 | 000,595,437 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120921181523.gnucash
[2012/09/21 15:23:28 | 000,595,328 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120921152328.gnucash
[2012/09/21 13:36:34 | 000,594,519 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120921133634.gnucash
[2012/09/21 13:27:46 | 000,593,947 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120921132746.gnucash
[2012/09/21 13:22:35 | 000,593,498 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120921132235.gnucash
[2012/09/21 13:17:07 | 000,593,236 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120921131707.gnucash
[2012/09/20 15:28:27 | 000,593,105 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120920152827.gnucash
[2012/09/20 15:00:21 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/20 11:04:17 | 000,001,510 | ---- | M] () -- C:\Users\GR_Olson\.recently-used.xbel
[2012/09/20 10:57:38 | 000,592,913 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120920105738.gnucash
[2012/09/20 10:45:26 | 000,592,618 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120920104526.gnucash
[2012/09/20 10:39:58 | 000,591,615 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120920103958.gnucash
[2012/09/20 10:33:08 | 000,591,477 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120920103308.gnucash
[2012/09/20 10:18:29 | 000,591,189 | ---- | M] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120920101829.gnucash
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/17 09:43:39 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata
[2012/10/16 17:54:13 | 000,002,314 | ---- | C] () -- C:\Users\GR_Olson\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Logos Bible Software 4.lnk
[2012/10/16 17:54:13 | 000,002,306 | ---- | C] () -- C:\Users\GR_Olson\Desktop\Logos Bible Software 4.lnk
[2012/10/16 15:25:19 | 000,604,057 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121016152519.gnucash
[2012/10/16 15:20:09 | 000,604,035 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121016152009.gnucash
[2012/10/16 12:42:29 | 000,603,883 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121016124229.gnucash
[2012/10/15 19:04:10 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/10/15 16:25:53 | 000,603,887 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121015162553.gnucash
[2012/10/15 16:14:24 | 000,603,971 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121015161424.gnucash
[2012/10/15 14:30:19 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/15 14:26:56 | 000,603,975 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121015142656.gnucash
[2012/10/15 14:24:27 | 000,602,879 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121015142427.gnucash
[2012/10/15 14:05:16 | 000,602,305 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121015140516.gnucash
[2012/10/15 11:52:58 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/10/15 11:52:58 | 000,002,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
[2012/10/15 11:52:58 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2012/10/15 11:52:58 | 000,001,133 | ---- | C] () -- C:\Users\GR_Olson\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/10/15 11:52:58 | 000,001,059 | ---- | C] () -- C:\Users\GR_Olson\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\Dropbox.lnk
[2012/10/15 11:52:58 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/10/10 13:17:54 | 000,602,304 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121010131754.gnucash
[2012/10/10 11:27:01 | 000,601,841 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121010112701.gnucash
[2012/10/08 15:47:02 | 000,601,686 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121008154702.gnucash
[2012/10/08 12:51:26 | 000,601,683 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121008125126.gnucash
[2012/10/08 12:33:41 | 000,601,180 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121008123341.gnucash
[2012/10/05 17:57:20 | 000,601,175 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121005175720.gnucash
[2012/10/05 14:51:28 | 000,600,767 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121005145128.gnucash
[2012/10/02 09:29:18 | 000,600,767 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121002092918.gnucash
[2012/10/01 17:01:29 | 000,601,181 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121001170129.gnucash
[2012/10/01 16:55:59 | 000,600,962 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121001165559.gnucash
[2012/10/01 16:50:51 | 000,601,035 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121001165051.gnucash
[2012/10/01 16:40:34 | 000,600,159 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20121001164034.gnucash
[2012/09/28 15:47:53 | 000,600,068 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120928154753.gnucash
[2012/09/28 15:39:47 | 000,599,952 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120928153947.gnucash
[2012/09/28 15:36:16 | 000,102,975 | ---- | C] () -- C:\Users\GR_Olson\Documents\HealthPort payment confirmation.pdf
[2012/09/28 14:53:51 | 000,599,637 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120928145351.gnucash
[2012/09/28 11:09:47 | 000,599,259 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120928110947.gnucash
[2012/09/28 11:03:32 | 000,598,815 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120928110332.gnucash
[2012/09/28 09:54:18 | 000,598,324 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120928095418.gnucash
[2012/09/27 17:09:19 | 000,598,326 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120927170919.gnucash
[2012/09/27 15:16:59 | 000,598,228 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120927151659.gnucash
[2012/09/27 14:22:43 | 000,598,120 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120927142243.gnucash
[2012/09/27 13:09:48 | 000,065,745 | ---- | C] () -- C:\Users\GR_Olson\Documents\adrienne allied waste fax.pdf
[2012/09/26 17:46:34 | 000,597,913 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120926174634.gnucash
[2012/09/26 17:05:08 | 000,597,867 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120926170508.gnucash
[2012/09/26 16:58:32 | 000,597,272 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120926165832.gnucash
[2012/09/26 15:59:30 | 000,170,134 | ---- | C] () -- C:\Users\GR_Olson\Documents\2011 MI Schedule W.pdf
[2012/09/26 15:59:15 | 000,169,227 | ---- | C] () -- C:\Users\GR_Olson\Documents\2011 MI 1040 page 2.pdf
[2012/09/26 15:58:22 | 000,177,356 | ---- | C] () -- C:\Users\GR_Olson\Documents\2011 MI 1040 page 1.pdf
[2012/09/25 16:29:08 | 000,597,162 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925162908.gnucash
[2012/09/25 15:57:19 | 000,597,029 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925155719.gnucash
[2012/09/25 15:50:16 | 000,596,895 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925155016.gnucash
[2012/09/25 15:37:16 | 000,596,773 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925153716.gnucash
[2012/09/25 15:24:57 | 000,596,790 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925152457.gnucash
[2012/09/25 15:19:41 | 000,596,576 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925151941.gnucash
[2012/09/25 15:14:26 | 000,595,769 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925151426.gnucash
[2012/09/25 10:08:11 | 000,595,669 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120925100811.gnucash
[2012/09/21 18:15:23 | 000,595,437 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120921181523.gnucash
[2012/09/21 15:23:28 | 000,595,328 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120921152328.gnucash
[2012/09/21 13:36:34 | 000,594,519 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120921133634.gnucash
[2012/09/21 13:27:46 | 000,593,947 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120921132746.gnucash
[2012/09/21 13:22:35 | 000,593,498 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120921132235.gnucash
[2012/09/21 13:17:07 | 000,593,236 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120921131707.gnucash
[2012/09/20 15:28:27 | 000,593,105 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120920152827.gnucash
[2012/09/20 15:00:21 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/20 11:04:17 | 000,001,510 | ---- | C] () -- C:\Users\GR_Olson\.recently-used.xbel
[2012/09/20 10:57:38 | 000,592,913 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120920105738.gnucash
[2012/09/20 10:45:26 | 000,592,618 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120920104526.gnucash
[2012/09/20 10:39:58 | 000,591,615 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120920103958.gnucash
[2012/09/20 10:33:08 | 000,591,477 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120920103308.gnucash
[2012/09/20 10:18:29 | 000,591,189 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash.20120920101829.gnucash
[2012/08/05 19:19:52 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/04/02 11:29:58 | 000,772,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/24 22:06:09 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
[2012/03/04 00:58:47 | 000,001,477 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\recently-used.xbel
[2012/03/03 16:54:48 | 000,604,068 | ---- | C] () -- C:\Users\GR_Olson\AppData\Local\jesseolsondata.gnu cash
[2011/05/25 08:12:59 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/05/18 11:35:21 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/16 13:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2011/03/26 13:18:37 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2011/03/26 13:18:37 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2011/03/26 13:18:37 | 000,259,176 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe
[2011/03/26 11:40:50 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


gmer.txt
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-17 10:17:28
Windows 6.1.7601 Service Pack 1
Running: djg4dl8k.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\90004eecfa78
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\90004eed141c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\90004eed141e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\90004eecfa78 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\90004eed141c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\90004eed141e (not active ControlSet)

---- EOF - GMER 1.0.15 ----
[/CODE]

aswMBR.txt
[CODE]aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-17 10:20:09
-----------------------------
10:20:09.081 OS Version: Windows x64 6.1.7601 Service Pack 1
10:20:09.081 Number of processors: 4 586 0x2505
10:20:09.082 ComputerName: E6410_IMAGE UserName: GR_Olson
10:20:09.690 Initialize success
10:20:53.265 AVAST engine defs: 12101700
10:23:00.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:23:00.117 Disk 0 Vendor: TOSHIBA_ LH01 Size: 152627MB BusType: 8
10:23:00.138 Disk 0 MBR read successfully
10:23:00.142 Disk 0 MBR scan
10:23:00.148 Disk 0 Windows VISTA default MBR code
10:23:00.153 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:23:00.169 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
10:23:00.184 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 149788 MB offset 1622016
10:23:00.190 Disk 0 Partition - 00 0F Extended LBA 2044 MB offset 308387840
10:23:00.217 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 2043 MB offset 308389888
10:23:00.264 Disk 0 scanning C:\Windows\system32\drivers
10:23:11.980 Service scanning
10:23:42.409 Modules scanning
10:23:42.750 Disk 0 trace - called modules:
10:23:42.817 ntoskrnl.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys iaStor.sys hal.dll
10:23:42.825 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006775060]
10:23:42.834 3 CLASSPNP.SYS[fffff88001b7f43f] -> nt!IofCallDriver -> [0xfffffa8006609ad0]
10:23:42.842 5 stdfltn.sys[fffff88001a4daf2] -> nt!IofCallDriver -> [0xfffffa800434b3e0]
10:23:42.850 7 ACPI.sys[fffff88000f1b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800434e050]
10:23:43.641 AVAST engine scan C:\Windows
10:23:45.709 AVAST engine scan C:\Windows\system32
10:27:11.886 AVAST engine scan C:\Windows\system32\drivers
10:27:28.435 AVAST engine scan C:\Users\GR_Olson
10:33:41.670 AVAST engine scan C:\ProgramData
10:34:51.566 Scan finished successfully
10:36:07.036 Disk 0 MBR has been saved successfully to "C:\Users\GR_Olson\Desktop\MBR.dat"
10:36:07.044 The log file has been saved successfully to "C:\Users\GR_Olson\Desktop\aswMBR.txt"

Last edited by Jintan; October 18th, 2012 at 12:49 AM.
Reply With Quote
  #6  
Old October 18th, 2012, 01:00 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,513
I'm am really unaware of any function that has Windows knowing what a "VirTool:Win32/BeeInject" is. It doesn't have a built-in security function of it's own. Maybe Windows Defender?

Some adware showing here, but need that second OTL Extras.txt to check that. If it didn't create one:

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
Reply With Quote
  #7  
Old October 18th, 2012, 05:03 AM
jessman1128 jessman1128 is offline
Member
 
Join Date: Jan 2010
O/S: Windows XP Pro
Location: Michigan, USA
Posts: 53
Uninstall list:

AccelerometerP11
Adobe Acrobat 7.0 Standard
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
aioscnnr
Amazon MP3 Downloader 1.0.17
Amazon Unbox Video
Apple Application Support
Apple Software Update
Avidemux 2.5
C4USelfUpdater
center
Cisco WebEx Meetings
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Coupon Printer for Windows
CyberLink PowerDVD 9.5
CyberLink PowerDVD 9.5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
DirectX 9 Runtime
eReg
essentials
Evernote v. 4.5.8
Family Tree Maker 2012
Family Tree Maker 2012
ffdshow [rev 2527] [2008-12-19]
FileZilla Client 3.4.0
GIMP 2.6.12-2
GnuCash 2.4.10
HijackThis 2.0.2
Intel(R) Rapid Storage Technology
IrfanView (remove only)
Java 7 Update 7
Junk Mail filter update
Kindle Collection Manager
KODAK AiO Software
Legacy 7.5
LEGO Digital Designer
LiPS Common/Support Files
Logos 4 Prerequisites
Logos Bible Software 4
Lotus Notes 8.5 (Basic)
McAfee Agent
McAfee VirusScan Enterprise
Mesh Runtime
Messenger Companion
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MotoHelper 2.1.32 Driver 5.4.0
MotoHelper MergeModules
Movie Rotator 1.2
Mp3 Cutter and Joiner 1.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuseScore 1.2 MuseScore score typesetter
ocr
PhotoShowExpress
PreReq
QuickTime
Reader 2.1
Reader 2.1
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Creator Starter
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Sonic CinePlayer Decoder Pack
UltraEdit 16.20
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 2.0.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinFF 1.4.2
YNAB 4 version 4.1.140
Reply With Quote
  #8  
Old October 19th, 2012, 01:01 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,513
Not seeing any level of activity suggesting why that warning is showing, but let's go ahead and run a scan against that info.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Important!


Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Reply With Quote
  #9  
Old October 19th, 2012, 08:49 PM
jessman1128 jessman1128 is offline
Member
 
Join Date: Jan 2010
O/S: Windows XP Pro
Location: Michigan, USA
Posts: 53
I found the extras.txt from OTL. Am posting both that as well as the combofix log.

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GR_Olson\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 43.61% Memory free
7.85 Gb Paging File | 4.34 Gb Available in Paging File | 55.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146.28 Gb Total Space | 62.59 Gb Free Space | 42.79% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.86 Gb Free Space | 93.40% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: E6410_IMAGE | User Name: GR_Olson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1009212948-3647497400-3120408578-1001\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{01E9CC67-433F-4827-8F4F-6FBAEF4588B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{098B66BB-1180-4CC5-8DEC-2E646A72B883}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0AD7622D-C008-4E8D-9DE8-EEC80199A1AC}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{1CD92E39-43B9-48AB-AF58-57EB245576D4}" = rport=138 | protocol=17 | dir=out | app=system |
"{1F72678B-BE4A-4B75-8697-A189952DCD30}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{241912CF-FB1C-4BD4-9E71-36CAA8E7F850}" = lport=138 | protocol=17 | dir=in | app=system |
"{24594A4A-9B69-4CB0-8227-64A2D906EBB4}" = lport=139 | protocol=6 | dir=in | app=system |
"{2534E54C-BB39-4B6D-A4FA-78BF5DEDE682}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2981CC50-ED4E-4347-9174-A98F95619FF6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2AD28B5A-D141-4095-B8D1-3B83D5D59321}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{31D79806-8E44-4DA2-93A2-BB1A0C84C0A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{437C17CB-C1D0-4CEC-8F68-9904CCB901D7}" = lport=137 | protocol=17 | dir=in | app=system |
"{5BF23150-C229-4FEA-9E0F-EE7CF590C9A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{5E48000D-10DB-4029-BCA4-BFBA14821AFB}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{6242DAA5-D2A9-445E-890F-18EB74DB33CA}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{6E82C1CA-2691-4396-90D8-FE462DF9C979}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6EE38273-C1A0-4692-A2B8-B67125287B05}" = lport=445 | protocol=6 | dir=in | app=system |
"{86ACBF51-399B-4E41-B494-F9C4AAE075F2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{87FFB207-AAF4-44C0-9DB2-5F8E3ED50130}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8A269EC0-1129-48E7-B618-E673DC05F4BC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{900A63C5-A9A1-4A87-BFE8-5063CC331A8A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A54BAF4E-BE6C-4C26-84DD-954D4279C620}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B1F6AC27-5CAB-468E-99F4-788B38FFE50F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B87601F7-3BC0-45E9-8512-1CB76BDCA91C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B8A02A51-9BD5-4C16-8EAD-BA87F84CA3C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2B44875-B871-4E53-8719-0476682E5676}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{DD840017-6D3B-4EB7-B41C-A772872F78CF}" = rport=445 | protocol=6 | dir=out | app=system |
"{E89B5C3F-8C26-43BA-8A8B-9A421414B487}" = rport=137 | protocol=17 | dir=out | app=system |
"{F197FE1F-C4AF-45EA-9455-25C78454E195}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{FD8035A3-9510-4CD1-B36C-066382D7EC65}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{17DC6438-E08C-4E06-BE2C-87E0A7ED7012}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{199828F2-B21E-42EF-B10A-A70EDF398420}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe |
"{1A7CDC80-0C0A-4C1F-A5C4-C8E12A31B0DA}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{1E07AEC2-2963-47EA-B20E-FFD165DCD1DC}" = protocol=6 | dir=in | app=c:\program files\crashplan\crashplanservice.exe |
"{208EE03C-B0AE-469F-8691-7449D23DEC6A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{220BB0C9-50A3-4D7C-87E4-B0E83B7B5323}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{22736121-9276-4246-AA07-FC2A4FD688B2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2398E3B0-5A07-4E0A-918A-81C8E28790E1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{24A415B6-269A-46D6-92BC-7B6C92487F0D}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{277E1DC1-9B29-4282-8B69-6507908E3CE3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{2B4D91F8-9ADE-44FF-AF88-95C2B1EAEEFA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2DB051A4-74AC-4A4C-BDEA-BCBCA0D430E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EA3997C-065F-4B4F-B9FF-889EA27378CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30F38A3B-C5B3-40CA-A86E-281B7382B558}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{34845AE3-BDC8-4F94-840A-BED20ADB9E56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37B73CC1-0B1C-4001-B07B-E1A91BE11ED6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3809E637-0132-4247-BDB6-498EAB3E43A1}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe |
"{39726D1F-AD81-4146-96C2-4C9915EFADA7}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{3DA2A3F2-BE1D-4074-97BA-A6FAC3FA48D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42445FAF-7C3B-4963-9344-DC55D362476F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{48AF7E93-5BFD-4917-98EA-4FFEC0922949}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D339C0C-081A-44CC-8E3F-607EDD9E081C}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{5046D174-F12F-4FD0-BBB1-805AF325DCDB}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe |
"{5239FC60-5DF1-4654-B987-EB663C0FA03E}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{589B2DB0-0272-4472-A94E-7077BE2A1495}" = protocol=6 | dir=out | app=system |
"{5A906EC1-503E-46C8-AAC8-4B1CA9C4D326}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{5D124679-30E9-4755-8467-B95D892669CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6577EE56-0BC5-4D49-8EEC-9A2F0F4AB6EB}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{68F2B830-41F6-421C-82A3-A938E729D88C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{734E85A0-B591-4C53-98C0-4B4A04D3D02B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A8CD437-47FD-4D22-8391-10CAD60F44AE}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{7D163992-DB20-4C7D-AD5F-E3DCB6BFAEAF}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{82E1A55E-9FF0-423C-968B-8C2C1FB743CA}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{846F5C2B-C461-4F6B-A82B-A82E03FACAC4}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{8496D190-A450-4398-A1B0-C362C1EE9572}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{858C1D98-C496-47EE-8AFE-560409F7771F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93252765-89E7-44DA-82B9-1258F9A8A47D}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{95F61198-C7F9-456B-8B26-0DB32AFCDD99}" = protocol=6 | dir=in | app=c:\users\gr_olson\appdata\roaming\dropbox\bin\ dropbox.exe |
"{A3B7670B-D0EE-4327-868F-8345349A6642}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A65DFBA5-4024-4922-AB21-36C0B607A7B8}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{AC16E7F6-69DD-49B0-A748-6B73DC6E39D3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AF30C52B-9CE6-46E0-B9B0-D852EBDBED6F}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{B0C95628-4601-41A5-A5E8-3F410D768173}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B0CCAB32-33FE-4CFA-ABFE-A97423F44FAD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B1283009-8257-48DF-B96B-E6C91118F37E}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{B34C339B-0D36-4107-B34A-40336A69D7CC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B37CBD89-BBE4-4618-AB32-4C8AE0EACE33}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe |
"{B60C789C-2378-4D00-B641-02461637FFFD}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{B7A7D760-7B57-4EF5-9A83-F81C879DECED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B7D9974A-742C-41B4-A2E5-67C2A77A0362}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{BDE00EB7-4235-4445-A257-E25854D7DC36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CF88FCFE-4257-4CEC-AC21-E24690E8DE0D}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{D393AF61-A04A-4E11-9CE3-D5150F590E20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4872438-54DB-4357-A4E2-5F122371822F}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{D63A2E60-AC83-463B-A1D2-10825900B86F}" = protocol=17 | dir=in | app=c:\users\gr_olson\appdata\roaming\dropbox\bin\ dropbox.exe |
"{D651C4CB-0D60-43F6-B1B9-E3232AD1E4DC}" = protocol=17 | dir=in | app=c:\program files\crashplan\crashplanservice.exe |
"{D986BE4A-91C9-4164-A3EC-308C19658D5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA1E70F7-398A-4244-94BF-E0B357BD5C03}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DCAB64FC-550D-4BD6-A482-6A392F74C974}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{DD54A022-2D5F-49A0-857F-783B324ECF2A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{DEF55ADB-4462-4B76-AB80-467FB4A32389}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3514AA8-8B35-4623-BF6F-CDFE579B5547}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E70186AF-9BFA-4587-8521-0B9D4500E206}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA01594C-0E22-4290-B6A0-5D6CD12D2C11}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{FCB0CFB3-130A-44B2-8204-0EC12C439144}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{FF961618-5F92-4CF6-9147-85C2553BD3B8}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"TCP Query User{025C3F25-AEDE-4D64-88A7-5BB4C012E80F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{042517C6-5706-4DC9-A676-5AF2C278B8EF}C:\users\gr_olson\appdata\roaming\dro pbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\gr_olson\appdata\roaming\dropbox\bin\ dropbox.exe |
"TCP Query User{2A145EB8-6AB7-41C2-8CC5-F1B98AE06FD1}C:\program files\backup assistant plus\v cast backup scheduler.exe" = protocol=6 | dir=in | app=c:\program files\backup assistant plus\v cast backup scheduler.exe |
"TCP Query User{2A55651C-8672-4468-AFAE-146684485E76}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{33195C46-D0EA-4BD3-A85E-9C3E09A035A3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{41E3EC54-F14B-429D-A29A-E649DB4F304D}C:\program files\backup assistant plus\v cast backup scheduler.exe" = protocol=6 | dir=in | app=c:\program files\backup assistant plus\v cast backup scheduler.exe |
"TCP Query User{4D7D9FFF-969E-4276-A305-7097D7E33D98}C:\program files (x86)\ibm\client access\cwbunnav.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\client access\cwbunnav.exe |
"TCP Query User{94859125-6D22-4634-BDEE-730F74D87D1F}C:\program files (x86)\ibm\client access\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\client access\jre\bin\javaw.exe |
"TCP Query User{A85ED897-8848-416F-ACFC-36F08D077AF0}C:\program files\backup assistant plus\verizon.exe" = protocol=6 | dir=in | app=c:\program files\backup assistant plus\verizon.exe |
"UDP Query User{1243ADAC-6266-4DF8-8977-2345D739422B}C:\program files (x86)\ibm\client access\cwbunnav.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\client access\cwbunnav.exe |
"UDP Query User{17E89EA6-1042-44A0-941E-5C2BCEBB6979}C:\program files\backup assistant plus\verizon.exe" = protocol=17 | dir=in | app=c:\program files\backup assistant plus\verizon.exe |
"UDP Query User{27939065-D318-4534-991A-F6D998888396}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{3B6B3976-DDD0-4858-8313-A48448BB1129}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{3F1540D2-5C1C-48D1-B2D1-204951C30CCB}C:\program files\backup assistant plus\v cast backup scheduler.exe" = protocol=17 | dir=in | app=c:\program files\backup assistant plus\v cast backup scheduler.exe |
"UDP Query User{5B499F1B-4A67-4D67-9C4D-57CB2B1734D2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{6C3A94C7-69A4-4F55-89FC-E03967D5938A}C:\program files\backup assistant plus\v cast backup scheduler.exe" = protocol=17 | dir=in | app=c:\program files\backup assistant plus\v cast backup scheduler.exe |
"UDP Query User{B6957AC4-C9A2-404B-BFA4-D79815EE74DD}C:\users\gr_olson\appdata\roaming\dro pbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\gr_olson\appdata\roaming\dropbox\bin\ dropbox.exe |
"UDP Query User{CD6D84A5-9845-479E-A6C8-C50B46A8387C}C:\program files (x86)\ibm\client access\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\client access\jre\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0DB0EA38-E806-44ED-A892-489F2E305080}" = Dell System Manager
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{164EB883-354E-4290-AD76-67CEE65403A3}" = IBM System i Access for Windows V6R1M0
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0915-000001000000}" = 7-Zip 9.15 (x64 edition)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi Software
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{4EC5CF64-2E59-411D-0112-220111004108}" = Nortel VPN Client
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8A6B4FE2-7CC4-4DAC-BC68-D9E170B758FD}" = Dell ControlVault Host Components Installer 64 bit
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D377B43D-DF58-4D54-A809-781D4F576FE6}" = CrashPlan
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F52ABC1D-5EA4-4FDD-8E5F-CA31428570C0}" = Wave Infrastructure Installer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 3.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PCSI" = Prevx
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 15.2.89.0
"sp6" = Logitech SetPoint 6.32
"Ultravnc2_is1" = UltraVNC 1.0.8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CB0993B-1CD4-4A18-9C85-9732AFD9843F}" = Family Tree Maker 2012
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{800BD69E-5CB4-42EA-863F-A9D5B31385F0}" = Logos Bible Software 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-BA7E-000000000002}" = Adobe Acrobat 7.0 Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B235AB91-08A9-4DED-9DE0-B9594A5F7DCF}" = UltraEdit 16.20
"{BC08597F-843A-4120-8CDB-FB337C36E86E}" = Logos 4 Prerequisites
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{D94AA826-D4EF-49EA-A0D6-6800D15DC0CF}" = Lotus Notes 8.5 (Basic)
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2AC4B4E-DE52-4578-B156-074D751B8B2E}" = Kindle Collection Manager
"{F8D2BE6A-B725-47CD-A931-639A24B8EF10}" = Reader 2.1
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Acrobat 7.0 Standard" = Adobe Acrobat 7.0 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.ynab.YNAB4.LiveCaptive_is1" = YNAB 4 version 4.1.140
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Family Tree Maker 2012" = Family Tree Maker 2012
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.4.0
"GnuCash_is1" = GnuCash 2.4.10
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"IrfanView" = IrfanView (remove only)
"Legacy 7.5" = Legacy 7.5
"LiPS Common/Support Files " = LiPS Common/Support Files
"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
"Movie Rotator_is1" = Movie Rotator 1.2
"Mp3 Cutter and Joiner_is1" = Mp3 Cutter and Joiner 1.0
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"New LEGO Digital Designer" = LEGO Digital Designer
"Office14.SingleImage" = Microsoft Office Professional 2010
"Reader2.1" = Reader 2.1
"VLC media player" = VLC media player 2.0.3
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinFF_is1" = WinFF 1.4.2
"WinGimp-2.0_is1" = GIMP 2.6.12-2
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1009212948-3647497400-3120408578-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2012 8:59:07 AM | Computer Name = E6410_IMAGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 55755459

Error - 10/15/2012 8:59:07 AM | Computer Name = E6410_IMAGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 55755459

Error - 10/15/2012 8:59:08 AM | Computer Name = E6410_IMAGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/15/2012 8:59:08 AM | Computer Name = E6410_IMAGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 55756505

Error - 10/15/2012 8:59:08 AM | Computer Name = E6410_IMAGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 55756505

Error - 10/15/2012 8:59:09 AM | Computer Name = E6410_IMAGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/15/2012 8:59:09 AM | Computer Name = E6410_IMAGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 55757565

Error - 10/15/2012 8:59:09 AM | Computer Name = E6410_IMAGE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 55757565

Error - 10/15/2012 8:59:23 AM | Computer Name = E6410_IMAGE | Source = VSS | ID = 12294
Description =

Error - 10/15/2012 9:13:40 AM | Computer Name = E6410_IMAGE | Source = Application Error | ID = 1000
Description = Faulting application name: V CAST Backup Scheduler.exe, version: 0.0.0.0,
time stamp: 0x4ffaa356 Faulting module name: V CAST Backup Scheduler.exe, version:
0.0.0.0, time stamp: 0x4ffaa356 Exception code: 0xc0000005 Fault offset: 0x0012c86f
Faulting
process id: 0xf80 Faulting application start time: 0x01cdaad6d2ed02ca Faulting application
path: C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe Faulting
module path: C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
Report
Id: 22e89ea4-16ca-11e2-b6d2-90004eecfa78

Error - 10/15/2012 10:43:20 AM | Computer Name = E6410_IMAGE | Source = Application Error | ID = 1000
Description = Faulting application name: V CAST Backup Scheduler.exe, version: 0.0.0.0,
time stamp: 0x4ffaa356 Faulting module name: V CAST Backup Scheduler.exe, version:
0.0.0.0, time stamp: 0x4ffaa356 Exception code: 0xc0000005 Fault offset: 0x0012c86f
Faulting
process id: 0x1188 Faulting application start time: 0x01cdaae36716eb42 Faulting application
path: C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe Faulting
module path: C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
Report
Id: a9581337-16d6-11e2-b22b-90004eecfa78

[ System Events ]
Error - 10/15/2012 11:32:33 AM | Computer Name = E6410_IMAGE | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 10/15/2012 11:32:40 AM | Computer Name = E6410_IMAGE | Source = Service Control Manager | ID = 7000
Description = The rimspci service failed to start due to the following error: %%1058

Error - 10/15/2012 11:32:40 AM | Computer Name = E6410_IMAGE | Source = Service Control Manager | ID = 7000
Description = The rixdpcie service failed to start due to the following error: %%1058

Error - 10/15/2012 11:33:38 AM | Computer Name = E6410_IMAGE | Source = DCOM | ID = 10016
Description =

Error - 10/15/2012 11:35:46 AM | Computer Name = E6410_IMAGE | Source = Service Control Manager | ID = 7034
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/15/2012 11:44:17 AM | Computer Name = E6410_IMAGE | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070002: Security Update for Windows (KB2667402).

Error - 10/15/2012 11:46:36 AM | Computer Name = E6410_IMAGE | Source = Service Control Manager | ID = 7000
Description = The rimspci service failed to start due to the following error: %%1058

Error - 10/15/2012 11:46:36 AM | Computer Name = E6410_IMAGE | Source = Service Control Manager | ID = 7000
Description = The rixdpcie service failed to start due to the following error: %%1058

Error - 10/15/2012 11:47:48 AM | Computer Name = E6410_IMAGE | Source = DCOM | ID = 10016
Description =

Error - 10/15/2012 11:48:55 AM | Computer Name = E6410_IMAGE | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070002: Security Update for Windows (KB2667402).


< End of report >

Last edited by Jintan; October 20th, 2012 at 12:20 AM.
Reply With Quote
  #10  
Old October 19th, 2012, 08:50 PM
jessman1128 jessman1128 is offline
Member
 
Join Date: Jan 2010
O/S: Windows XP Pro
Location: Michigan, USA
Posts: 53
Combofix:
ComboFix 12-10-19.01 - GR_Olson 10/19/2012 15:06:47.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4022.2656 [GMT -4:00]
Running from: c:\users\GR_Olson\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\ccrpTmr6.dll
c:\windows\TEMP\jna1731692247048668459.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
-------\Service_uvnc_service
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-18 02:46 . 2012-10-18 02:46 -------- d-----w- c:\program files (x86)\Trend Micro
2012-10-16 21:48 . 2010-05-26 15:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-10-16 21:47 . 2012-10-17 03:54 -------- d-----w- c:\users\GR_Olson\AppData\Local\Logos4
2012-10-16 20:12 . 2012-10-16 20:12 -------- d-----w- c:\program files\CCleaner
2012-10-16 18:18 . 2012-10-16 18:18 -------- d-----w- c:\windows\Sun
2012-10-16 18:03 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-16 18:03 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-16 15:54 . 2012-10-16 15:54 -------- d-----w- c:\users\GR_Olson\AppData\Roaming\SUPERAntiSpyware .com
2012-10-16 15:53 . 2012-10-16 15:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-16 03:11 . 2012-10-16 03:11 -------- d-----w- c:\program files\HitmanPro
2012-10-16 03:11 . 2012-10-16 03:12 -------- d-----w- c:\programdata\HitmanPro
2012-10-16 00:06 . 2012-10-16 00:06 -------- d-----w- c:\program files (x86)\Mp3 Cutter and Joiner
2012-10-15 15:52 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-10-15 15:52 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-10-15 15:52 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-10-15 15:22 . 2012-10-15 15:22 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-15 14:47 . 2012-10-15 14:47 -------- d-----w- c:\users\GR_Olson\AppData\Roaming\Malwarebytes
2012-10-15 14:46 . 2012-10-15 14:46 -------- d-----w- c:\programdata\Malwarebytes
2012-10-15 14:46 . 2012-10-15 23:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-15 13:41 . 2012-10-15 13:41 -------- d-----w- c:\users\GR_Olson\AppData\Roaming\LavasoftStatisti cs
2012-10-15 13:36 . 2012-10-15 13:36 -------- d-----w- c:\users\GR_Olson\AppData\Local\Downloaded Installations
2012-10-15 13:35 . 2012-10-15 13:35 -------- d-----w- c:\programdata\blekko toolbars
2012-10-15 13:35 . 2012-10-15 13:35 -------- d-----w- c:\program files (x86)\adawaretb
2012-10-15 13:35 . 2012-10-15 13:35 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-10-15 13:17 . 2012-10-16 18:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-10-15 13:17 . 2012-10-15 23:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-10 14:46 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 14:46 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 14:46 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 14:46 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 14:45 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 14:45 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 14:45 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 14:45 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 14:45 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 14:45 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 14:45 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 14:45 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 16:42 . 2012-10-09 16:42 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E7F3458-40D2-421B-B469-1615CC7A8B09}\offreg.dll
2012-10-07 18:01 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-10-05 02:28 . 2012-10-05 02:28 -------- d-----w- c:\users\GR_Olson\AppData\Roaming\Motorola
2012-10-05 02:28 . 2012-10-05 02:28 -------- d-----w- c:\program files\Motorola Inc
2012-09-26 02:27 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 20:36 . 2012-09-25 20:37 -------- d-----w- c:\users\GR_Olson\AppData\Roaming\Walgreens
2012-09-20 19:00 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-20 18:59 . 2012-09-20 19:00 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-20 18:59 . 2012-09-20 19:00 -------- d-----w- c:\program files\iTunes
2012-09-20 18:59 . 2012-09-20 19:00 -------- d-----w- c:\program files (x86)\iTunes
2012-09-20 18:59 . 2012-09-20 18:59 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-10-15 15:58 . 2012-04-24 15:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-15 15:58 . 2012-04-24 15:51 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-15 15:25 . 2011-05-04 17:38 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-14 16:53 . 2012-09-14 16:53 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 16:53 . 2012-09-14 16:56 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-14 16:53 . 2011-03-26 15:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-22 18:12 . 2012-09-12 17:07 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 17:07 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 17:07 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 17:07 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 17:01 . 2012-07-21 19:43 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-07-21 19:43 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 14:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 17:07 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 17:07 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-31 15:31 . 2012-08-30 14:30 87152 ----a-w- c:\windows\system32\cpwmon64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\GR_Olson\AppData\Roaming\Dropbox\bin\Drop boxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\GR_Olson\AppData\Roaming\Dropbox\bin\Drop boxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\GR_Olson\AppData\Roaming\Dropbox\bin\Drop boxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-07-09 7057032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-23 124240]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"NVC"="c:\program files (x86)\Nortel\Nortel VPN Client\Nvc.exe" [2011-01-12 1717576]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"DellBtrEvent"="d:\program files (x86)\Dell\Reader 2.1\DellBtrEvent.exe" [2010-05-04 147456]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"Client Access Service"="c:\program files (x86)\IBM\Client Access\cwbsvstr.exe" [2009-12-07 14848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
.
c:\users\GR_Olson\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\GR_Olson\AppData\Roaming\Dropbox\bin\Drop box.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-8-14 1014624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2011-5-9 25214]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-15 1133856]
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2012-8-16 217088]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1549680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe 64.sys [2010-03-21 61952]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixd pe64.sys [2010-03-21 55808]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwa mpfl.sys [2011-03-26 348712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-03-26 39464]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-23 77104]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRI VERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sy s [2011-11-08 11776]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [2010-03-19 55856]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn. sys [2010-01-18 21040]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-04-25 87600]
S1 DVMIO;DVMIO;d:\program files (x86)\Dell\Reader 2.1\dvmio_x64.sys [2010-05-04 20624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-05-26 89600]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2012-08-16 222720]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-10-28 1035680]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-10-28 36768]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 517488]
S2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files (x86)\Dell\Reader 2.1\DVMExportService.exe [2010-05-04 327680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\AccelerometerP11\InstallF ilterService.exe [2010-01-10 60928]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]
S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files (x86)\IBM\Lotus\Notes\nsd.exe [2008-12-06 3315080]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-23 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-23 79504]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 NvcSvcMgr;Nortel VPN Client;c:\program files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [2011-01-12 623960]
S2 nvcwfpco;nvcwfpco;c:\windows\system32\DRIVERS\nvcw fpco.sys [2011-01-11 80448]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risd pe64.sys [2010-03-21 81920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 26160]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv. sys [2010-08-20 38440]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-06 301232]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 NT_NvcA;Nortel VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys [2011-01-11 44096]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1009212948-3647497400-3120408578-1001Core.job
- c:\users\GR_Olson\AppData\Local\Google\Update\Goog leUpdate.exe [2012-02-24 04:42]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1009212948-3647497400-3120408578-1001UA.job
- c:\users\GR_Olson\AppData\Local\Google\Update\Goog leUpdate.exe [2012-02-24 04:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\GR_Olson\AppData\Roaming\Dropbox\bin\Drop boxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\GR_Olson\AppData\Roaming\Dropbox\bin\Drop boxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\GR_Olson\AppData\Roaming\Dropbox\bin\Drop boxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\GR_Olson\AppData\Roaming\Dropbox\bin\Drop boxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\En abledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Un initializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-05-26 487424]
"nwiz"="nwiz.exe" [2010-04-15 1712744]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-04-17 95336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-17 16414824]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate06122012
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: emc.com\vdc
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\IBM\Lotus\Notes\ntmulti.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
************************************************** ************************
.
Completion time: 2012-10-19 15:20:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-19 19:20
.
Pre-Run: 66,454,953,984 bytes free
Post-Run: 65,968,881,664 bytes free
.
- - End Of File - - F3C4033A821CBE4EAEC1F06609994EFC

Last edited by Jintan; October 20th, 2012 at 12:20 AM.
Reply With Quote
  #11  
Old October 20th, 2012, 12:31 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,513
The items ComboFix removed are not handily identifiable as malware. May be just odd named remnants. The logs show an anti-rootkit driver from Sunbelt loading, but not real sure if McAfee brought that. See if scans pick anything up.

FYI - using "enterprise" edition software, like the McAfee install you have, is not recommended. Sometimes needs the "admin" or a password to uninstall it, as it is intended for business/large organization networked use. Kinda think McAfee is what shows these warnings there. Maybe.


Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log please.
Reply With Quote
  #12  
Old October 22nd, 2012, 07:34 PM
jessman1128 jessman1128 is offline
Member
 
Join Date: Jan 2010
O/S: Windows XP Pro
Location: Michigan, USA
Posts: 53
ESET log:

C:\Users\GR_Olson\Downloads\Adaware_Installer.exe Win32/OpenCandy application deleted - quarantined
Reply With Quote
  #13  
Old October 23rd, 2012, 01:19 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,513
Little suggesting anything.

Please locate the following hilighted file(s), zip a copy of it, and send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files -jessman1128/cth/files" as the email Subject.

C:\qoobox\Quarantine\C <-- That C folder.
Reply With Quote
  #14  
Old October 23rd, 2012, 02:35 AM
jessman1128 jessman1128 is offline
Member
 
Join Date: Jan 2010
O/S: Windows XP Pro
Location: Michigan, USA
Posts: 53
Quote:
Originally Posted by Jintan View Post
Please locate the following hilighted file(s), zip a copy of it, and send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files -jessman1128/cth/files" as the email Subject.

C:\qoobox\Quarantine\C <-- That C folder.
Done.
Reply With Quote
  #15  
Old October 24th, 2012, 12:35 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,513
I received the file thanks. All apparently legit, and just cases of mistaken identity. Can you take a screenshot of whatever is showing this malware alert, and email it to me?

Just send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files -jessman1128/cth/screen" as the email Subject.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 08:29 PM.