Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had/Have Trojan:Win64/Sirefef Infection, cannot turn on Windows Firewall


  • This topic is locked This topic is locked
13 replies to this topic

#1 siskiyou

siskiyou

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 07 September 2012 - 12:26 AM

I have been following the instructions on the Tutorials "How to remove a trojan virus..." but am still finding troubles with the Firewall. In the meantime I downloaded and installed ZoneAlarm as a firewall. I use Windows Security Essentials, and that had been shut down too. I uninstalled that, and reinstalled a new copy, but it won't ever allow the downloads of the recent definitions. I managed to update the definitions today and it found Trojan:Win64/Sirefef.AC and removed it.

Any help would be greatly appreciated. Thank You.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by beanefamily at 22:06:21 on 2012-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2000 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFRA.EXE
C:\Users\beanefamily\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\OneSuiteFax\Client\SendMng.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\splwow64.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\beanefamily\Downloads\virus tools\MiniToolBox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\beanefamily\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.teatreewonders.com/
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - C:\Program Files (x86)\PayPal\PayPal Plug-In\PayPalHelper.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - C:\Program Files (x86)\PayPal\PayPal Plug-In\OToolbar.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [IBP]
uRun: [Google Update] "C:\Users\beanefamily\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [9CA80AC142B2FBF0828A9ED353D1774EE78E25A6._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [EPSON Artisan 810 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_SDED9.tmp" /EF "HKCU"
uRun: [Spotify Web Helper] "C:\Users\beanefamily\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [ClamWin] "J:\ClamWin\bin\ClamTray.exe" --logon
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sendmng] "C:\Program Files (x86)\OneSuiteFax\Client\SendMng.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_3.exe"] "C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_3.exe"
mRunOnce: ["C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_4.exe"] "C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_4.exe"
mRunOnce: ["C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_5.exe"] "C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_5.exe"
mRunOnce: ["C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_1.exe"] "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_1.exe"
mRunOnce: ["C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_3.exe"] "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_3.exe"
mRunOnce: ["C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_4.exe"] "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_4.exe"
mRunOnce: ["C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_5.exe"] "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_5.exe"
StartupFolder: C:\Users\BEANEF~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK - D:\Common\EpsonReg\EpsonReg.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: download.com
Trusted Zone: google.com\mail
Trusted Zone: sitesell.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40620.4798842593
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5EC1E2D7-7761-4688-8396-B5C25A332D94} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: OToolbarHelper Class: {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files (x86)\PayPal\PayPal Plug-In\PayPalHelper.dll
TB-X64: PayPal Plug-In: {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files (x86)\PayPal\PayPal Plug-In\OToolbar.dll
TB-X64: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [ClamWin] "J:\ClamWin\bin\ClamTray.exe" --logon
mRun-x64: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [sendmng] "C:\Program Files (x86)\OneSuiteFax\Client\SendMng.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_3.exe"] "C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_3.exe"
mRunOnce-x64: ["C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_4.exe"] "C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_4.exe"
mRunOnce-x64: ["C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_5.exe"] "C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_5.exe"
mRunOnce-x64: ["C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_1.exe"] "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_1.exe"
mRunOnce-x64: ["C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_3.exe"] "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_3.exe"
mRunOnce-x64: ["C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_4.exe"] "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_4.exe"
mRunOnce-x64: ["C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_5.exe"] "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_5.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2146233&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.teatreewonders.com
FF - prefs.js: network.proxy.http - www.example.com
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\OpenOffice.org 3\program\npsoplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\beanefamily\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\beanefamily\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{db7a1b0e-2c9e-4ad3-a2fd-21907ef2c9d1}\plugins\np-mswmp.dll
FF - plugin: C:\Users\beanefamily\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\beanefamily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\beanefamily\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-9-2 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-9-2 55296]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-7-14 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-7-14 827560]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-7-19 6583160]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-7-19 528760]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-18 133104]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-1-11 79360]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-18 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-07 04:43:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2270766B-342B-4171-B64B-DA971720D74F}\offreg.dll
2012-09-07 01:51:39 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2270766B-342B-4171-B64B-DA971720D74F}\mpengine.dll
2012-09-06 19:14:08 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-06 19:08:43 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-06 18:57:20 -------- d-----w- C:\Users\beanefamily\AppData\Roaming\SUPERAntiSpyware.com
2012-09-06 18:57:09 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-06 18:57:09 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-09-06 18:39:31 -------- d-----w- C:\Users\beanefamily\AppData\Roaming\Malwarebytes
2012-09-06 18:39:01 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-06 18:39:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-06 18:39:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-01 22:00:57 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-31 19:41:52 -------- d-----w- C:\Users\beanefamily\AppData\Local\{01800BBC-B4E8-41D8-B8E8-D3CA78A43282}
2012-08-31 19:41:34 -------- d-----w- C:\Users\beanefamily\AppData\Local\{80B0BAC3-1576-4139-B8A4-7D28603A9A56}
2012-08-29 15:32:02 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-16 00:38:07 -------- d-----w- C:\Users\beanefamily\AppData\Roaming\CheckPoint
2012-08-16 00:37:45 -------- d-----w- C:\Program Files\CheckPoint
2012-08-16 00:33:03 -------- d-----w- C:\Program Files (x86)\CheckPoint
2012-08-16 00:33:02 -------- d-----w- C:\ProgramData\CheckPoint
2012-08-15 05:42:00 328704 ----a-w- C:\Windows\System32\services.exe.8CAB35FB46DFE563
2012-08-15 05:33:10 328704 ----a-w- C:\Windows\System32\services.exe.82D69D6FFE358E01
2012-08-15 05:24:36 328704 ----a-w- C:\Windows\System32\services.exe.E9C414C00376AD2B
2012-08-15 05:18:47 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9FA4F9D-869C-4566-A8F6-2987C896966A}\gapaengine.dll
2012-08-15 05:10:50 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-15 05:10:48 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-08-14 16:24:49 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-09 19:20:47 -------- d-----w- C:\Users\beanefamily\AppData\Local\{7940ACF7-E92E-4DA7-9B2F-F693397B8BD3}
2012-08-09 19:20:37 -------- d-----w- C:\Users\beanefamily\AppData\Local\{332154FA-9DDB-4FB7-82BC-ABF5EB385FC7}
2012-08-09 19:03:12 -------- d-----w- C:\Users\beanefamily\AppData\Local\{1B70DCEB-1F52-4729-BA84-D5D1B90FEAEB}
2012-08-09 19:02:53 -------- d-----w- C:\Users\beanefamily\AppData\Local\{249DB250-C0E9-44F0-870B-CD2F84816D02}
2012-08-08 16:41:49 -------- d-----w- C:\Program Files (x86)\Common Files\EzTools
.
==================== Find3M ====================
.
2012-09-01 22:00:41 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-30 15:57:38 60864 ----a-w- C:\Users\beanefamily\g2mdlhlpx.exe
2012-08-21 16:48:30 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 16:48:30 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-15 05:47:06 328704 ----a-w- C:\Windows\System32\services.exe
2012-06-25 23:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-02-22 23:27:34 14646304 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 22:07:18.77 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:22 AM

Posted 09 September 2012 - 12:52 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 siskiyou

siskiyou
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 10 September 2012 - 01:31 PM

Thank You CatByte,

I am so grateful for your help.

Here is the FRST.txt file
--------------------------


Scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2012
Ran by SYSTEM at 10-09-2012 11:08:44
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" [1127592 2012-07-14] (Check Point Software Technologies)
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2171904 2009-06-05] (VIA)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-11-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x]
HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [843776 2009-02-06] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [ClamWin] "J:\ClamWin\bin\ClamTray.exe" --logon [x]
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [497000 2009-07-30] (Sony Corporation)
HKLM-x32\...\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1485208 2010-07-28] (Affinegy, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-01-25] (Apple Inc.)
HKLM-x32\...\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-09-29] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sendmng] "C:\Program Files (x86)\OneSuiteFax\Client\SendMng.exe" [520192 2008-03-31] (Sagem-Interstar Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73392 2012-08-03] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\beanefamily\...\Run: [IBP] [x]
HKU\beanefamily\...\Run: [Google Update] "C:\Users\beanefamily\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-08-25] (Google Inc.)
HKU\beanefamily\...\Run: [9CA80AC142B2FBF0828A9ED353D1774EE78E25A6._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service [1229848 2012-08-29] (Google Inc.)
HKU\beanefamily\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\beanefamily\...\Run: [EPSON Artisan 810 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_SDED9.tmp" /EF "HKCU" [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\beanefamily\...\Run: [Spotify Web Helper] "C:\Users\beanefamily\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-29] ()
HKU\beanefamily\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5659520 2012-09-04] (SUPERAntiSpyware.com)
HKLM-x32\...\RunOnce: ["C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_3.exe"] "C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_3.exe" [28255216 2009-09-01] (Indigo Rose Corporation http://www.indigorose.com)
HKLM-x32\...\RunOnce: ["C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_4.exe"] "C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_4.exe" [31901312 2009-09-01] (Indigo Rose Corporation http://www.indigorose.com)
HKLM-x32\...\RunOnce: ["C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_5.exe"] "C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_5.exe" [28453448 2009-09-01] (Indigo Rose Corporation http://www.indigorose.com)
HKLM-x32\...\RunOnce: ["C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_1.exe"] "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_1.exe" [23176088 2009-09-01] (Indigo Rose Corporation http://www.indigorose.com)
HKLM-x32\...\RunOnce: ["C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_3.exe"] "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_3.exe" [28255216 2009-09-01] (Indigo Rose Corporation http://www.indigorose.com)
HKLM-x32\...\RunOnce: ["C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_4.exe"] "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_4.exe" [31901312 2009-09-01] (Indigo Rose Corporation http://www.indigorose.com)
HKLM-x32\...\RunOnce: ["C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_5.exe"] "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_5.exe" [28453448 2009-09-01] (Indigo Rose Corporation http://www.indigorose.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\beanefamily\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
ShortcutTarget: Epson all-in-one Registration.lnk -> (No File)

==================== Services ====================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [569752 2010-07-28] (Affinegy, Inc.)
2 Belkin Local Backup Service; "C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe" /service [181760 2010-02-17] ()
2 Belkin Network USB Helper; "C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe" /service [55296 2010-02-09] ()
3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [3276800 2008-08-07] (MAGIX®)
2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [827560 2012-07-14] (Check Point Software Technologies)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -service [2445880 2012-08-03] (Check Point Software Technologies LTD)

==================== Drivers =================================

1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-07-14] (Check Point Software Technologies)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] ()
3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] ()
3 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [291352 2010-03-10] (silex technology, Inc.)
1 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-10 11:08 - 2012-09-10 11:08 - 00000000 ____D C:\FRST
2012-09-08 15:49 - 2012-09-08 15:49 - 00017064 ____A C:\Users\beanefamily\Desktop\teatreesale.jpeg
2012-09-07 12:44 - 2012-09-07 12:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-06 21:09 - 2012-09-06 21:09 - 00055633 ____A C:\Users\beanefamily\Desktop\Attach.txt
2012-09-06 21:08 - 2012-09-06 21:09 - 00031853 ____A C:\Users\beanefamily\Desktop\DDS.txt
2012-09-06 21:04 - 2012-09-06 21:04 - 00607260 ____R (Swearware) C:\Users\beanefamily\Desktop\dds.com
2012-09-06 21:02 - 2012-09-06 21:02 - 00000000 ____A C:\Users\beanefamily\defogger_reenable
2012-09-06 19:02 - 2012-09-06 19:02 - 00006355 ____A C:\Users\beanefamily\Desktop\virus help.txt
2012-09-06 17:48 - 2012-09-06 17:51 - 65137712 ____A (Microsoft Corporation) C:\Users\beanefamily\Downloads\mpam-fe.exe
2012-09-06 11:14 - 2012-09-06 11:14 - 00000000 ____D C:\Program Files (x86)\ESET
2012-09-06 11:13 - 2012-09-06 11:13 - 02322184 ____A (ESET) C:\Users\beanefamily\Downloads\esetsmartinstaller_enu.exe
2012-09-06 10:57 - 2012-09-06 10:57 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-06 10:57 - 2012-09-06 10:57 - 00000000 ____D C:\Users\beanefamily\AppData\Roaming\SUPERAntiSpyware.com
2012-09-06 10:57 - 2012-09-06 10:57 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-09-06 10:57 - 2012-09-06 10:57 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-09-06 10:39 - 2012-09-06 10:39 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-06 10:39 - 2012-09-06 10:39 - 00000000 ____D C:\Users\beanefamily\AppData\Roaming\Malwarebytes
2012-09-06 10:39 - 2012-09-06 10:39 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-06 10:39 - 2012-09-06 10:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-06 10:39 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-06 10:31 - 2012-09-06 10:31 - 00000000 ____D C:\Users\beanefamily\Desktop\rkill
2012-09-06 10:29 - 2012-09-06 10:32 - 00004638 ____A C:\Users\beanefamily\Desktop\Rkill.txt
2012-09-06 10:26 - 2012-09-06 21:05 - 00000000 ____D C:\Users\beanefamily\Downloads\virus tools
2012-09-05 11:46 - 2012-09-05 11:46 - 00001965 ____A C:\Users\beanefamily\Desktop\ebook ppt template.pptx - Shortcut.lnk
2012-09-01 14:00 - 2012-09-01 14:00 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-09-01 14:00 - 2012-09-01 14:00 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-09-01 14:00 - 2012-09-01 14:00 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-09-01 14:00 - 2012-09-01 14:00 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-08-31 11:41 - 2012-08-31 11:42 - 00000000 ____D C:\Users\beanefamily\AppData\Local\{01800BBC-B4E8-41D8-B8E8-D3CA78A43282}
2012-08-31 11:41 - 2012-08-31 11:41 - 00000000 ____D C:\Users\beanefamily\AppData\Local\{80B0BAC3-1576-4139-B8A4-7D28603A9A56}
2012-08-23 17:49 - 2012-08-23 17:49 - 00024916 ____A C:\Users\beanefamily\Desktop\Top 200 Pages.ods
2012-08-22 16:11 - 2012-08-30 07:10 - 00000000 ____D C:\Users\beanefamily\Desktop\toxic_files
2012-08-22 16:11 - 2012-08-22 16:11 - 00031001 ____A C:\Users\beanefamily\Desktop\toxic.html
2012-08-21 08:29 - 2012-09-10 09:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-15 16:38 - 2012-08-15 16:39 - 00415877 ____A C:\Windows\System32\Drivers\vsconfig.xml
2012-08-15 16:38 - 2012-08-15 16:38 - 00000000 ____D C:\Users\beanefamily\Documents\ForceField Shared Files
2012-08-15 16:38 - 2012-08-15 16:38 - 00000000 ____D C:\Users\beanefamily\AppData\Roaming\CheckPoint
2012-08-15 16:37 - 2012-08-15 16:37 - 00000762 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2012-08-15 16:37 - 2012-08-15 16:37 - 00000000 ____D C:\Program Files\CheckPoint
2012-08-15 16:33 - 2012-08-15 16:37 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2012-08-15 16:33 - 2012-08-15 16:33 - 00000000 ____D C:\Users\All Users\CheckPoint
2012-08-15 02:41 - 2012-08-15 02:41 - 00347424 ____A (Microsoft Corporation) C:\Users\beanefamily\Downloads\MicrosoftFixit.WindowsFirewall.RNP.107268455453418536.10.1.Run.exe
2012-08-14 22:21 - 2012-08-14 22:21 - 00000395 ____A C:\Users\beanefamily\Desktop\Repair.bat
2012-08-14 21:42 - 2012-08-14 21:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CAB35FB46DFE563
2012-08-14 21:33 - 2012-08-14 21:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.82D69D6FFE358E01
2012-08-14 21:24 - 2012-08-14 21:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9C414C00376AD2B
2012-08-14 21:10 - 2012-08-30 07:10 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-14 21:10 - 2012-08-30 07:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-14 08:24 - 2012-08-30 07:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

==================== 3 Months Modified Files ================================

2012-09-10 10:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-10 10:01 - 2009-07-13 20:51 - 16215905 ____A C:\Windows\setupact.log
2012-09-10 09:56 - 2009-07-13 21:13 - 00740032 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-10 09:47 - 2012-08-21 08:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-10 09:45 - 2010-08-25 11:34 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1984643604-3447289191-3548787238-1000UA.job
2012-09-10 09:06 - 2010-01-18 07:50 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-10 07:43 - 2010-01-11 16:39 - 01525458 ____A C:\Windows\WindowsUpdate.log
2012-09-10 07:41 - 2010-01-18 07:50 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-09 16:23 - 2009-07-13 20:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-09 16:23 - 2009-07-13 20:45 - 00014832 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-09 12:45 - 2010-08-25 11:34 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1984643604-3447289191-3548787238-1000Core.job
2012-09-08 15:49 - 2012-09-08 15:49 - 00017064 ____A C:\Users\beanefamily\Desktop\teatreesale.jpeg
2012-09-08 15:49 - 2007-10-18 20:59 - 01227776 _ASHC C:\Users\beanefamily\Desktop\Thumbs.db
2012-09-06 21:09 - 2012-09-06 21:09 - 00055633 ____A C:\Users\beanefamily\Desktop\Attach.txt
2012-09-06 21:09 - 2012-09-06 21:08 - 00031853 ____A C:\Users\beanefamily\Desktop\DDS.txt
2012-09-06 21:04 - 2012-09-06 21:04 - 00607260 ____R (Swearware) C:\Users\beanefamily\Desktop\dds.com
2012-09-06 21:02 - 2012-09-06 21:02 - 00000000 ____A C:\Users\beanefamily\defogger_reenable
2012-09-06 19:02 - 2012-09-06 19:02 - 00006355 ____A C:\Users\beanefamily\Desktop\virus help.txt
2012-09-06 17:51 - 2012-09-06 17:48 - 65137712 ____A (Microsoft Corporation) C:\Users\beanefamily\Downloads\mpam-fe.exe
2012-09-06 11:13 - 2012-09-06 11:13 - 02322184 ____A (ESET) C:\Users\beanefamily\Downloads\esetsmartinstaller_enu.exe
2012-09-06 10:57 - 2012-09-06 10:57 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-06 10:39 - 2012-09-06 10:39 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-06 10:32 - 2012-09-06 10:29 - 00004638 ____A C:\Users\beanefamily\Desktop\Rkill.txt
2012-09-05 11:46 - 2012-09-05 11:46 - 00001965 ____A C:\Users\beanefamily\Desktop\ebook ppt template.pptx - Shortcut.lnk
2012-09-03 08:37 - 2010-01-18 07:51 - 00002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-09-01 14:00 - 2012-09-01 14:00 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-09-01 14:00 - 2012-09-01 14:00 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-09-01 14:00 - 2012-09-01 14:00 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-09-01 14:00 - 2012-09-01 14:00 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-09-01 14:00 - 2010-04-17 05:47 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-08-30 07:57 - 2011-10-13 09:02 - 00060864 ____A C:\Users\beanefamily\g2mdlhlpx.exe
2012-08-23 17:49 - 2012-08-23 17:49 - 00024916 ____A C:\Users\beanefamily\Desktop\Top 200 Pages.ods
2012-08-22 16:11 - 2012-08-22 16:11 - 00031001 ____A C:\Users\beanefamily\Desktop\toxic.html
2012-08-21 19:13 - 2009-12-15 11:10 - 00085076 ____A C:\Windows\PFRO.log
2012-08-21 08:48 - 2012-04-01 16:58 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-21 08:48 - 2011-05-19 15:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-15 16:39 - 2012-08-15 16:38 - 00415877 ____A C:\Windows\System32\Drivers\vsconfig.xml
2012-08-15 16:37 - 2012-08-15 16:37 - 00000762 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2012-08-15 02:41 - 2012-08-15 02:41 - 00347424 ____A (Microsoft Corporation) C:\Users\beanefamily\Downloads\MicrosoftFixit.WindowsFirewall.RNP.107268455453418536.10.1.Run.exe
2012-08-14 22:21 - 2012-08-14 22:21 - 00000395 ____A C:\Users\beanefamily\Desktop\Repair.bat
2012-08-14 21:47 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-14 21:42 - 2012-08-14 21:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8CAB35FB46DFE563
2012-08-14 21:33 - 2012-08-14 21:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.82D69D6FFE358E01
2012-08-14 21:24 - 2012-08-14 21:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E9C414C00376AD2B
2012-08-14 21:12 - 2011-03-18 10:33 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-14 21:10 - 2010-08-02 22:21 - 00753626 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-08 08:43 - 2012-08-08 08:41 - 00001945 ____A C:\Users\Public\Desktop\e-Sword.lnk
2012-08-03 03:46 - 2011-03-18 10:29 - 59884088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-08-03 03:27 - 2010-01-21 08:21 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-13 21:14 - 2012-07-13 21:11 - 01424906 ____A C:\Users\beanefamily\Desktop\sunshine2Dollars.bmp
2012-07-12 02:11 - 2009-07-13 20:45 - 00543528 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 02:06 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-12 02:05 - 2012-07-12 02:05 - 00264856 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-11 16:03 - 2012-07-11 16:00 - 68300800 ____A C:\Users\beanefamily\Downloads\Seagate Replica Recovery 5245.iso
2012-07-11 15:49 - 2012-07-11 15:46 - 82778089 ____A C:\Users\beanefamily\Downloads\Replica_Installation.zip
2012-07-03 12:46 - 2012-09-06 10:39 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-25 15:04 - 2012-06-25 15:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-21 14:35 - 2010-11-17 11:01 - 00562870 ____A C:\Users\beanefamily\Documents\ViewerX.alb

ZeroAccess:
C:\Windows\Installer\{873d31d4-2ee6-c27e-84f8-a417eec45873}
C:\Windows\Installer\{873d31d4-2ee6-c27e-84f8-a417eec45873}\@
C:\Windows\Installer\{873d31d4-2ee6-c27e-84f8-a417eec45873}\L
C:\Windows\Installer\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U
C:\Windows\Installer\{873d31d4-2ee6-c27e-84f8-a417eec45873}\L\00000004.@
C:\Windows\Installer\{873d31d4-2ee6-c27e-84f8-a417eec45873}\L\201d3dde

ZeroAccess:
C:\Users\beanefamily\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}
C:\Users\beanefamily\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\@
C:\Users\beanefamily\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\L
C:\Users\beanefamily\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-29 19:47:37
Restore point made on: 2012-08-30 07:02:55
Restore point made on: 2012-09-01 13:59:13
Restore point made on: 2012-09-08 20:00:25

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4095.18 MB
Available physical RAM: 3458.25 MB
Total Pagefile: 4093.32 MB
Available Pagefile: 3457.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:698.54 GB) (Free:498.97 GB) NTFS
8 Drive k: (KIMS BACKUP) (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 1024 KB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 698 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 698 GB Healthy

==================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 6
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K KIMS BACKUP FAT32 Removable 7633 MB Healthy

==================================================================================

Last Boot: 2012-09-06 16:33

==================== End Of Log =============================


And here is the search.txt file

---------------
Farbar Recovery Scan Tool (x64) Version: 08-09-2012
Ran by SYSTEM at 2012-09-10 11:10:41
Running from K:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-08-14 21:47] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:22 AM

Posted 10 September 2012 - 02:05 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{873d31d4-2ee6-c27e-84f8-a417eec45873}
C:\Users\beanefamily\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 siskiyou

siskiyou
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 10 September 2012 - 03:04 PM

Thank you again, here are the results

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2012
Ran by SYSTEM at 2012-09-10 12:52:59 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{873d31d4-2ee6-c27e-84f8-a417eec45873} moved successfully.
C:\Users\beanefamily\AppData\Local\{873d31d4-2ee6-c27e-84f8-a417eec45873} moved successfully.

==== End of Fixlog ====

UPDATE:=======

I ran ComboFix, but it has stalled out and is on the screen that says "Preparing Log Report". It has been stuck there for nearly 30 minutes. What next?

Edited by siskiyou, 10 September 2012 - 04:28 PM.


#6 siskiyou

siskiyou
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 10 September 2012 - 04:44 PM

Help, the combofix has stalled at the preparing report screen. Now stalled for about 45 minutes

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:22 AM

Posted 10 September 2012 - 05:17 PM

open task manager (ctrl + alt + del) and end process on pev.exe, sed.exe or cfxxx.3xe if you see them


then run the following tools instead


  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    Posted Image
  • Next click on the ShortcutsFix
    Posted Image
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.


NEXT


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 siskiyou

siskiyou
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 10 September 2012 - 05:38 PM

Anything I click on gives me a warning "Illegal operation attempted on a registry key that has been marked for deletion"

this includes internet connections, so I downloaded the file on another computer to a usb drive and transferred it to my computer, but had the same warning

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:22 AM

Posted 10 September 2012 - 06:17 PM

reboot and that error message will go away

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 siskiyou

siskiyou
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 13 September 2012 - 11:36 AM

Sorry its been a few days, been really busy. During its scan yesterday, Microsoft Security Essential found this item, which I quarantined but have not yet removed. I have run the Rogue Killer, and here are the files following the info from MSE.

Trojan:Win32/Sirefef!cfg

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
file:C:\FRST\Quarantine\{873d31d4-2ee6-c27e-84f8-a417eec45873}\@
file:C:\FRST\Quarantine\{873d31d4-2ee6-c27e-84f8-a417eec45873}\{873d31d4-2ee6-c27e-84f8-a417eec45873}\@


-------------------------

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : beanefamily [Admin rights]
Mode : Scan -- Date : 09/13/2012 09:23:20

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_1.exe" ("C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_1.exe") -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_3.exe" ("C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_3.exe") -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_4.exe" ("C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_4.exe") -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_5.exe" ("C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_5.exe") -> FOUND
[TASK][SUSP PATH] {5E750F87-7EB6-4588-9F2A-8B8BC22E122E} : C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_1.exe -> FOUND
[TASK][SUSP PATH] {9A288188-50D1-41D2-92E2-B0041B910BC1} : C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_3.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\TEATRE~1.SCR) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500AADS-00M2B0 ATA Device +++++
--- User ---
[MBR] 1aeda737b014c73082f52e0f4daaacb4
[BSP] 3851ca12253cef065ff74df01bf9968e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715301 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


-----------------------------

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : beanefamily [Admin rights]
Mode : Remove -- Date : 09/13/2012 09:24:16

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_1.exe" ("C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_1.exe") -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_3.exe" ("C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_3.exe") -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_4.exe" ("C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_4.exe") -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : "C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_5.exe" ("C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_5.exe") -> DELETED
[TASK][SUSP PATH] {5E750F87-7EB6-4588-9F2A-8B8BC22E122E} : C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_1.exe -> DELETED
[TASK][SUSP PATH] {9A288188-50D1-41D2-92E2-B0041B910BC1} : C:\Users\beanefamily\Desktop\Piano Lessons\pattern_piano_and_keyboard_installer_3.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\TEATRE~1.SCR) -> REPLACED (C:\Windows\system32\logon.scr)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500AADS-00M2B0 ATA Device +++++
--- User ---
[MBR] 1aeda737b014c73082f52e0f4daaacb4
[BSP] 3851ca12253cef065ff74df01bf9968e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715301 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


----------------------------------

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : beanefamily [Admin rights]
Mode : Shortcuts HJfix -- Date : 09/13/2012 09:27:22

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 33 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 576 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 193 / Fail 0
My documents: Success 13 / Fail 13
My favorites: Success 0 / Fail 0
My pictures: Success 2 / Fail 0
My music: Success 62 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 100 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[K:] \Device\HarddiskVolume7 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


-------------
OTL FILES
-------------

OTL logfile created on: 9/13/2012 9:38:35 AM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\beanefamily\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.05% Memory free
8.00 Gb Paging File | 6.04 Gb Available in Paging File | 75.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 510.45 Gb Free Space | 73.07% Space Free | Partition Type: NTFS

Computer Name: BEANEFAMILY-PC | User Name: beanefamily | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/09/13 09:29:44 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\beanefamily\Desktop\OTL.exe
PRC - [2012/08/29 19:58:46 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/08/29 12:53:06 | 001,193,176 | ---- | M] () -- C:\Users\beanefamily\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/04 13:07:07 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/09/29 07:56:56 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/28 17:34:38 | 001,508,248 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 17:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 17:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/07/30 16:05:58 | 000,497,000 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/06 01:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/01/12 10:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/03/31 05:52:20 | 000,520,192 | ---- | M] (Sagem-Interstar Inc.) -- C:\Program Files (x86)\OneSuiteFax\Client\SendMng.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/29 12:53:06 | 001,193,176 | ---- | M] () -- C:\Users\beanefamily\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/09/29 07:56:56 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/07/28 17:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 17:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/06/23 18:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 18:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 18:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 18:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 17:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2009/08/26 06:29:28 | 000,150,016 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
MOD - [2009/07/13 18:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/03/26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2008/12/22 10:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/14 07:01:26 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV:64bit: - [2012/07/11 11:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/09/08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2011/09/08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/17 18:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/02/09 15:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2012/09/07 13:44:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/21 09:48:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/03 12:37:56 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/11 18:08:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/12/16 20:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/10 20:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/14 07:01:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012/05/22 14:26:10 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/10 14:56:21 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/11/13 10:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/09/30 07:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 01:55:20 | 001,207,808 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 18:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2007/02/16 12:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.teatreewonders.com/
IE - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLA_en
IE - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\..\SearchScopes\{73FD7272-9149-4236-9DFC-EE41354D4436}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\..\SearchScopes\Yahoo!: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
IE - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "SquidUtils Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2146233&SearchSource=3&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.teatreewonders.com "
FF - prefs.js..extensions.enabledAddons: fireform@mozilla.org:0.7.4
FF - prefs.js..extensions.enabledAddons: kwtr-for-firefox@klout.com:1.6
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: rankchecker@seobook.com:1.8.20
FF - prefs.js..extensions.enabledAddons: seo4firefox@seobook.com:3.6.5
FF - prefs.js..extensions.enabledAddons: seotoolbar@seobook.com:1.1.36
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: tabletools2@mingyi.org:1.17
FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: toolbar@alexa.com:2.15
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8.1
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.14
FF - prefs.js..extensions.enabledAddons: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledAddons: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.41
FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.6
FF - prefs.js..extensions.enabledAddons: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.12.9.1
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: {db7a1b0e-2c9e-4ad3-a2fd-21907ef2c9d1}:3.15.1.0
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:2.11
FF - prefs.js..extensions.enabledItems: {b92d6e49-3672-4c79-80b1-b0b4465e2025}:1.1.51
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36
FF - prefs.js..extensions.enabledItems: seo-blogger@wordtracker.com:1.0.4
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: seoquake-plugin-seolinx@seoquake.com:1.0.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {db7a1b0e-2c9e-4ad3-a2fd-21907ef2c9d1}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: fireform@mozilla.org:0.7.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..network.proxy.autoconfig_url: "http://63.174.40.140/"
FF - prefs.js..network.proxy.http: "www.example.com"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files (x86)\OpenOffice.org 3\program [2011/10/20 17:54:29 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\beanefamily\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\beanefamily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\beanefamily\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\beanefamily\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\beanefamily\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/08/15 17:38:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files (x86)\PayPal\PayPal Plug-In [2010/01/20 09:56:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/30 08:10:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/30 08:10:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/08/30 08:10:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 13:44:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 13:44:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/04 13:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\beanefamily\AppData\Roaming\Move Networks [2010/01/27 08:33:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 13:44:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 13:44:15 | 000,000,000 | ---D | M]

[2010/09/27 16:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Extensions
[2010/09/27 16:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/09/06 18:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions
[2010/04/28 20:34:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/30 08:10:11 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/01/17 19:27:43 | 000,000,000 | ---D | M] ("del.icio.us") -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2012/07/31 22:37:23 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/01/17 19:27:43 | 000,000,000 | ---D | M] ("Compete Browser Extension") -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{b92d6e49-3672-4c79-80b1-b0b4465e2025}
[2011/01/26 18:14:19 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2012/09/06 18:32:39 | 000,000,000 | ---D | M] (Twittin Secrets Twitter Tips Community Toolbar) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{db7a1b0e-2c9e-4ad3-a2fd-21907ef2c9d1}
[2012/08/30 08:10:10 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/03/29 09:06:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\engine@conduit.com
[2010/09/09 14:01:25 | 000,000,000 | ---D | M] (fireform) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\fireform@mozilla.org
[2011/03/21 08:14:20 | 000,000,000 | ---D | M] (Personas) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\personas@christopher.beard
[2010/03/19 17:03:19 | 000,000,000 | ---D | M] (SEO Blogger) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\seo-blogger@wordtracker.com
[2010/01/17 19:27:21 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\seoquake-plugin-seolinx@seoquake.com
[2012/06/20 11:59:56 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\support@lastpass.com
[2012/05/10 11:32:42 | 000,000,000 | ---D | M] ("TableTools2") -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\tabletools2@mingyi.org
[2011/02/17 08:33:19 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\tineye@ideeinc.com
[2012/09/01 14:53:36 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\firebug@software.joehewitt.com.xpi
[2012/05/18 20:41:42 | 000,083,321 | ---- | M] () (No name found) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\kwtr-for-firefox@klout.com.xpi
[2012/04/28 19:21:29 | 000,158,974 | ---- | M] () (No name found) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\rankchecker@seobook.com.xpi
[2012/08/09 08:47:11 | 000,087,184 | ---- | M] () (No name found) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\seo4firefox@seobook.com.xpi
[2012/07/31 22:37:23 | 000,221,589 | ---- | M] () (No name found) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\seotoolbar@seobook.com.xpi
[2012/04/20 13:21:05 | 000,344,888 | ---- | M] () (No name found) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\toolbar@alexa.com.xpi
[2012/07/31 22:37:23 | 000,375,811 | ---- | M] () (No name found) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/09/05 14:11:39 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/05/30 12:00:47 | 000,068,479 | ---- | M] () (No name found) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2012/09/02 14:45:49 | 000,699,353 | ---- | M] () (No name found) -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/09/09 12:31:48 | 000,001,243 | ---- | M] () -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\searchplugins\a9.xml
[2009/01/23 23:53:12 | 000,000,882 | ---- | M] () -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\searchplugins\conduit.xml
[2012/04/13 08:15:19 | 000,000,836 | ---- | M] () -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\searchplugins\live-search.xml
[2012/09/10 21:00:32 | 000,012,804 | ---- | M] () -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\searchplugins\majestic-seo.xml
[2012/09/09 12:31:48 | 000,001,540 | ---- | M] () -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\searchplugins\swagbuckscom.xml
[2012/04/20 13:21:45 | 000,001,540 | ---- | M] () -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\searchplugins\web-search-powered-by-google.xml
[2008/06/23 15:10:34 | 000,000,681 | ---- | M] () -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\searchplugins\webster.xml
[2008/04/28 15:33:37 | 000,005,595 | ---- | M] () -- C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\searchplugins\wordtracker.xml
[2012/09/07 13:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/07 13:44:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/07 13:44:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 13:44:44 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/04 13:07:23 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/08/29 08:31:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/29 08:31:47 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - homepage: http://sitezmeter.appspot.com/
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\beanefamily\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\beanefamily\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\beanefamily\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\beanefamily\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: SEOquake = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.7_0\
CHR - Extension: Angry Birds = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Web Developer = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0\
CHR - Extension: mflow = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbdhghmpdfnpbikmfalkpkpokbaekgp\1.0.0.3_0\
CHR - Extension: Audiotool = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0\
CHR - Extension: Pixlr Grabber - Screen capture/image grabbing = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn\1.0_0\
CHR - Extension: Flag for Chrome = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpojpfdiliekbbiplijcphappgcgjfn\0.4.1_0\
CHR - Extension: Google Webspam Report (by Google) = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj\2.5.1_0\
CHR - Extension: Silver Bird = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.8.12_0\
CHR - Extension: LastPass = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.11_0\
CHR - Extension: kuber = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhgojllinjdfbjknbpfcladgieljgoab\1.4.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: InvisibleHand = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.8.16_0\
CHR - Extension: Skype Click to Call = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Poppit = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Aviary = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncgcgghbabbopfcpgcjpfffdgnbadegf\0.59.0_0\
CHR - Extension: Shuffler.fm = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgfhnajhpjmlbfpieplfnocnodbkcfh\0.0.0.2_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0\
CHR - Extension: Google Global = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\1.0_0\
CHR - Extension: Palette for Chrome = C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod\1.5.2_0\

O1 HOSTS File: ([2012/09/10 13:53:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files (x86)\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files (x86)\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [ClamWin] "J:\ClamWin\bin\ClamTray.exe" --logon File not found
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [sendmng] C:\Program Files (x86)\OneSuiteFax\Client\SendMng.exe (Sagem-Interstar Inc.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000..\Run: [9CA80AC142B2FBF0828A9ED353D1774EE78E25A6._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000..\Run: [IBP] File not found
O4 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000..\Run: [Spotify Web Helper] C:\Users\beanefamily\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: ["C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_3.exe"] C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_3.exe (Indigo Rose Corporation http://www.indigorose.com)
O4 - HKLM..\RunOnce: ["C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_4.exe"] C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_4.exe (Indigo Rose Corporation http://www.indigorose.com)
O4 - HKLM..\RunOnce: ["C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_5.exe"] C:\Users\beanefamily\Documents\My Received Files\Piano Lessons\repaired files\pattern_piano_and_keyboard_installer_5.exe (Indigo Rose Corporation http://www.indigorose.com)
O4 - Startup: C:\Users\beanefamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\..Trusted Domains: download.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-1984643604-3447289191-3548787238-1000\..Trusted Domains: sitesell.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40620.4798842593 (Update Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC1E2D7-7761-4688-8396-B5C25A332D94}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/13 09:29:43 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\beanefamily\Desktop\OTL.exe
[2012/09/13 09:20:22 | 000,000,000 | ---D | C] -- C:\Users\beanefamily\Desktop\RK_Quarantine
[2012/09/10 13:53:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/10 13:31:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/10 13:31:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/10 13:31:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/10 13:31:28 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/10 13:14:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/10 13:14:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/10 13:00:25 | 004,748,983 | R--- | C] (Swearware) -- C:\Users\beanefamily\Desktop\ComboFix.exe
[2012/09/10 12:08:08 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/07 13:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/06 22:04:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\beanefamily\Desktop\dds.com
[2012/09/06 12:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/09/06 11:57:20 | 000,000,000 | ---D | C] -- C:\Users\beanefamily\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/06 11:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/06 11:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/06 11:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/06 11:39:31 | 000,000,000 | ---D | C] -- C:\Users\beanefamily\AppData\Roaming\Malwarebytes
[2012/09/06 11:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/06 11:39:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/06 11:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/06 11:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/06 11:31:43 | 000,000,000 | ---D | C] -- C:\Users\beanefamily\Desktop\rkill
[2012/08/31 12:41:52 | 000,000,000 | ---D | C] -- C:\Users\beanefamily\AppData\Local\{01800BBC-B4E8-41D8-B8E8-D3CA78A43282}
[2012/08/31 12:41:34 | 000,000,000 | ---D | C] -- C:\Users\beanefamily\AppData\Local\{80B0BAC3-1576-4139-B8A4-7D28603A9A56}
[2012/08/22 17:11:46 | 000,000,000 | ---D | C] -- C:\Users\beanefamily\Desktop\toxic_files
[2012/08/15 17:38:11 | 000,000,000 | ---D | C] -- C:\Users\beanefamily\Documents\ForceField Shared Files
[2012/08/15 17:38:07 | 000,000,000 | ---D | C] -- C:\Users\beanefamily\AppData\Roaming\CheckPoint
[2012/08/15 17:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/08/15 17:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/08/15 17:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2012/08/15 17:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/08/14 22:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/14 22:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/22 16:27:20 | 014,646,304 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2012/09/13 09:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/13 09:45:05 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1984643604-3447289191-3548787238-1000UA.job
[2012/09/13 09:29:44 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\beanefamily\Desktop\OTL.exe
[2012/09/13 09:22:16 | 001,378,816 | ---- | M] () -- C:\Users\beanefamily\Desktop\RogueKiller.exe
[2012/09/13 09:15:21 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 09:15:21 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 09:11:52 | 000,740,032 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/13 09:11:52 | 000,633,336 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/13 09:11:52 | 000,110,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/13 09:06:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/13 09:05:59 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/13 09:05:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/13 09:04:57 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 13:45:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1984643604-3447289191-3548787238-1000Core.job
[2012/09/12 11:17:14 | 000,543,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/10 13:53:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/10 13:00:50 | 004,748,983 | R--- | M] (Swearware) -- C:\Users\beanefamily\Desktop\ComboFix.exe
[2012/09/08 16:49:21 | 000,017,064 | ---- | M] () -- C:\Users\beanefamily\Desktop\teatreesale.jpeg
[2012/09/07 22:57:03 | 000,002,048 | ---- | M] () -- C:\Users\beanefamily\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/06 22:04:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\beanefamily\Desktop\dds.com
[2012/09/06 22:02:23 | 000,000,000 | ---- | M] () -- C:\Users\beanefamily\defogger_reenable
[2012/09/06 11:57:13 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/06 11:39:02 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/03 09:37:34 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/31 23:38:48 | 000,094,535 | ---- | M] () -- C:\Users\beanefamily\Desktop\family-picture.jpg
[2012/08/23 18:49:10 | 000,024,916 | ---- | M] () -- C:\Users\beanefamily\Desktop\Top 200 Pages.ods
[2012/08/22 17:11:47 | 000,031,001 | ---- | M] () -- C:\Users\beanefamily\Desktop\toxic.html
[2012/08/22 17:04:27 | 000,027,765 | ---- | M] () -- C:\Users\beanefamily\Desktop\vanayssa-letter.png
[2012/08/15 17:39:18 | 000,415,877 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/08/15 17:37:37 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2012/08/14 23:21:51 | 000,000,395 | ---- | M] () -- C:\Users\beanefamily\Desktop\Repair.bat
[2012/08/14 22:12:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/14 22:10:55 | 000,753,626 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/09/13 09:21:58 | 001,378,816 | ---- | C] () -- C:\Users\beanefamily\Desktop\RogueKiller.exe
[2012/09/10 13:31:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/10 13:31:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/10 13:31:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/10 13:31:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/10 13:31:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/08 16:49:34 | 000,017,064 | ---- | C] () -- C:\Users\beanefamily\Desktop\teatreesale.jpeg
[2012/09/06 22:02:23 | 000,000,000 | ---- | C] () -- C:\Users\beanefamily\defogger_reenable
[2012/09/06 11:57:13 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/06 11:39:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/31 14:03:08 | 000,094,535 | ---- | C] () -- C:\Users\beanefamily\Desktop\family-picture.jpg
[2012/08/23 18:49:08 | 000,024,916 | ---- | C] () -- C:\Users\beanefamily\Desktop\Top 200 Pages.ods
[2012/08/22 17:11:46 | 000,031,001 | ---- | C] () -- C:\Users\beanefamily\Desktop\toxic.html
[2012/08/22 17:04:22 | 000,027,765 | ---- | C] () -- C:\Users\beanefamily\Desktop\vanayssa-letter.png
[2012/08/21 09:29:20 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/15 17:38:10 | 000,415,877 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/08/15 17:37:37 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2012/08/14 23:21:50 | 000,000,395 | ---- | C] () -- C:\Users\beanefamily\Desktop\Repair.bat
[2012/08/14 22:11:03 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/16 11:11:01 | 000,002,920 | ---- | C] () -- C:\Users\beanefamily\.recently-used.xbel
[2011/12/16 18:21:02 | 000,000,013 | ---- | C] () -- C:\Users\beanefamily\.ssid
[2011/09/13 07:47:56 | 000,000,000 | ---- | C] () -- C:\Users\beanefamily\AppData\Local\{4E66B4BE-6E9A-4149-9E85-CE2A9A0C3E53}
[2011/04/13 10:32:43 | 000,001,099 | ---- | C] () -- C:\Users\beanefamily\AppData\Roaming\ShiftN.ini
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/19 12:26:58 | 000,008,704 | ---- | C] () -- C:\Users\beanefamily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/28 19:24:17 | 000,281,040 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/27 16:52:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/09 09:51:38 | 000,184,140 | ---- | C] () -- C:\Users\beanefamily\receipt-01.jpg
[2010/06/23 11:19:30 | 000,000,000 | ---- | C] () -- C:\Users\beanefamily\.gtk-bookmarks
[2010/02/18 22:41:09 | 000,007,620 | ---- | C] () -- C:\Users\beanefamily\AppData\Local\Resmon.ResmonCfg
[2009/04/07 17:31:40 | 000,363,430 | ---- | C] () -- C:\Users\beanefamily\.ranktracker.properties
[2008/10/05 12:56:16 | 001,646,950 | ---- | C] () -- C:\Users\beanefamily\.websiteauditor.properties
[2008/10/01 21:25:24 | 000,447,842 | ---- | C] () -- C:\Users\beanefamily\.spyglass.properties
[2008/07/23 16:16:35 | 000,049,784 | ---- | C] () -- C:\Users\beanefamily\WDL.xml
[2008/02/17 13:58:15 | 000,010,860 | ---- | C] () -- C:\Users\beanefamily\test.wmv

========== LOP Check ==========

[2012/02/09 08:06:28 | 000,000,000 | ---D | M] -- C:\Users\Asher\AppData\Roaming\AMS
[2012/02/09 08:06:24 | 000,000,000 | ---D | M] -- C:\Users\Asher\AppData\Roaming\Epson
[2012/02/28 16:49:08 | 000,000,000 | ---D | M] -- C:\Users\Asher\AppData\Roaming\LastPass
[2012/02/09 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\Asher\AppData\Roaming\MAGIX
[2012/02/09 12:42:40 | 000,000,000 | ---D | M] -- C:\Users\Asher\AppData\Roaming\Spotify
[2012/02/09 08:06:11 | 000,000,000 | ---D | M] -- C:\Users\Asher\AppData\Roaming\Wacom
[2012/02/09 08:23:54 | 000,000,000 | ---D | M] -- C:\Users\Asher\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010/07/22 08:34:10 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\.oit
[2010/02/18 14:13:39 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\Amazon
[2011/05/13 12:10:38 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\AMS
[2012/06/13 18:28:48 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\Audacity
[2010/02/15 12:45:52 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\BITS
[2010/11/03 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\Canneverbe Limited
[2012/08/15 17:38:07 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\CheckPoint
[2011/04/17 15:10:54 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/11 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\Digiarty
[2011/10/18 08:54:48 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\eBookPro6
[2011/08/11 17:49:25 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\Epson
[2011/07/16 09:50:28 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\eTeks
[2010/02/08 13:45:41 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\FlashGet
[2010/02/08 13:45:39 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\FlashGetBHO
[2010/12/23 14:42:26 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\Foxit Software
[2012/05/16 11:11:01 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\gtk-2.0
[2011/04/10 14:52:18 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\IBP
[2010/10/26 13:58:56 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\InfraRecorder
[2010/02/10 17:40:51 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\IrfanView
[2010/07/20 12:56:29 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\KompoZer
[2010/01/17 17:01:17 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\Leadertech
[2011/03/18 12:57:25 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\MAGIX
[2010/10/28 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\MarketMeTweet
[2011/09/01 10:55:43 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/05/24 08:33:21 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\NewSoft
[2012/08/30 08:10:10 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\NoteTab Light
[2010/01/18 14:27:55 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\OpenOffice.org
[2011/03/19 08:46:37 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\PanoramaStudio2
[2011/06/23 09:07:38 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\Pixetell
[2010/12/11 13:25:38 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\SourceTec
[2012/09/08 16:37:59 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\Spotify
[2010/09/27 16:52:18 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\Thunderbird
[2011/04/17 22:53:14 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\Wacom
[2011/04/17 22:53:16 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010/08/24 09:22:56 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\webex
[2010/01/27 10:54:45 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\Windows Live Writer
[2011/08/16 17:20:32 | 000,000,000 | ---D | M] -- C:\Users\beanefamily\AppData\Roaming\XMedius
[2012/04/01 17:54:49 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2008/04/29 08:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe

< MD5 for: SERVICES.EXE >
[2012/08/14 22:47:06 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2012/08/14 22:47:06 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2008/07/01 06:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2008/07/01 06:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD7500AADS-00M2B0 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: EPSON Storage USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 699.00GB
Starting Offset: 105906176
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2D6E5D55

< End of report >
-------------------------------------------------
------------------------------------------------
-------------------------------------------------





OTL Extras logfile created on: 9/13/2012 9:38:35 AM - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\beanefamily\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.05% Memory free
8.00 Gb Paging File | 6.04 Gb Available in Paging File | 75.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 510.45 Gb Free Space | 73.07% Space Free | Partition Type: NTFS

Computer Name: BEANEFAMILY-PC | User Name: beanefamily | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1984643604-3447289191-3548787238-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32229D57-F563-40D1-A02C-D1DDD40090CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CABF6F32-E69E-4D99-9E07-1ACC1D754B75}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E749AEB-5A19-43BA-BB20-3CBB37539FE5}" = Paint.NET v3.10
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD67869B-C97B-4F2C-AD80-ABF130238441}" = Oracle VM VirtualBox 4.1.16
"5814-3494-4319-2342" = screen-scraper basic edition
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"EPSON Artisan 810 Series" = EPSON Artisan 810 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Pen Tablet Driver" = Bamboo
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{118071AB-6572-4FAD-A1FD-67264C994350}" = e-Sword
"{185E5BA3-64B1-4BE2-8326-923D3483CA83}_is1" = Sothink DVD Ripper
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{334799B1-527F-475B-AF19-658124E2BE24}" = ZoneAlarm Security
"{33EFA143-451E-41B6-8D9B-6E2055C6C879}" = Pixetell
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D6CE6CE-E1C1-47C9-A734-78C53EBA5255}" = Xara Web Designer 6
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{445C3B1B-2C9B-441E-92E0-BD0868E710A1}" = Download Navigator
"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58162CD2-CA5D-4418-9ADF-8BA44AD63A92}" = Market Samurai
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B9AB54F-813A-2677-8BB1-2CDAD1975C91}" = MarketMeSuite
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DC78921-0A7C-49DF-A0EC-6B4A50918B5D}" = Xara Designer Pro 6
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin
"{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE
"{757E0E87-8F54-46FD-BA00-54CCF341F4A9}" = ArcSoft Print Creations
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}" = Microsoft Small Basic v1.0
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96A3ECEA-844C-4693-A3D7-1066D561FEE6}" = Xara Web Designer 6 Content
"{9921C67F-CF6D-431E-B554-40075B8C6C10}" = Kodu Game Lab
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9DF0BE48-16F0-4E36-814D-9B4FDFFAF25F}" = PayPal Plug-In
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AD799836-6B74-419B-A869-C326CA86ECCF}" = ZoneAlarm Firewall
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
"{C09F1573-6262-47F2-8B90-5B2290A58B12}" = MAGIX Speed 2 (MSI)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
"{E33956B7-301C-429D-9E6C-2C12EACB8A62}" = NWZ-E340 WALKMAN Guide
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Algebra 1 Teaching Textbook" = Algebra 1 Teaching Textbook
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AudioCS" = Creative Audio Control Panel
"AviSynth" = AviSynth 2.5
"Bamboo Dock" = Bamboo Dock
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"BelkinDailyDj" = Belkin Daily DJ
"BelkinLabeler" = Belkin Music Labeler
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Directory Submitter_is1" = Directory Submitter 1.0.29
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"FileZilla" = FileZilla (remove only)
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HaaliMkx" = Haali Media Splitter
"Host OpenAL" = Host OpenAL
"IBP11_is1" = IBP 11.7.4
"InfraRecorder" = InfraRecorder
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastPass" = LastPass (uninstall only)
"MAGIX Screenshare US" = MAGIX Screenshare
"MAGIX_MSI_Xara_Web_Designer_6" = Xara Web Designer 6
"MAGIX_MSI_XtremePro6" = Xara Designer Pro 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MarketMeTweet" = MarketMeSuite
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Math 7 Teaching Textbook" = Math 7 Teaching Textbook
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Music Mover_is1" = Music Mover
"NoteTab Light 6_is1" = NoteTab Light 6 (Remove only)
"OneSuite Fax" = OneSuite Fax 2009-07
"Pattern Piano and Keyboard 4.0 - Full Version4.0" = Pattern Piano and Keyboard 4.0 - Full Version
"PROR" = Microsoft Office Professional 2007
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.85
"SimCity 3000" = SimCity 3000
"Spotify" = Spotify
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WebCEO70_is1" = Web CEO 8.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.0.0
"WinX Free DVD Ripper_is1" = WinX Free DVD Ripper 4.5.10
"XviD & MP3 Codec Pack_is1" = XviD & MP3 Codec Pack (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1984643604-3447289191-3548787238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.3.0.977
"Move Media Player" = Move Media Player
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Ontier.Pixetell" = Pixetell
"Spotify" = Spotify
"Sweet Home 3D" = Sweet Home 3D

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/29/2011 1:58:58 AM | Computer Name = beanefamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 999

Error - 11/29/2011 1:58:58 AM | Computer Name = beanefamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999

Error - 11/29/2011 1:58:59 AM | Computer Name = beanefamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/29/2011 1:58:59 AM | Computer Name = beanefamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2137

Error - 11/29/2011 1:58:59 AM | Computer Name = beanefamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2137

Error - 11/29/2011 1:59:00 AM | Computer Name = beanefamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/29/2011 1:59:00 AM | Computer Name = beanefamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3136

Error - 11/29/2011 1:59:00 AM | Computer Name = beanefamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3136

Error - 11/29/2011 1:59:01 AM | Computer Name = beanefamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/29/2011 1:59:01 AM | Computer Name = beanefamily-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4134

[ Media Center Events ]
Error - 6/21/2010 10:24:27 AM | Computer Name = beanefamily-PC | Source = MCUpdate | ID = 0
Description = 7:24:27 AM - Error connecting to the internet. 7:24:27 AM - Unable
to contact server..

Error - 6/21/2010 10:24:58 AM | Computer Name = beanefamily-PC | Source = MCUpdate | ID = 0
Description = 7:24:56 AM - Error connecting to the internet. 7:24:56 AM - Unable
to contact server..

Error - 12/3/2010 3:02:38 AM | Computer Name = beanefamily-PC | Source = MCUpdate | ID = 0
Description = 11:02:38 PM - Failed to retrieve Directory (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

Error - 12/22/2010 4:01:28 AM | Computer Name = beanefamily-PC | Source = MCUpdate | ID = 0
Description = 12:01:27 AM - Failed to retrieve Directory (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 12/22/2010 4:01:28 AM | Computer Name = beanefamily-PC | Source = MCUpdate | ID = 0
Description = 12:01:28 AM - Failed to retrieve NetTV (Error: The remote name could
not be resolved: 'data.tvdownload.microsoft.com')

Error - 12/22/2010 4:01:28 AM | Computer Name = beanefamily-PC | Source = MCUpdate | ID = 0
Description = 12:01:28 AM - Failed to retrieve MCESpotlight (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 12/22/2010 4:01:28 AM | Computer Name = beanefamily-PC | Source = MCUpdate | ID = 0
Description = 12:01:28 AM - Failed to retrieve MCEClientUX (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 12/22/2010 4:01:29 AM | Computer Name = beanefamily-PC | Source = MCUpdate | ID = 0
Description = 12:01:28 AM - Failed to retrieve SportsSchedule (Error: The remote
name could not be resolved: 'data.tvdownload.microsoft.com')

Error - 12/22/2010 4:01:29 AM | Computer Name = beanefamily-PC | Source = MCUpdate | ID = 0
Description = 12:01:29 AM - Failed to retrieve SportsV2 (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 12/22/2010 4:01:41 AM | Computer Name = beanefamily-PC | Source = MCUpdate | ID = 0
Description = 12:01:29 AM - Failed to retrieve Broadband (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

[ OSession Events ]
Error - 9/13/2011 12:37:17 PM | Computer Name = beanefamily-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/12/2012 2:24:30 PM | Computer Name = beanefamily-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
1.135.949.0).

Error - 9/13/2012 2:57:04 AM | Computer Name = beanefamily-PC | Source = DCOM | ID = 10010
Description =

Error - 9/13/2012 12:02:57 PM | Computer Name = beanefamily-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/13/2012 12:03:42 PM | Computer Name = beanefamily-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 9/13/2012 12:03:46 PM | Computer Name = beanefamily-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32

Error - 9/13/2012 12:04:55 PM | Computer Name = beanefamily-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/13/2012 12:05:35 PM | Computer Name = beanefamily-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 9/13/2012 12:05:41 PM | Computer Name = beanefamily-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32

Error - 9/13/2012 12:12:34 PM | Computer Name = beanefamily-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 9/13/2012 12:12:46 PM | Computer Name = beanefamily-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
1.135.949.0).


< End of report >

Edited by siskiyou, 13 September 2012 - 11:58 AM.


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:22 AM

Posted 13 September 2012 - 07:03 PM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

Please download Farbar Service Scanner and run it
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.



NEXT

Please advise how the computer is running and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 siskiyou

siskiyou
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 14 September 2012 - 02:06 AM

Thank You for all the help, I have wasted so much time before you started to help me, I am so very thankful for all that you have done. The computer seems to be running fine, and I once again have the ability to turn on or off the firewall. The Microsoft Security Essentials says it updated just two minutes ago, but I cannot start the Windows Defender service. The Error code says "Access is denied. (Error Code: 0x80070005)"

The reports are as follows.

# AdwCleaner v2.001 - Logfile created 09/13/2012 at 23:46:32
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : beanefamily - BEANEFAMILY-PC
# Boot Mode : Normal
# Running from : C:\Users\beanefamily\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\toolbar@alexa.com.xpi
File Deleted : C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\searchplugins\Conduit.xml
Folder Deleted : C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\Conduit
Folder Deleted : C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\ConduitEngine
Folder Deleted : C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\CT2103525
Folder Deleted : C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\{db7a1b0e-2c9e-4ad3-a2fd-21907ef2c9d1}
Folder Deleted : C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\extensions\engine@conduit.com

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\beanefamily\AppData\Roaming\Mozilla\Firefox\Profiles\y9e083i7.default\prefs.js

Deleted : user_pref("CT2103525..clientLogIsEnabled", false);
Deleted : user_pref("CT2103525..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2103525..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2103525.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2103525.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2103525.CTID", "CT2103525");
Deleted : user_pref("CT2103525.CommunitiesChangesLastCheckTime", "Thu Sep 13 2012 23:38:35 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2103525.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Deleted : user_pref("CT2103525.CommunityChanged", true);
Deleted : user_pref("CT2103525.CurrentServerDate", "14-9-2012");
Deleted : user_pref("CT2103525.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2103525.DialogsGetterLastCheckTime", "Wed Sep 12 2012 18:32:55 GMT-0700 (Pacific Daylig[...]
Deleted : user_pref("CT2103525.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT2103525.DownloadDomainsListLastCheckTime", "Thu Sep 13 2012 23:38:35 GMT-0700 (Pacific [...]
Deleted : user_pref("CT2103525.DownloadDomainsListLastServerUpdateTime", "1201073583");
Deleted : user_pref("CT2103525.DownloadReferralCookieData", "");
Deleted : user_pref("CT2103525.FeedLastCount128737777289300699", 237);
Deleted : user_pref("CT2103525.FeedPollDate128737777290081954", "Mon Nov 02 2009 16:35:17 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT2103525.FeedPollDate128738408598969469", "Mon Nov 02 2009 15:35:17 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT2103525.FeedPollDate128738564357562961", "Mon Nov 02 2009 15:35:17 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT2103525.FeedPollDate128738895103056721", "Mon Nov 02 2009 15:35:16 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT2103525.FeedPollDate128739371321025564", "Mon Nov 02 2009 16:35:17 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT2103525.FeedPollDate128739415741963331", "Mon Nov 02 2009 15:35:17 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT2103525.FeedPollDate128753202537481630", "Mon Nov 02 2009 15:35:17 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT2103525.FeedPollDate128753934160063345", "Mon Nov 02 2009 15:35:16 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT2103525.FeedTTL128738564357562961", 40);
Deleted : user_pref("CT2103525.FeedTTL128753934160063345", 40);
Deleted : user_pref("CT2103525.FirstServerDate", "10-5-2012");
Deleted : user_pref("CT2103525.FirstTime", true);
Deleted : user_pref("CT2103525.FirstTimeFF3", true);
Deleted : user_pref("CT2103525.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2103525.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2103525.HasUserGlobalKeys", true);
Deleted : user_pref("CT2103525.Initialize", true);
Deleted : user_pref("CT2103525.InitializeCommonPrefs", true);
Deleted : user_pref("CT2103525.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2103525.InstallationType", "Unknown");
Deleted : user_pref("CT2103525.InstalledDate", "Thu Oct 08 2009 16:34:53 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT2103525.IsGrouping", false);
Deleted : user_pref("CT2103525.IsMulticommunity", true);
Deleted : user_pref("CT2103525.IsOpenThankYouPage", true);
Deleted : user_pref("CT2103525.IsOpenUninstallPage", true);
Deleted : user_pref("CT2103525.LanguagePackLastCheckTime", "Thu Sep 13 2012 23:38:41 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT2103525.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2103525.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2103525.LastLogin_2.4.0.4", "Mon Nov 02 2009 13:18:02 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("CT2103525.LastLogin_3.12.2.3", "Sun May 20 2012 19:25:13 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2103525.LastLogin_3.13.0.6", "Sun Jul 08 2012 22:24:15 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2103525.LastLogin_3.14.1.0", "Tue Aug 28 2012 20:52:32 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2103525.LastLogin_3.15.1.0", "Thu Sep 13 2012 23:38:42 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2103525.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2103525.Locale", "en-us");
Deleted : user_pref("CT2103525.LoginCache", 4);
Deleted : user_pref("CT2103525.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2103525.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2103525.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2103525.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2103525.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2103525.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2103525.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2103525.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT210[...]
Deleted : user_pref("CT2103525.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2103525.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2103525.SearchInNewTabLastCheckTime", "Thu Sep 13 2012 23:38:36 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT2103525.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2103525.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2103525.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2103525.ServiceMapLastCheckTime", "Thu Sep 13 2012 23:38:38 GMT-0700 (Pacific Daylight [...]
Deleted : user_pref("CT2103525.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2103525.SettingsLastCheckTime", "Thu Sep 13 2012 23:38:35 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT2103525.SettingsLastUpdate", "1347263642");
Deleted : user_pref("CT2103525.ThirdPartyComponentsInterval", 72);
Deleted : user_pref("CT2103525.ThirdPartyComponentsLastCheck", "Mon Nov 02 2009 13:17:58 GMT-0800 (Pacific Sta[...]
Deleted : user_pref("CT2103525.ThirdPartyComponentsLastUpdate", "1254717617");
Deleted : user_pref("CT2103525.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2103525");
Deleted : user_pref("CT2103525.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2103525.UserID", "UN75317595217502775");
Deleted : user_pref("CT2103525.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2103525.clientLogIsEnabled", false);
Deleted : user_pref("CT2103525.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2103525.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2103525.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2103525.initDone", true);
Deleted : user_pref("CT2103525.myStuffEnabled", true);
Deleted : user_pref("CT2103525.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2103525.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2103525.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2103525.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2103525.revertSettingsEnabled", false);
Deleted : user_pref("CT2103525.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2103525.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2103525.testingCtid", "");
Deleted : user_pref("CT2103525.toolbarAppMetaDataLastCheckTime", "Thu Sep 13 2012 23:38:40 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT2103525.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2146233.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2146233.AllowNonPrivacy", true);
Deleted : user_pref("CT2146233.CTID", "CT2146233");
Deleted : user_pref("CT2146233.CTPBaseServerUrl", "hxxp://services.conduit.com/");
Deleted : user_pref("CT2146233.CommunityChanged", false);
Deleted : user_pref("CT2146233.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2146233.EnableClickToSearchBox", true);
Deleted : user_pref("CT2146233.EnableSearchHistory", true);
Deleted : user_pref("CT2146233.EnableSearchSuggest", true);
Deleted : user_pref("CT2146233.EnableUsage", true);
Deleted : user_pref("CT2146233.ExternalComponentPollDate128773128306093923", "Fri Mar 13 2009 19:15:48 GMT-070[...]
Deleted : user_pref("CT2146233.FeedLastCount128771807846007220", 51);
Deleted : user_pref("CT2146233.FeedPollDate128771807846007220", "Fri Mar 13 2009 16:15:48 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2146233.FeedPollDate128774017084194358", "Fri Mar 13 2009 18:15:48 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2146233.FeedPollDate128774017398725740", "Fri Mar 13 2009 18:15:49 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2146233.FeedPollDate128774017840287722", "Fri Mar 13 2009 18:15:49 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2146233.FeedPollDate128787849261794081", "Fri Mar 13 2009 18:15:48 GMT-0700 (Pacific Da[...]
Deleted : user_pref("CT2146233.FirstTime", true);
Deleted : user_pref("CT2146233.FirstTimeFF3", true);
Deleted : user_pref("CT2146233.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2146233.Initialize", true);
Deleted : user_pref("CT2146233.InitializeCommonPrefs", true);
Deleted : user_pref("CT2146233.InvalidateCache", false);
Deleted : user_pref("CT2146233.IsGrouping", false);
Deleted : user_pref("CT2146233.IsMulticommunity", false);
Deleted : user_pref("CT2146233.IsOpenThankYouPage", true);
Deleted : user_pref("CT2146233.IsOpenUninstallPage", true);
Deleted : user_pref("CT2146233.LanguagePackLastCheckTime", "Fri Mar 13 2009 10:15:49 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT2146233.LanguagePackReloadInterval", "24");
Deleted : user_pref("CT2146233.LastLogin", "Fri Mar 13 2009 10:15:48 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT2146233.Locale", "en");
Deleted : user_pref("CT2146233.LoginCache", "4");
Deleted : user_pref("CT2146233.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2146233.MCDetectTooltipShow", true);
Deleted : user_pref("CT2146233.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2146233.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2146233.MyGadgetsServerUrl", "hxxp://services.MyStuff.u-page.com/MyStuffService.asmx/Le[...]
Deleted : user_pref("CT2146233.MyGadgetsTrustedDomains", "u-page.com");
Deleted : user_pref("CT2146233.RadioIsPodcast", false);
Deleted : user_pref("CT2146233.RadioLastCheckTime", "Fri Mar 13 2009 10:15:49 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT2146233.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2146233.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2146233.RadioMediaID", "9853");
Deleted : user_pref("CT2146233.RadioMediaType", "Media Player");
Deleted : user_pref("CT2146233.RadioMenuSelectedID", "EBRadioMenu_CT2146233_RECENT9853");
Deleted : user_pref("CT2146233.RadioStationName", "KQED%2C%2088.1%20FM%2C%20San%20Francisco");
Deleted : user_pref("CT2146233.RadioStationURL", "hxxp://www.kqed.org/listen/live/wm/kqedradio.asx");
Deleted : user_pref("CT2146233.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2146233.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2146233.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT214[...]
Deleted : user_pref("CT2146233.Server", "hxxp://users.conduit.com");
Deleted : user_pref("CT2146233.SettingsInvalidateCache", false);
Deleted : user_pref("CT2146233.SettingsLastUpdate", "1236631826");
Deleted : user_pref("CT2146233.ThirdPartyComponentsInterval", "72");
Deleted : user_pref("CT2146233.ThirdPartyComponentsLastCheck", "Tue Feb 17 2009 10:48:45 GMT-0800 (Pacific Sta[...]
Deleted : user_pref("CT2146233.ThirdPartyComponentsLastUpdate", "1234355780");
Deleted : user_pref("CT2146233.ToolbarAlignMode", "SYSTEM");
Deleted : user_pref("CT2146233.ToolbarName", "SquidUtils");
Deleted : user_pref("CT2146233.UserID", "UN20090217104843580");
Deleted : user_pref("CT2146233.VusualLastUpdateTime", "1236631826");
Deleted : user_pref("CT2146233.components.1000", false);
Deleted : user_pref("CT2146233.components.1000034", false);
Deleted : user_pref("CT2146233.components.1000080", true);
Deleted : user_pref("CT2146233.components.1000082", true);
Deleted : user_pref("CT2146233.components.1000234", false);
Deleted : user_pref("CT2146233.components.1001", false);
Deleted : user_pref("CT2146233.components.1002", true);
Deleted : user_pref("CT2146233.components.1003", false);
Deleted : user_pref("CT2146233.components.1004", false);
Deleted : user_pref("CT2146233.components.1005", false);
Deleted : user_pref("CT2146233.components.1006", false);
Deleted : user_pref("CT2146233.components.1007", false);
Deleted : user_pref("CT2146233.components.1008", false);
Deleted : user_pref("CT2146233.components.1010", false);
Deleted : user_pref("CT2146233.components.1012", false);
Deleted : user_pref("CT2146233.components.128771807846007220", true);
Deleted : user_pref("CT2146233.components.128771835961787678", true);
Deleted : user_pref("CT2146233.components.128772158689531945", true);
Deleted : user_pref("CT2146233.components.128772171047656838", true);
Deleted : user_pref("CT2146233.components.128772215695313044", true);
Deleted : user_pref("CT2146233.components.128773128306093923", true);
Deleted : user_pref("CT2146233.components.128773177004688107", true);
Deleted : user_pref("CT2146233.components.128773877968725874", true);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2103525/CT2103525[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alert.services.conduit.com/Alerts/AlertServices.asmx/GetHost[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/518617/514487/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2103525", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2103525",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/25/210/CT2103525/Gadg[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.labpixies.com/campaigns/youtube/youtu[...]
Deleted : user_pref("CommunityToolbar.MyGadgetsIntervalMM", 1440);
Deleted : user_pref("CommunityToolbar.MyGadgetsShowDetectDialog", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?q=");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2146233,CT2103525,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2146233");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Jun 01 2011 08:55:23 GMT-07[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 23 2011 09:08:45 GMT-0700 (Pacif[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 16:51:33 GMT-0700 (Pacific D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{e0713fb4-928e-4fa0-8460-f5f8c4d8bc69}");
Deleted : user_pref("CommunityToolbar.globalUserId", "64f0e764-2c86-4410-978d-612bfd6088ef");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun Apr 03 2011 22:31:56 GMT-0700 (Pacific Dayl[...]
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Mar 24 2011 08:14:53 GMT-0700 (Pacific Da[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "03/21/2011 17");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Mon Mar 21 2011 08:14:53 GMT-0700 (Pacific Daylight Time)"[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Mar 26 2011 08:14:55 GMT-0700 (Pacific Day[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.2.1", "Sat Mar 26 2011 14:06:05 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 26 2011 14:06:04 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("ConduitEngine.UserID", "UN94169621575696654");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Mar 26 2011 08:14:55 GMT-0700 (Pacif[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Mar 26 2011 16:06:06 GMT-0700 (Paci[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 1);
Deleted : user_pref("browser.search.defaultthis.engineName", "SquidUtils Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2146233&Sea[...]
Deleted : user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\[...]
Deleted : user_pref("extensions.competetb.extensions.snipit.askTbInstalled", false);
Deleted : user_pref("extensions.s4fToolbar.cp-blekko-domainlinks", true);
Deleted : user_pref("extensions.s4fToolbar.cp-blekko-rank", true);
Deleted : user_pref("extensions.s4fToolbar.si-blekko-domainlinks", true);
Deleted : user_pref("extensions.s4fToolbar.si-blekko-pagelinks", true);
Deleted : user_pref("extensions.s4fToolbar.si-blekko-rank", true);
Deleted : user_pref("extensions.snipit.askTbInstalled", true);
Deleted : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&g[...]

Profile name : default
File : C:\Users\Asher\AppData\Roaming\Mozilla\Firefox\Profiles\oc8aerex.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\beanefamily\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [24212 octets] - [13/09/2012 23:46:32]

########## EOF - C:\AdwCleaner[S1].txt - [24273 octets] ##########



--------------------------------------------
--------------------------------------------
Farbar Service Scanner Version: 06-08-2012
Ran by beanefamily (administrator) on 13-09-2012 at 23:57:09
Running from "C:\Users\beanefamily\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-09-12 11:30] - [2012-08-22 11:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:22 AM

Posted 14 September 2012 - 06:15 AM

Windows Defender is disabled by Microsoft Security Essentials on purpose as it contains the same components,so that is fine.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click on "Do I have Java"
  • It will check your current version and then offer to update to the latest version
  • Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if there are - remove them.


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

How is the computer running now? Are there any outstanding issues?

Edited by CatByte, 14 September 2012 - 06:18 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:22 AM

Posted 20 September 2012 - 05:57 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users