Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD after running FixTDSS


  • This topic is locked This topic is locked
4 replies to this topic

#1 lifenomad

lifenomad

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 14 December 2012 - 11:18 AM

Essentially the same issue as the following articles:
http://www.bleepingcomputer.com/forums/topic359494.html
http://www.bleepingcomputer.com/forums/topic443562.html
http://www.bleepingcomputer.com/forums/topic448276.html
http://www.bleepingcomputer.com/forums/topic428407.html
http://www.bleepingcomputer.com/forums/topic428082.html

The computer is question is a Windows 7x64 machine. Which had a virus on it, which the owner stated that he had cleaned up using some tools. I am not sure what exactly was done, but the PC was up and running but Microsoft Security Essentials was complaining about a Trojan: Alureon. I followed the following Norton article and ran the FixTDSS program which initially cleaned up the MBR and got rid of the Trojan.
http://www.symantec.com/security_response/writeup.jsp?docid=2008-091809-0911-99

Everything seemed well until a reboot after the TDSS did it's fix. Now the PC is BSODing with a 07 stop code.

I have ran a chkdsk /r, I have ran a bootrec /fixboot, I have attempted the Automated startup repair, I have tried a system restore. Nothing has worked...

I ran the FRST tool and pulled the following log to see if anyone can help me in getting this thing up again.

Thank you all so much!


LOG FILE:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012
Ran by SYSTEM at 14-12-2012 10:57:01
Running from G:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [281600 2008-10-13] (OsdMaestro)
HKLM\...\Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe" /tray [3866624 2009-01-16] (Analog Devices, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [Buttons & OSDs control application gen2] c:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe [208896 2009-04-16] (Hewlett Packard)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [185640 2009-04-09] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2009-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [HP KEYBOARD] "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE" [678912 2009-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [224616 2009-02-06] (Microsoft Corp.)
HKLM-x32\...\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [281600 2008-10-13] (OsdMaestro)
HKLM-x32\...\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [1328424 2009-04-09] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-05-26] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [28672 2008-07-31] (Sage Software, Inc.)
HKLM-x32\...\Run: [Act! Preloader] "C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe" -preload [393216 2008-07-31] (Sage Software, Inc.)
HKLM-x32\...\Run: [ACTSchedulerUI] "C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" -Dfalse [499712 2008-07-31] (Sage Software, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\Administrator\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-04-03] (Hewlett-Packard)
HKU\Administrator\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1347584 2009-01-30] (AWS Convergence Technologies, Inc.)
HKU\Administrator\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon" [39816 2010-05-03] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\Administrator\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-05] (Google Inc.)
HKU\Administrator\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Administrator\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [x]
HKU\Administrator\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\Administrator\...\Run: [Google Update] "C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-15] (Google Inc.)
HKU\Administrator\...\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe [77656 2011-03-10] (Intuit Inc.)
HKU\Administrator\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [x]
HKU\Administrator\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex [x]
HKU\Administrator\...\Policies\system: [LogonHoursAction] 2
HKU\Administrator\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Administrator.STRATCENTER\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-05] (Google Inc.)
HKU\Administrator.STRATCENTER\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-04-03] (Hewlett-Packard)
HKU\Administrator.STRATCENTER\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1347584 2009-01-30] (AWS Convergence Technologies, Inc.)
HKU\Administrator.STRATCENTER\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon" [39816 2010-05-03] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\Administrator.STRATCENTER\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Administrator.STRATCENTER\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [x]
HKU\Administrator.STRATCENTER\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\Administrator.STRATCENTER\...\Run: [Google Update] "C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-15] (Google Inc.)
HKU\Administrator.STRATCENTER\...\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe [77656 2011-03-10] (Intuit Inc.)
HKU\Administrator.STRATCENTER\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [x]
HKU\Administrator.STRATCENTER\...\Policies\system: [LogonHoursAction] 2
HKU\Administrator.STRATCENTER\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Carolyn\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-04-03] (Hewlett-Packard)
HKU\Carolyn\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1347584 2009-01-30] (AWS Convergence Technologies, Inc.)
HKU\Carolyn\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon" [39816 2010-05-03] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\Carolyn\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-05] (Google Inc.)
HKU\Carolyn\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Carolyn\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [x]
HKU\Carolyn\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\Carolyn\...\Run: [Google Update] "C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-15] (Google Inc.)
HKU\Carolyn\...\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe [77656 2011-03-10] (Intuit Inc.)
HKU\Carolyn\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [x]
HKU\Carolyn\...\Policies\system: [LogonHoursAction] 2
HKU\Carolyn\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Catherine\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-05] (Google Inc.)
HKU\Catherine\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Catherine\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Catherine\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-04-03] (Hewlett-Packard)
HKU\Catherine\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1347584 2009-01-30] (AWS Convergence Technologies, Inc.)
HKU\Catherine\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon" [39816 2010-05-03] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\Catherine\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [x]
HKU\Catherine\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\Catherine\...\Run: [Google Update] "C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-15] (Google Inc.)
HKU\Catherine\...\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe [77656 2011-03-10] (Intuit Inc.)
HKU\Catherine\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [x]
HKU\Catherine\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex [x]
HKU\Catherine\...\Policies\system: [LogonHoursAction] 2
HKU\Catherine\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\cmplummer.STRATCENTER\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-05] (Google Inc.)
HKU\cmplummer.STRATCENTER\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\cmplummer.STRATCENTER\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\cmplummer.STRATCENTER\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-04-03] (Hewlett-Packard)
HKU\cmplummer.STRATCENTER\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1347584 2009-01-30] (AWS Convergence Technologies, Inc.)
HKU\cmplummer.STRATCENTER\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon" [39816 2010-05-03] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\cmplummer.STRATCENTER\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [x]
HKU\cmplummer.STRATCENTER\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\cmplummer.STRATCENTER\...\Run: [Google Update] "C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-15] (Google Inc.)
HKU\cmplummer.STRATCENTER\...\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe [77656 2011-03-10] (Intuit Inc.)
HKU\cmplummer.STRATCENTER\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [x]
HKU\cmplummer.STRATCENTER\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex [x]
HKU\cmplummer.STRATCENTER\...\RunOnce: [Application Restart #0] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe /tray [3866624 2009-01-16] (Analog Devices, Inc.)
HKU\cmplummer.STRATCENTER\...\RunOnce: [Application Restart #1] C:\Program Files\Microsoft Security Client\msseces.exe -Recover [1289704 2012-09-12] (Microsoft Corporation)
HKU\cmplummer.STRATCENTER\...\RunOnce: [Application Restart #2] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-05] (Google Inc.)
HKU\cmplummer.STRATCENTER\...\RunOnce: [Application Restart #3] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\cmplummer.STRATCENTER\...\RunOnce: [Application Restart #4] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKU\cmplummer.STRATCENTER\...\RunOnce: [Application Restart #5] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-09] (CyberLink)
HKU\cmplummer.STRATCENTER\...\RunOnce: [Application Restart #6] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKU\cmplummer.STRATCENTER\...\RunOnce: [Application Restart #7] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKU\cmplummer.STRATCENTER\...\RunOnce: [Application Restart #8] C:\Program Files (x86)\Internet Explorer\iexplore.exe -restart /WERRESTART [748704 2012-10-08] (Microsoft Corporation)
HKU\cmplummer.STRATCENTER\...\RunOnce: [Application Restart #9] C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe" [383488 2009-07-13] (Microsoft Corporation)
HKU\cmplummer.STRATCENTER\...\Policies\system: [LogonHoursAction] 2
HKU\cmplummer.STRATCENTER\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\csplummer\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-04-03] (Hewlett-Packard)
HKU\csplummer\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1347584 2009-01-30] (AWS Convergence Technologies, Inc.)
HKU\csplummer\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe" "/Trigger RunAtLogon" [39816 2012-03-16] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\csplummer\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\csplummer\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\csplummer\...\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe [77656 2011-03-10] (Intuit Inc.)
HKU\csplummer\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\csplummer\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-05] (Google Inc.)
HKU\csplummer\...\Run: [AdministrativeTools] rundll32.exe "C:\Users\csplummer\AppData\Local\Administrative Tools\wRZaXQXCF.dll",AgereMainhid init32 [28672 2012-11-07] ()
HKU\csplummer\...\Run: [MainConcept (Consumer)] RUNDLL32.EXE "C:\Users\csplummer\AppData\Local\MainConcept (Consumer)\wcqdgxsw.dll",AllocInstanceData [759808 2012-12-08] ()
HKU\csplummer\...\Policies\system: [LogonHoursAction] 2
HKU\csplummer\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\geplummer\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-05] (Google Inc.)
HKU\geplummer\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\geplummer\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-04-03] (Hewlett-Packard)
HKU\geplummer\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1347584 2009-01-30] (AWS Convergence Technologies, Inc.)
HKU\geplummer\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon" [39816 2010-05-03] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\geplummer\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\geplummer\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [x]
HKU\geplummer\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\geplummer\...\Run: [Google Update] "C:\Users\geplummer\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-01] (Google Inc.)
HKU\geplummer\...\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe [77656 2011-03-10] (Intuit Inc.)
HKU\geplummer\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [x]
HKU\geplummer\...\RunOnce: [Application Restart #0] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe /tray [3866624 2009-01-16] (Analog Devices, Inc.)
HKU\geplummer\...\RunOnce: [Application Restart #1] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-05] (Google Inc.)
HKU\geplummer\...\RunOnce: [Application Restart #2] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\geplummer\...\RunOnce: [Application Restart #3] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKU\geplummer\...\RunOnce: [Application Restart #4] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-09] (CyberLink)
HKU\geplummer\...\RunOnce: [Application Restart #5] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKU\geplummer\...\RunOnce: [Application Restart #6] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKU\geplummer\...\RunOnce: [Application Restart #7] C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe" [383488 2009-07-13] (Microsoft Corporation)
HKU\geplummer\...\RunOnce: [Application Restart #8] C:\Program Files\Microsoft Security Client\msseces.exe -Recover [1289704 2012-09-12] (Microsoft Corporation)
HKU\geplummer\...\Policies\system: [LogonHoursAction] 2
HKU\geplummer\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Grace\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-05] (Google Inc.)
HKU\Grace\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Grace\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-04-03] (Hewlett-Packard)
HKU\Grace\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1347584 2009-01-30] (AWS Convergence Technologies, Inc.)
HKU\Grace\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon" [39816 2010-05-03] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\Grace\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Grace\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [x]
HKU\Grace\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\Grace\...\Run: [Google Update] "C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-15] (Google Inc.)
HKU\Grace\...\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe [77656 2011-03-10] (Intuit Inc.)
HKU\Grace\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [x]
HKU\Grace\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex [x]
HKU\Grace\...\Policies\system: [LogonHoursAction] 2
HKU\Grace\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Kitchen\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-05] (Google Inc.)
HKU\Kitchen\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Kitchen\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Kitchen\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-04-03] (Hewlett-Packard)
HKU\Kitchen\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1347584 2009-01-30] (AWS Convergence Technologies, Inc.)
HKU\Kitchen\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon" [39816 2010-05-03] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\Kitchen\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [x]
HKU\Kitchen\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\Kitchen\...\Run: [Google Update] "C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-15] (Google Inc.)
HKU\Kitchen\...\Run: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe [77656 2011-03-10] (Intuit Inc.)
HKU\Kitchen\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [x]
HKU\Kitchen\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex [x]
HKU\Kitchen\...\Policies\system: [LogonHoursAction] 2
HKU\Kitchen\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Carolyn\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
4 ACT! Scheduler; "C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe" [81920 2008-07-31] (Sage Software, Inc.)
2 AEADIFilters; C:\Windows\System32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
2 HomeSeerService; "C:\Program Files (x86)\HomeSeer HSPRO\HomeSeerService.exe" [24576 2009-11-23] (HomeSeer Technologies, LLC)
2 HP Touch Screen Enhance; "C:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE" [101888 2009-01-20] (Hewlett-Packard)
2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
2 msoidsvc; "C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE" [2078112 2011-09-28] (Microsoft Corp.)
4 MSSQL$ACT7; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sACT7 [29262680 2009-05-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
3 screen-scraper server; C:\Program Files (x86)\screen-scraper Professional Edition\server.exe [396800 2012-05-11] ()
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

3 ACPIService; C:\Windows\System32\DRIVERS\OSDACPI.SYS [17992 2009-06-17] ()
3 AVerAVF2; C:\Windows\System32\Drivers\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2009-09-16] (Duplex Secure Ltd.)
3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-14 09:22 - 2012-12-14 09:22 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-12-14 06:54 - 2012-12-14 06:54 - 00000004 ____A C:\Users\All Users\Brightness.ini
2012-12-14 06:07 - 2012-12-14 06:08 - 00000000 ____D C:\Users\csplummer\AppData\Local\{156B1488-8E52-464D-9D60-C865964EB378}
2012-12-10 22:11 - 2012-12-10 22:11 - 00293296 ____A C:\Windows\Minidump\121112-31543-01.dmp
2012-12-10 15:40 - 2012-12-10 15:40 - 00000000 ____D C:\Users\csplummer\AppData\Local\{7662AE7B-A20A-4D0B-A953-B62AB3AB7703}
2012-12-10 03:39 - 2012-12-10 03:39 - 00000000 ____D C:\Users\csplummer\AppData\Local\{FF457B6E-32DD-47D2-AAD9-916EF4DB6ECC}
2012-12-09 19:58 - 2012-12-09 19:58 - 00000000 ____D C:\Users\csplummer\AppData\Roaming\Malwarebytes
2012-12-09 19:57 - 2012-12-11 01:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-09 19:57 - 2012-12-09 19:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-09 15:39 - 2012-12-09 15:39 - 00000000 ____D C:\Users\csplummer\AppData\Local\{4EFD24D1-6191-49BC-AF19-CE82C07ADE4B}
2012-12-08 21:07 - 2012-12-08 21:07 - 00287984 ____A C:\Windows\Minidump\120912-37721-01.dmp
2012-12-08 18:26 - 2012-12-10 17:30 - 00000000 ____D C:\Users\All Users\WRData
2012-12-08 18:26 - 2012-12-08 18:26 - 00000000 ____D C:\Program Files\Webroot
2012-12-08 13:45 - 2012-12-08 13:46 - 00000000 ____D C:\Users\csplummer\AppData\Local\{61C3221B-C9F1-42BE-ADD8-4A47ED67FB01}
2012-12-07 17:52 - 2012-12-07 17:53 - 00000000 ____D C:\Users\csplummer\AppData\Local\{4E456301-742F-4E74-8F88-AF3A41F352D7}
2012-12-07 04:13 - 2012-12-07 04:13 - 00000000 ____D C:\Users\csplummer\AppData\Local\{AFB0B33B-9AE7-4134-B0BE-E396F91B2020}
2012-12-04 08:43 - 2012-12-06 08:54 - 00000000 ____D C:\Users\csplummer\AppData\Local\{2C7697F2-77EA-4759-A86C-DA9CE9F3FB3B}
2012-12-02 20:39 - 2012-12-03 08:57 - 00000000 ____D C:\Users\csplummer\AppData\Local\{495B5853-13B0-4826-976C-AC124808A1F9}
2012-12-01 18:34 - 2012-12-02 08:39 - 00000000 ____D C:\Users\csplummer\AppData\Local\{BFB0D884-E4EA-46CB-A43B-BDD1605BE5FD}
2012-12-01 14:09 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-12-01 14:08 - 2012-12-01 14:08 - 01629968 ____A C:\Windows\Minidump\120112-29016-01.dmp
2012-11-30 20:52 - 2012-12-01 08:52 - 00000000 ____D C:\Users\csplummer\AppData\Local\{3696508A-A4F1-4C2E-B4D8-88D742BAC78B}
2012-11-24 18:25 - 2012-11-30 08:52 - 00000000 ____D C:\Users\csplummer\AppData\Local\{7580E35C-5B22-4729-B14B-E12DF863A9B6}
2012-11-20 20:21 - 2012-11-20 20:21 - 00000000 ____D C:\Users\csplummer\AppData\Local\{4C73B4D5-DAFC-4E76-AC34-A0F2AF3E5799}
2012-11-19 20:21 - 2012-11-19 20:21 - 00000000 ____D C:\Users\csplummer\AppData\Local\{8798E914-1B8F-4899-91A3-25CC11D7981B}
2012-11-18 08:20 - 2012-11-20 08:21 - 00000000 ____D C:\Users\csplummer\AppData\Local\{605023F4-EC14-45BA-A0FD-4758C873ACA4}
2012-11-17 20:19 - 2012-11-17 20:20 - 00000000 ____D C:\Users\csplummer\AppData\Local\{77714EDE-6584-478A-BABD-B088126D2D25}
2012-11-17 12:29 - 2012-11-17 12:29 - 00000000 ____D C:\Users\All Users\AVS4YOU
2012-11-17 12:28 - 2012-11-17 12:28 - 00000000 ____D C:\Users\csplummer\AppData\Roaming\AVS4YOU
2012-11-17 12:27 - 2012-11-17 12:27 - 00001259 ____A C:\Users\csplummer\Desktop\AVS4YOU Software Navigator.lnk
2012-11-17 12:27 - 2012-11-17 12:27 - 00000885 ____A C:\Users\csplummer\Desktop\Audio Video Synchronizer.lnk
2012-11-17 12:27 - 2012-11-17 12:27 - 00000000 ____D C:\Program Files (x86)\avsync
2012-11-17 12:24 - 2012-11-17 12:24 - 00001167 ____A C:\Users\csplummer\Desktop\AVS Video Editor.lnk
2012-11-17 12:22 - 2012-11-17 12:27 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2012-11-17 12:22 - 2011-09-16 15:00 - 11137024 ____A (Intel Corporation) C:\Windows\SysWOW64\libmfxsw32.dll
2012-11-17 12:22 - 2011-06-23 10:26 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2012-11-17 12:22 - 2011-06-23 10:25 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2012-11-17 11:30 - 2012-11-17 14:52 - 00000000 ____D C:\Program Files (x86)\GoldWave
2012-11-17 11:30 - 2012-11-17 11:30 - 00000748 ____A C:\Users\csplummer\Desktop\GoldWave.lnk
2012-11-17 11:10 - 2012-11-17 11:10 - 00000000 ____D C:\Users\csplummer\AppData\Local\ezvid,_inc
2012-11-17 11:04 - 2012-11-17 11:14 - 00005120 ____A C:\Users\csplummer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-17 11:03 - 2012-11-17 11:07 - 00000000 ____D C:\Users\csplummer\Documents\ezvid
2012-11-17 11:03 - 2012-11-17 11:03 - 00047758 ____A C:\Windows\unins000.dat
2012-11-17 11:03 - 2012-11-17 11:03 - 00011273 ____A C:\Windows\unins000.msg
2012-11-17 11:03 - 2012-11-17 11:03 - 00001789 ____A C:\Users\Public\Desktop\ezvid.lnk
2012-11-17 11:03 - 2012-11-17 11:03 - 00000000 ____D C:\Program Files (x86)\ezvid
2012-11-17 11:03 - 2012-11-17 11:01 - 00745016 ____A C:\Windows\unins000.exe
2012-11-17 11:03 - 2012-09-16 12:14 - 02287504 ____A (VisioForge) C:\Windows\SysWOW64\VisioForge_Video_Resize.ax
2012-11-17 11:03 - 2012-09-16 12:14 - 01727888 ____A (VisioForge) C:\Windows\SysWOW64\VisioForge_Video_Mixer.ax
2012-11-17 11:03 - 2012-09-16 12:14 - 00175504 ____A (VisioForge) C:\Windows\SysWOW64\VisioForge_MediaBridge_WPF_35.ax
2012-11-17 11:03 - 2012-09-16 12:14 - 00155024 ____A C:\Windows\SysWOW64\VisioForge_RGB2YUV.ax
2012-11-17 11:03 - 2012-09-16 12:14 - 00143248 ____A C:\Windows\SysWOW64\VisioForge_YUV2RGB.ax
2012-11-17 11:03 - 2012-09-16 12:14 - 00138640 ____A (VisioForge) C:\Windows\SysWOW64\VisioForge_Dump.ax
2012-11-17 11:03 - 2012-09-16 12:14 - 00121232 ____A (VisioForge) C:\Windows\SysWOW64\VisioForge_Screen_Capture.ax
2012-11-17 11:03 - 2011-12-07 17:32 - 00216064 ____A ( ) C:\Windows\SysWOW64\LAGARITH.DLL
2012-11-16 20:13 - 2012-11-17 08:19 - 00000000 ____D C:\Users\csplummer\AppData\Local\{979E77F9-BD84-4176-82A9-4994BE68B682}
2012-11-16 05:02 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-16 05:01 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-16 05:01 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-16 05:01 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-16 04:53 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-16 04:53 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-16 04:53 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-16 04:53 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-16 04:53 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-16 04:53 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-16 04:53 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-16 04:53 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-16 04:53 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-16 04:53 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-16 04:53 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-16 04:53 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-16 04:53 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-16 04:53 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-16 04:53 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-16 04:53 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-16 04:53 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-16 04:53 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-16 04:53 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-16 04:53 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-16 04:53 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-16 04:53 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-16 04:53 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-16 04:53 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-16 04:53 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-16 04:53 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-16 04:53 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-16 04:53 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-16 04:53 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-16 04:53 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-16 04:53 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-16 04:53 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-16 04:52 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-16 04:52 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-16 04:52 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-16 04:52 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-16 04:52 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 04:52 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-16 04:52 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-16 04:52 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 20:05 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 20:05 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-14 20:05 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 20:05 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-14 20:05 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-14 20:05 - 2012-05-31 21:36 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\iisRtl.dll
2012-11-14 20:04 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-14 20:04 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-14 20:04 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-14 20:04 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-14 20:04 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-14 20:04 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-14 20:04 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-14 20:04 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-14 20:04 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-14 20:04 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-14 20:04 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-14 20:04 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-14 20:04 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-14 20:04 - 2012-05-31 21:39 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\wamregps.dll
2012-11-14 20:04 - 2012-05-31 21:36 - 00011264 ____A (Microsoft Corporation) C:\Windows\System32\iisrstap.dll
2012-11-14 20:04 - 2012-05-31 21:35 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\ahadmin.dll
2012-11-14 20:04 - 2012-05-31 21:34 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\admwprox.dll
2012-11-14 20:04 - 2012-05-31 21:33 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\iisreset.exe
2012-11-14 20:04 - 2012-05-31 20:40 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2012-11-14 20:04 - 2012-05-31 20:37 - 00154624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2012-11-14 20:04 - 2012-05-31 20:37 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2012-11-14 20:04 - 2012-05-31 20:35 - 00050688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2012-11-14 20:04 - 2012-05-31 20:35 - 00026624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2012-11-14 20:04 - 2012-05-31 20:34 - 00015360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2012-11-14 20:04 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll


==================== One Month Modified Files and Folders =======

2012-12-14 10:56 - 2012-12-14 10:56 - 00000000 ____D C:\FRST
2012-12-14 09:22 - 2012-12-14 09:22 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-12-14 06:54 - 2012-12-14 06:54 - 00000004 ____A C:\Users\All Users\Brightness.ini
2012-12-14 06:54 - 2009-09-16 17:45 - 00011424 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-14 06:54 - 2009-09-16 17:45 - 00011424 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-14 06:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\inetsrv
2012-12-14 06:53 - 2011-05-04 11:48 - 00000000 ____D C:\Users\csplummer\Tracing
2012-12-14 06:52 - 2010-02-16 19:28 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-14 06:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-14 06:50 - 2009-07-13 20:51 - 00547487 ____A C:\Windows\setupact.log
2012-12-14 06:49 - 2009-09-16 18:00 - 01471475 ____A C:\Windows\WindowsUpdate.log
2012-12-14 06:45 - 2012-11-06 21:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-14 06:45 - 2009-09-21 14:06 - 00001786 __ASH C:\Users\All Users\KGyGaAvL.sys
2012-12-14 06:44 - 2009-07-13 21:13 - 00945502 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-14 06:41 - 2010-11-03 14:31 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1571819242-833940851-1144982973-1000UA.job
2012-12-14 06:08 - 2012-12-14 06:07 - 00000000 ____D C:\Users\csplummer\AppData\Local\{156B1488-8E52-464D-9D60-C865964EB378}
2012-12-14 06:06 - 2012-11-07 15:11 - 00000000 ____D C:\Users\csplummer\AppData\Local\MainConcept (Consumer)
2012-12-14 06:05 - 2011-05-04 11:48 - 00000000 ____D C:\users\csplummer
2012-12-13 15:32 - 2011-07-14 06:36 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763098176-2244193755-1543894109-1120UA.job
2012-12-13 15:12 - 2011-09-19 14:26 - 00000000 ____D C:\Program Files (x86)\HomeSeer HSPRO
2012-12-11 22:19 - 2010-02-16 19:28 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-11 13:32 - 2011-07-14 06:36 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3763098176-2244193755-1543894109-1120Core.job
2012-12-11 13:32 - 2010-11-03 14:31 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1571819242-833940851-1144982973-1000Core.job
2012-12-11 01:09 - 2011-05-04 11:48 - 00000000 ____D C:\users\geplummer
2012-12-11 01:09 - 2011-05-04 11:46 - 00000000 ____D C:\users\cmplummer.STRATCENTER
2012-12-11 01:09 - 2011-05-04 10:51 - 00000000 ____D C:\users\Administrator.STRATCENTER
2012-12-11 01:09 - 2011-03-18 08:21 - 00000000 ____D C:\users\DefaultAppPool
2012-12-11 01:09 - 2010-01-12 04:00 - 00000000 ____D C:\users\Administrator
2012-12-11 01:09 - 2009-12-05 08:33 - 00000000 ____D C:\users\Catherine
2012-12-11 01:09 - 2009-12-05 08:25 - 00000000 ____D C:\users\Grace
2012-12-11 01:09 - 2009-10-18 06:55 - 00000000 ____D C:\users\Kitchen
2012-12-11 01:09 - 2009-10-17 08:15 - 00000000 ____D C:\users\Classic .NET AppPool
2012-12-11 01:09 - 2009-09-16 17:46 - 00000000 ____D C:\users\Carolyn
2012-12-11 01:08 - 2012-12-09 19:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-11 01:08 - 2012-04-08 12:12 - 00000000 ____D C:\Program Files (x86)\VeryPDF PDF2Image v2.1
2012-12-11 01:08 - 2010-05-17 08:30 - 00000000 ____D C:\Users\All Users\ArcSoft
2012-12-11 01:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2012-12-11 01:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2012-12-11 01:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-12-11 00:54 - 2009-09-16 19:47 - 00000000 __RHD C:\MSOCache
2012-12-10 22:11 - 2012-12-10 22:11 - 00293296 ____A C:\Windows\Minidump\121112-31543-01.dmp
2012-12-10 22:11 - 2011-02-16 05:40 - 631251640 ____A C:\Windows\MEMORY.DMP
2012-12-10 22:11 - 2009-11-14 14:32 - 00000000 ____D C:\Windows\Minidump
2012-12-10 20:47 - 2011-05-04 15:36 - 00000000 ____D C:\Users\csplummer\Documents\Outlook Files
2012-12-10 20:06 - 2011-05-04 10:57 - 00000144 ____A C:\Windows\System32\config\netlogon.ftl
2012-12-10 17:30 - 2012-12-08 18:26 - 00000000 ____D C:\Users\All Users\WRData
2012-12-10 15:40 - 2012-12-10 15:40 - 00000000 ____D C:\Users\csplummer\AppData\Local\{7662AE7B-A20A-4D0B-A953-B62AB3AB7703}
2012-12-10 03:39 - 2012-12-10 03:39 - 00000000 ____D C:\Users\csplummer\AppData\Local\{FF457B6E-32DD-47D2-AAD9-916EF4DB6ECC}
2012-12-09 20:16 - 2012-09-11 17:10 - 00000000 ____D C:\Grace
2012-12-09 19:58 - 2012-12-09 19:58 - 00000000 ____D C:\Users\csplummer\AppData\Roaming\Malwarebytes
2012-12-09 19:57 - 2012-12-09 19:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-09 17:39 - 2012-02-04 09:15 - 00000000 ____D C:\Users\csplummer\Documents\Grace
2012-12-09 15:39 - 2012-12-09 15:39 - 00000000 ____D C:\Users\csplummer\AppData\Local\{4EFD24D1-6191-49BC-AF19-CE82C07ADE4B}
2012-12-08 21:07 - 2012-12-08 21:07 - 00287984 ____A C:\Windows\Minidump\120912-37721-01.dmp
2012-12-08 18:26 - 2012-12-08 18:26 - 00000000 ____D C:\Program Files\Webroot
2012-12-08 13:46 - 2012-12-08 13:45 - 00000000 ____D C:\Users\csplummer\AppData\Local\{61C3221B-C9F1-42BE-ADD8-4A47ED67FB01}
2012-12-08 10:56 - 2011-07-09 06:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-08 09:26 - 2009-09-26 11:22 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-12-08 07:23 - 2011-09-18 23:36 - 00057856 ____A C:\Windows\RemComSvc.exe
2012-12-07 17:53 - 2012-12-07 17:52 - 00000000 ____D C:\Users\csplummer\AppData\Local\{4E456301-742F-4E74-8F88-AF3A41F352D7}
2012-12-07 07:35 - 2010-01-06 09:35 - 00000000 ____D C:\Carolyn
2012-12-07 04:13 - 2012-12-07 04:13 - 00000000 ____D C:\Users\csplummer\AppData\Local\{AFB0B33B-9AE7-4134-B0BE-E396F91B2020}
2012-12-06 13:12 - 2011-05-04 11:55 - 00000000 ____D C:\Users\csplummer\AppData\Local\WeatherBug
2012-12-06 09:25 - 2009-09-16 17:57 - 00506288 ____A C:\Windows\PFRO.log
2012-12-06 08:54 - 2012-12-04 08:43 - 00000000 ____D C:\Users\csplummer\AppData\Local\{2C7697F2-77EA-4759-A86C-DA9CE9F3FB3B}
2012-12-03 08:57 - 2012-12-02 20:39 - 00000000 ____D C:\Users\csplummer\AppData\Local\{495B5853-13B0-4826-976C-AC124808A1F9}
2012-12-02 08:39 - 2012-12-01 18:34 - 00000000 ____D C:\Users\csplummer\AppData\Local\{BFB0D884-E4EA-46CB-A43B-BDD1605BE5FD}
2012-12-01 19:36 - 2012-03-03 20:04 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-12-01 16:51 - 2009-07-13 23:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-12-01 14:08 - 2012-12-01 14:08 - 01629968 ____A C:\Windows\Minidump\120112-29016-01.dmp
2012-12-01 08:52 - 2012-11-30 20:52 - 00000000 ____D C:\Users\csplummer\AppData\Local\{3696508A-A4F1-4C2E-B4D8-88D742BAC78B}
2012-11-30 08:52 - 2012-11-24 18:25 - 00000000 ____D C:\Users\csplummer\AppData\Local\{7580E35C-5B22-4729-B14B-E12DF863A9B6}
2012-11-28 19:40 - 2011-05-08 10:55 - 00000000 ____D C:\Windows\Offline Address Books
2012-11-26 09:21 - 2010-05-17 08:22 - 00000404 ____A C:\Windows\Tasks\EasyShare Registration Task.job
2012-11-20 20:21 - 2012-11-20 20:21 - 00000000 ____D C:\Users\csplummer\AppData\Local\{4C73B4D5-DAFC-4E76-AC34-A0F2AF3E5799}
2012-11-20 08:21 - 2012-11-18 08:20 - 00000000 ____D C:\Users\csplummer\AppData\Local\{605023F4-EC14-45BA-A0FD-4758C873ACA4}
2012-11-19 20:21 - 2012-11-19 20:21 - 00000000 ____D C:\Users\csplummer\AppData\Local\{8798E914-1B8F-4899-91A3-25CC11D7981B}
2012-11-18 14:30 - 2011-05-04 11:49 - 00000000 ____D C:\Users\csplummer\AppData\Roaming\Apple Computer
2012-11-17 20:20 - 2012-11-17 20:19 - 00000000 ____D C:\Users\csplummer\AppData\Local\{77714EDE-6584-478A-BABD-B088126D2D25}
2012-11-17 14:52 - 2012-11-17 11:30 - 00000000 ____D C:\Program Files (x86)\GoldWave
2012-11-17 14:16 - 2009-07-13 20:45 - 00472896 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-17 12:29 - 2012-11-17 12:29 - 00000000 ____D C:\Users\All Users\AVS4YOU
2012-11-17 12:28 - 2012-11-17 12:28 - 00000000 ____D C:\Users\csplummer\AppData\Roaming\AVS4YOU
2012-11-17 12:27 - 2012-11-17 12:27 - 00001259 ____A C:\Users\csplummer\Desktop\AVS4YOU Software Navigator.lnk
2012-11-17 12:27 - 2012-11-17 12:27 - 00000885 ____A C:\Users\csplummer\Desktop\Audio Video Synchronizer.lnk
2012-11-17 12:27 - 2012-11-17 12:27 - 00000000 ____D C:\Program Files (x86)\avsync
2012-11-17 12:27 - 2012-11-17 12:22 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2012-11-17 12:25 - 2009-09-16 18:09 - 00133904 ____A C:\Users\Carolyn\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-17 12:24 - 2012-11-17 12:24 - 00001167 ____A C:\Users\csplummer\Desktop\AVS Video Editor.lnk
2012-11-17 11:30 - 2012-11-17 11:30 - 00000748 ____A C:\Users\csplummer\Desktop\GoldWave.lnk
2012-11-17 11:14 - 2012-11-17 11:04 - 00005120 ____A C:\Users\csplummer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-17 11:10 - 2012-11-17 11:10 - 00000000 ____D C:\Users\csplummer\AppData\Local\ezvid,_inc
2012-11-17 11:07 - 2012-11-17 11:03 - 00000000 ____D C:\Users\csplummer\Documents\ezvid
2012-11-17 11:03 - 2012-11-17 11:03 - 00047758 ____A C:\Windows\unins000.dat
2012-11-17 11:03 - 2012-11-17 11:03 - 00011273 ____A C:\Windows\unins000.msg
2012-11-17 11:03 - 2012-11-17 11:03 - 00001789 ____A C:\Users\Public\Desktop\ezvid.lnk
2012-11-17 11:03 - 2012-11-17 11:03 - 00000000 ____D C:\Program Files (x86)\ezvid
2012-11-17 11:01 - 2012-11-17 11:03 - 00745016 ____A C:\Windows\unins000.exe
2012-11-17 08:19 - 2012-11-16 20:13 - 00000000 ____D C:\Users\csplummer\AppData\Local\{979E77F9-BD84-4176-82A9-4994BE68B682}
2012-11-16 20:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-16 05:24 - 2009-10-17 08:14 - 00076812 ____A C:\Windows\iis7.log
2012-11-16 05:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2012-11-16 05:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-16 05:08 - 2009-09-16 19:47 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-16 04:51 - 2006-11-02 04:34 - 00000379 ____A C:\Windows\win.ini
2012-11-16 04:46 - 2011-05-04 11:48 - 00000000 ____D C:\Users\csplummer\Documents\Catherine
2012-11-16 04:33 - 2012-11-07 04:10 - 00000000 ____D C:\Users\csplummer\AppData\Local\{8CB691ED-30EE-4AC3-ABDE-E759B7C931C1}

ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-04 21:04:25
Restore point made on: 2012-12-08 06:38:41
Restore point made on: 2012-12-08 11:49:13
Restore point made on: 2012-12-10 04:29:27
Restore point made on: 2012-12-10 05:07:16
Restore point made on: 2012-12-10 17:31:45
Restore point made on: 2012-12-10 22:13:12
Restore point made on: 2012-12-11 14:43:51
Restore point made on: 2012-12-13 15:14:21

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4095.16 MB
Available physical RAM: 3490.8 MB
Total Pagefile: 4093.3 MB
Available Pagefile: 3481.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (HP) (Fixed) (Total:581.03 GB) (Free:160.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:15.14 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (WDO_Media64) (Removable) (Total:0.94 GB) (Free:0.91 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 1024 KB
Disk 1 No Media 0 B 0 B
Disk 2 Online 967 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 581 GB 31 KB
Partition 2 Primary 15 GB 581 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C HP NTFS Partition 581 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FACTORY_IMA NTFS Partition 15 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 966 MB 64 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G WDO_Media64 NTFS Removable 966 MB Healthy

=========================================================

Last Boot: 2012-12-08 14:11

==================== End Of Log =============================

Edited by lifenomad, 14 December 2012 - 11:19 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 AM

Posted 14 December 2012 - 12:20 PM

Hello lifenomad,

Welcome to the forum.

We will remove the infection, boot normally and bring the system back to full functionality. Please refrain from doing any fix or making any changes to the system from now on until we are done unless you decide you can do the rest on your own. Thank you.

  • Please download Listparts and save it to your flash drive. You have x64 version.
  • Download Attached File  fixlist.txt   63bytes   13 downloads
    Save it to your flash drive.
  • Please download Attached File  fix .txt   118bytes   12 downloads
    Save it to your flash drive.
  • Boot to System Recovery Options and select "Command Prompt".

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it later on to your reply. You may close the tool.
  • While still in the recovery environment run ListParts by typing g:\listparts64 in the command prompt and pressing Enter.
    Click Fix. Close the pop up after the fix is done.
  • Please restart, let it boot normally and tell me how it went.


#3 lifenomad

lifenomad
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:06 PM

Posted 14 December 2012 - 02:24 PM

Thank you so much Farbar! The computer is now booting up to the desktop!

As an IT consultant for over 5 years now, I have worked on numerous PC's infected with viruses. However, this last batch of viruses that affects the MBR has been a real hassle. This is now the 3rd computer in just the past few months that I have seen that was not able to boot from either running Combofix or the TDSS utilities.

From reading the other articles I had a feeling as to what the fixlist.txt was going to look like. However, I am very curious as to what exactly the other fix.txt and listparts.exe was doing. It seems that you were causing the primary partition to go inactive and active a few times. Very interested in how this helps.

I know that I will be seeing more of these types of issues in the near future, and I am very interested in gaining an understanding as to how the Farbar utility is fixing these certain items to allow for a system to boot.

I have another laptop exhibiting this same issue that I would really like to get working also.

Looking forward to your advice, and if there are any other next steps you would like me to take.

Listparts Log:
ListParts by Farbar Version: 30-10-2012
Ran by SYSTEM (administrator) on 14-12-2012 at 13:45:12
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 4095.16 MB
Available physical RAM: 3631.59 MB
Total Pagefile: 4093.3 MB
Available Pagefile: 3606.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:581.03 GB) (Free:160.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:15.14 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (WDO_Media64) (Removable) (Total:0.94 GB) (Free:0.91 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 1024 KB
Disk 1 No Media 0 B 0 B
Disk 2 Online 967 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 581 GB 31 KB
Partition 2 Primary 15 GB 581 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C HP NTFS Partition 581 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D FACTORY_IMA NTFS Partition 15 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 966 MB 64 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G WDO_Media64 NTFS Removable 966 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022


****** End Of Log ******

Results of Fixes:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-14 13:50:04 Run:1
Running from G:\

==============================================

C:\Windows\svchost.exe moved successfully.

The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

Script used: "Disk=0 Partition=1 inactive"
Script used: "Disk=0 Partition=1 active"
Script used: "Disk=0 Partition=1 inactive"
Script used: "Disk=0 Partition=1 active"
Script used: "custom"

An error occurred while attempting to delete the specified data element.
Element not found.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 AM

Posted 14 December 2012 - 05:26 PM

Great. :thumbup2:

I appreciate your comment and interest about the inner working of the tools. This is something that we might not address in open forums. :)

I have another laptop exhibiting this same issue that I would really like to get working also.

You can start a topic for that one too.

Knowing that you are an IT consultant you might be able to do the rest. In case you need assistance to do the rest please let me know.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 AM

Posted 19 December 2012 - 06:28 AM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users