Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE will not complete full scan & other help programs don't seem to work


  • This topic is locked This topic is locked
230 replies to this topic

#1 sleepyjeen

sleepyjeen

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 09 February 2013 - 06:01 PM

http://www.bleepingcomputer.com/forums/t/484642/microsoft-security-essentials-hung-up/  This link refers to the topic I had posted and was getting help.  He referred me to here for further assistance.  Some of the programs he had me try to run did not work on my computer.  Windows 7 Home premium X64  Below please find the DDS Log txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by jeen at 16:51:55 on 2013-02-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8187.6446 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\jeen\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\1st Clock\1stClock.exe
C:\Program Files (x86)\MiniMind\MiniMind.exe
C:\Users\jeen\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\1st Clock\ClockApi64.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Utility Chest: {cf67755f-9265-449c-87cf-b945519e073b} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\jeen\AppData\Local\Akamai\netsession_win.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ErrorTeck] C:\Program Files (x86)\ErrorTeck\ErrorTeck.exe /scan
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [GBTUpd] C:\Program Files (x86)\gigabyte\GBTUpd\PreRun.exe
StartupFolder: C:\Users\jeen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\1STCLO~1.LNK - C:\Program Files (x86)\1st Clock\1stClock.exe
StartupFolder: C:\Users\jeen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MINIMI~1.LNK - C:\Program Files (x86)\MiniMind\MiniMind.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~2.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:177
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{55011528-03DA-4F4E-8170-1823826FBF09} : DHCPNameServer = 97.64.183.164 97.64.209.37
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2009-10-9 22568]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-30 53488]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-3-30 219360]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 GPAdjustTimeService;1st Clock Adjust Time Service;C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe [2012-10-27 467968]
R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-5 151552]
R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2009-4-8 24635]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-3-30 27136]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\gigabyte\smart6\timelock\TimeMgmtDaemon.exe [2010-3-30 114688]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-9-25 73728]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-9-25 178688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-30 239616]
R3 TotRec7;Total Recorder WDM audio driver;C:\Windows\System32\drivers\TotRec7.sys [2010-3-3 183888]
R3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\System32\drivers\TotRec8.sys [2010-4-1 121936]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AODDriver;AODDriver;C:\Program Files (x86)\gigabyte\ET6\amd64\AODDriver.sys [2009-2-22 52280]
S3 atidgllk;atidgllk;C:\Program Files (x86)\gigabyte\ET6\atidgllk.sys [2006-7-19 12048]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-3-30 30528]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2010-4-7 19912]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2010-4-7 13264]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-3-30 50688]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-3-30 24064]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-3-30 50688]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-30 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-8 1255736]
.
=============== Created Last 30 ================
.
2013-02-09 22:21:31 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-02-09 22:21:31 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-02-09 22:21:28 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-09 22:12:03 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{075938A1-0543-4BEB-A314-25133BC43CDC}\mpengine.dll
2013-02-09 21:56:40 -------- d-----w- C:\JRT
2013-02-09 21:36:37 9161176 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-09 13:45:03 -------- d-----w- C:\Program Files (x86)\ESET
2013-02-08 21:35:11 -------- d-----w- C:\components
2013-02-08 20:49:43 -------- d-----w- C:\ProgramData\Strongvault Online Backup
2013-02-08 20:49:36 -------- d-sh--w- C:\AI_RecycleBin
2013-02-08 16:20:33 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B94754D2-566F-4693-9547-49B42B45AB8F}\gapaengine.dll
2013-02-08 16:20:01 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-02-08 16:20:00 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-02-07 22:50:58 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-01-24 12:22:29 -------- d-----w- C:\Program Files (x86)\URE
2013-01-24 12:22:28 -------- d-----w- C:\Program Files (x86)\readmes
2013-01-24 12:22:25 -------- d-----w- C:\Program Files (x86)\share
2013-01-24 12:22:25 -------- d-----w- C:\Program Files (x86)\program
2013-01-24 12:22:25 -------- d-----w- C:\Program Files (x86)\Basis
2013-01-24 12:09:29 -------- d-----w- C:\Users\jeen\AppData\Local\Secunia PSI
.
==================== Find3M  ====================
.
2013-02-09 22:17:57 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-09 22:17:57 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-08 03:23:31 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 03:23:31 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 07:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-05 17:22:08 50800 ----a-w- C:\Windows\System32\drivers\point64.sys
2012-12-28 02:04:46 1901 ----a-w- C:\Windows\panose.bin
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 16:52:10.75 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:05:52 PM

Posted 13 February 2013 - 11:37 AM

Hello User,

welcome.gif to Bleeping Computer! My name is whoabuddy and I will be assisting you today. Before we get started, please keep the following in mind while I am helping you to make things go easier and faster for both of us.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Also watch for items italicized in green, these entries are notes to help explain the process or common occurrences.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of headaches as we go along. For more information about backing up your system, please review the links in the first item of the Malware Removal Preparation Guide.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to look over your logs and I will get back to you as soon as possible.

Best Regards,
whoabuddy


Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#3 sleepyjeen

sleepyjeen
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 13 February 2013 - 01:51 PM

Thank you for your response.  I have done the Cobian backup.  I have been doing backups through the windows 7 program on to my external drive but it does not always work completely so I have copied and pasted much of what I think is the most important.



#4 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:05:52 PM

Posted 13 February 2013 - 02:10 PM

Hi sleepyjeen,

No problem, I am happy to help! That's great you've taken the steps to do your backup, I believe it's good to always have your data in two places. After reviewing all of your logs I would like to run an additional scan to get some more information, and I have a few things I would like to share with you as well.

Do you recognize the Browser Configuration Utility? This is from your motherboard manufacturer GIGABYTE and controls search engine preferences. If you're not using it we can remove it.

Do you recognize the ErrorTeck PC Optimization program? This is from errorteck.com and advertised as a registry cleaner, please be careful with this type of software as it usually causes more problems than it fixes, more info can be found below:

NOTE: Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Are you having any other issues with the PC? I can see we've done a lot so far and the original issue was MSE would not complete a full scan - is there anything else you are having trouble with?

We need to run a scan with GMER:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER gmericon_zps951fd5aa.jpg icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
  • IAT/EAT
  • Show All <<< Important
    GMER2new_zpsdd936679.jpg
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
  • Note:
  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning
In your next post I need the following:
  • gmer.log from GMER scan
  • Status Update (from questions in beginning)
Best Regards,
whoabuddy

edited 02132013 11:11am to fix list of required logs at end

Edited by whoabuddy, 13 February 2013 - 02:11 PM.

Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#5 sleepyjeen

sleepyjeen
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 13 February 2013 - 07:12 PM

What a nightmare!  So frustrating!

1.  I do not know what the Browser Configuration Utility is and I don't believe I have ever used it.

2.  I do not know what the ErrorTeck PC Optimization program is and I don't think I have used it.

3.  I ran GMER program and had it running for 3 hours and it finally occured to me that it must not be working so I ran it in safe mode.  I did it several times and each time it stopped at the following:

DLL:C:\Programfiles\microsoft security client\MSMPEng.exe@C:\ProgramData\microsoft\microsoftantimalware\definitionupdates\(70B99871-3D1D-4302-B9AE-70A72CB0B917)mpengine.dll

when it stopped at this it told me this was an error and that the program had to close.

4.  Below is the OTL logs you wanted and I have to tell you that several times this came up:  There is no disk in the drive  Please insert a disk into drive \device\harddisk8\DR8

I hit cancel when that would come up and it did finish scanning.  Below are the logs.

OTL logfile created on: 2/13/2013 5:50:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jeen\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 6.49 Gb Available Physical Memory | 81.15% Memory free
15.99 Gb Paging File | 14.32 Gb Available in Paging File | 89.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 498.51 Gb Total Space | 417.05 Gb Free Space | 83.66% Space Free | Partition Type: NTFS
Drive K: | 146.48 Gb Total Space | 146.18 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive L: | 146.48 Gb Total Space | 116.77 Gb Free Space | 79.71% Space Free | Partition Type: NTFS
Drive M: | 146.48 Gb Total Space | 135.37 Gb Free Space | 92.41% Space Free | Partition Type: NTFS
Drive N: | 156.71 Gb Total Space | 152.63 Gb Free Space | 97.40% Space Free | Partition Type: NTFS
Drive P: | 97.65 Gb Total Space | 97.36 Gb Free Space | 99.69% Space Free | Partition Type: NTFS
Drive Q: | 930.86 Gb Total Space | 540.09 Gb Free Space | 58.02% Space Free | Partition Type: NTFS
 
Computer Name: JEEN-PC | User Name: jeen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/13 17:50:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jeen\Downloads\OTL.exe
PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\jeen\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/03/08 23:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/08 23:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/10/12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/11/09 11:48:14 | 002,978,816 | ---- | M] (Green Parrots Software) -- C:\Program Files (x86)\1st Clock\1stClock.exe
PRC - [2009/11/09 11:48:08 | 000,467,968 | ---- | M] (Green Parrots Software) -- C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe
PRC - [2009/10/13 14:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\gigabyte\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/10/13 14:38:10 | 001,003,520 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\gigabyte\smart6\timelock\AlarmClock.exe
PRC - [2009/10/05 12:01:30 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
PRC - [2009/09/25 08:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/08/04 15:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 15:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/04/08 18:38:52 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
PRC - [2008/11/07 08:10:24 | 000,262,144 | ---- | M] (Vellosoft) -- C:\Program Files (x86)\MiniMind\MiniMind.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/30 16:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2002/10/05 23:46:48 | 000,376,832 | ---- | M] () -- C:\Windows\SysWOW64\actskin4.ocx
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/07/27 20:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/09 12:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/07 21:23:34 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/05 22:11:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2012/11/12 12:11:00 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/09 11:48:08 | 000,467,968 | ---- | M] (Green Parrots Software) [Auto | Running] -- C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe -- (GPAdjustTimeService)
SRV - [2009/10/13 14:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\gigabyte\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/10/05 12:01:30 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2009/08/04 15:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/04/08 18:38:52 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/26 06:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 22:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/27 22:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/27 19:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/03 16:14:16 | 000,121,936 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TotRec8.sys -- (TotRec8)
DRV:64bit: - [2010/03/03 16:14:06 | 000,183,888 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TotRec7.sys -- (TotRec7)
DRV:64bit: - [2009/12/21 19:39:48 | 000,019,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2009/12/21 19:39:44 | 000,013,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2009/11/24 21:18:54 | 000,114,176 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/09 16:55:56 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2009/09/25 08:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/09/25 08:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/20 10:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/13 02:10:42 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/19 20:27:34 | 000,027,136 | R--- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/05 21:14:06 | 000,050,688 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2009/04/05 21:14:06 | 000,050,688 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/12/02 20:20:54 | 000,024,064 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2007/11/14 01:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/08/31 12:15:34 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2007/08/08 10:54:12 | 000,035,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV:64bit: - [2007/06/21 15:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 15:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 15:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2005/09/23 21:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2012/08/26 06:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/07/21 08:03:06 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/08/02 05:40:44 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2010/03/31 11:50:56 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/07/19 10:25:10 | 000,012,048 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\gigabyte\ET6\atidgllk.sys -- (atidgllk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm003YYus&ptb=041806F4-4A97-4DC7-BD79-F04413DFC063&psa=&ind=2011032017&ptnrS=XMxdm003YYus&si=&st=sb&n=77dde9d1&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HI^xdm002^YY^us&si=CNXO-Znu4bQCFYYWMgodzUwALg&ptb=50945386-2C87-4DA0-A562-0DB5BA36CDFC&ind=2013011122&n=77fc1cb2&psa=&st=sb&searchfor={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {BD52758F-A336-4fe7-96D2-BA85B211D91C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HI^xdm002^YY^us&si=CNXO-Znu4bQCFYYWMgodzUwALg&ptb=50945386-2C87-4DA0-A562-0DB5BA36CDFC&ind=2013011122&n=77fc1cb2&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{A6C90DF1-2EF2-407A-96F4-0C5BDEE87FC0}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN43263658200391912&SSPV=SP_IEWSP06
IE - HKCU\..\SearchScopes\{BD52758F-A336-4fe7-96D2-BA85B211D91C}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKCU\..\SearchScopes\{F2881082-D69E-4919-9096-520A6D991839}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{FC836275-18A7-4d80-A14D-3EF87563E7D6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jeen\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jeen\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\49ffxtbr@UtilityChest_49.com: C:\Program Files (x86)\UtilityChest_49\bar\1.bin [2012/01/30 18:26:02 | 000,000,000 | ---D | M]
 
[2012/10/25 19:39:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jeen\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/10/25 18:52:01 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\jeen\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\freehdsport@freehdsport.tv.xpi
[2012/10/13 11:27:00 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\jeen\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012/10/25 19:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Utility Chest) - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ErrorTeck] C:\Program Files (x86)\ErrorTeck\ErrorTeck.exe /scan File not found
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\jeen\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKLM..\RunOnce: [GBTUpd] C:\Program Files (x86)\gigabyte\GBTUpd\PreRun.exe (PreRun)
O4 - Startup: C:\Users\jeen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1st Clock.lnk = C:\Program Files (x86)\1st Clock\1stClock.exe (Green Parrots Software)
O4 - Startup: C:\Users\jeen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MiniMinder.lnk = C:\Program Files (x86)\MiniMind\MiniMind.exe (Vellosoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.209.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55011528-03DA-4F4E-8170-1823826FBF09}: DhcpNameServer = 97.64.183.164 97.64.209.37
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/10/21 16:19:45 | 000,000,000 | R--D | M] - L:\AUTOSAVE1 -- [ NTFS ]
O32 - AutoRun File - [2012/10/21 16:19:45 | 000,000,006 | ---- | M] () - L:\autosave1.stx -- [ NTFS ]
O33 - MountPoints2\{2006d84d-479e-11df-b0e6-6cf049093aa2}\Shell - "" = AutoRun
O33 - MountPoints2\{2006d84d-479e-11df-b0e6-6cf049093aa2}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O33 - MountPoints2\{66d2f7d6-8c46-11e0-b129-6cf049093aa2}\Shell - "" = AutoRun
O33 - MountPoints2\{66d2f7d6-8c46-11e0-b129-6cf049093aa2}\Shell\AutoRun\command - "" = "O:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/13 11:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
[2013/02/13 11:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 11
[2013/02/11 06:37:43 | 000,000,000 | ---D | C] -- C:\MATS
[2013/02/10 21:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2013/02/10 21:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2013/02/09 22:42:05 | 000,000,000 | ---D | C] -- C:\Users\jeen\Desktop\Faith Sunday school kids Old Testament resource 2_files
[2013/02/09 22:36:41 | 000,000,000 | ---D | C] -- C:\Users\jeen\Desktop\Faith Sunday school kids Old Testament resource_files
[2013/02/09 16:21:31 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/02/09 16:21:31 | 000,963,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/02/09 16:21:31 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/02/09 16:21:28 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/02/09 16:21:28 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/02/09 16:21:28 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/02/09 16:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/02/09 15:56:40 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/09 07:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/02/08 16:27:05 | 000,000,000 | ---D | C] -- C:\Users\jeen\Documents\adobe_creative_suite_cleaner_tool
[2013/02/08 15:35:11 | 000,000,000 | ---D | C] -- C:\components
[2013/02/08 15:05:58 | 000,000,000 | ---D | C] -- C:\Users\jeen\Documents\georgekill
[2013/02/08 15:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/08 15:03:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013/02/08 14:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/08 14:49:36 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/02/08 14:46:32 | 000,000,000 | ---D | C] -- C:\Users\jeen\Documents\Add-in Express
[2013/02/08 13:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/02/08 10:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/02/08 10:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/02/08 09:36:58 | 011,195,496 | ---- | C] (OPSWAT, Inc.) -- C:\Users\jeen\Desktop\AppRemover.exe
[2013/02/07 16:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/01/30 20:40:56 | 000,000,000 | ---D | C] -- C:\Users\jeen\Documents\Unit-9-Clipart
[2013/01/30 20:40:06 | 000,000,000 | ---D | C] -- C:\Users\jeen\Documents\Unit-8-Clipart
[2013/01/30 20:39:18 | 000,000,000 | ---D | C] -- C:\Users\jeen\Documents\Easter-Clipart
[2013/01/24 08:53:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2013/01/24 07:23:48 | 000,000,000 | ---D | C] -- C:\Users\jeen\Documents\Photoshop_CS6_13_0_1_1_upd
[2013/01/24 06:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013/01/24 06:22:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\URE
[2013/01/24 06:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\readmes
[2013/01/24 06:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\share
[2013/01/24 06:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\program
[2013/01/24 06:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Basis
[2013/01/24 06:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHP 5
[2013/01/24 06:09:29 | 000,000,000 | ---D | C] -- C:\Users\jeen\AppData\Local\Secunia PSI
[2013/01/17 23:28:38 | 000,000,000 | ---D | C] -- C:\Users\jeen\Documents\Sunday School Board
[2013/01/17 23:20:23 | 000,000,000 | ---D | C] -- C:\Users\jeen\Documents\Plagues
[2010/04/08 13:02:13 | 075,058,160 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\jeen\10-3_vista64_win7_64_dd_ccc_wdm_enu.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/13 17:55:42 | 000,023,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 17:55:42 | 000,023,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 17:55:26 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/13 17:55:26 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/13 17:55:26 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/13 17:48:40 | 000,073,472 | ---- | M] () -- C:\Windows\za_mv_raid.ev
[2013/02/13 17:48:40 | 000,000,096 | ---- | M] () -- C:\Windows\za_mv_seqnum.ev
[2013/02/13 17:48:37 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/13 17:48:36 | 000,000,008 | ---- | M] () -- C:\Windows\mvraidver.dat
[2013/02/13 17:48:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/13 17:48:04 | 2143,789,055 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/13 17:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/13 17:00:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/13 16:42:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1420414889-2338875233-2904267572-1001UA.job
[2013/02/13 13:47:48 | 000,365,402 | ---- | M] () -- C:\Users\jeen\Desktop\gmer.zip
[2013/02/12 23:42:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1420414889-2338875233-2904267572-1001Core.job
[2013/02/12 16:46:37 | 004,302,353 | ---- | M] () -- C:\Users\jeen\Documents\valentines-day-giveaway-book.pdf
[2013/02/11 21:23:23 | 000,000,497 | ---- | M] () -- C:\Users\jeen\Desktop\How to Backup Emails, Calendar, and Contacts from Outlook 2010 and Outlook 2007 - YouTube.url
[2013/02/11 21:06:18 | 000,001,879 | ---- | M] () -- C:\Users\jeen\Desktop\virtool-win32-obfuscator removal - Tech Support Guy Forums.url
[2013/02/11 08:46:04 | 000,003,722 | ---- | M] () -- C:\Users\jeen\Desktop\Errors in Event Viewer - Windows 7 Support Forums.url
[2013/02/11 07:03:05 | 000,000,226 | ---- | M] () -- C:\Users\jeen\Desktop\How To Fix 0X80070645 Error.url
[2013/02/11 06:39:55 | 000,000,299 | ---- | M] () -- C:\Users\jeen\Desktop\Fix problems with programs that can't be installed or uninstalled.url
[2013/02/10 20:37:45 | 000,000,327 | ---- | M] () -- C:\Users\jeen\Desktop\[dandee] Hearts Stitched Together  A Handmade Valentine..url
[2013/02/10 20:35:31 | 000,003,309 | ---- | M] () -- C:\Users\jeen\Desktop\Three Day Workout Tabatta method exercises  abc7chicago.com.url
[2013/02/09 22:43:07 | 000,002,069 | ---- | M] () -- C:\Users\jeen\Desktop\Kids Bible Crafts Jesus and New Testament Sunday School Activities, Lesson Resources.url
[2013/02/09 22:42:05 | 000,000,934 | ---- | M] () -- C:\Users\jeen\Desktop\Faith Sunday school kids Old Testament resource 2.htm
[2013/02/09 22:36:41 | 000,000,922 | ---- | M] () -- C:\Users\jeen\Desktop\Faith Sunday school kids Old Testament resource.htm
[2013/02/09 16:21:25 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/02/09 16:21:25 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/02/09 16:21:25 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/02/09 16:21:25 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/02/09 16:21:25 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/02/09 16:21:25 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/02/09 16:17:57 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/02/09 16:17:57 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/02/09 16:14:52 | 000,000,333 | ---- | M] () -- C:\Users\jeen\Desktop\Java SE Downloads.url
[2013/02/09 00:23:25 | 000,000,505 | ---- | M] () -- C:\Users\jeen\Desktop\Download Microsoft Security Essentials from Official Microsoft Download Center.url
[2013/02/08 20:43:09 | 000,002,409 | ---- | M] () -- C:\Users\jeen\Desktop\Microsoft Security Essentials hung up - BleepingComputer.com.url
[2013/02/08 19:23:11 | 000,000,271 | ---- | M] () -- C:\Users\jeen\Desktop\Free Online Virus Scanner  ESET.url
[2013/02/08 19:22:01 | 000,000,434 | ---- | M] () -- C:\Users\jeen\Desktop\MSE stops and sticks at - Microsoft Community (2).url
[2013/02/08 19:07:30 | 000,000,434 | ---- | M] () -- C:\Users\jeen\Desktop\MSE stops and sticks at - Microsoft Community.url
[2013/02/08 15:02:08 | 000,365,419 | ---- | M] () -- C:\Users\jeen\Documents\georgekill.7z
[2013/02/08 11:55:03 | 000,001,958 | ---- | M] () -- C:\Users\jeen\Desktop\Pinterest - Search results for valentines crafts.url
[2013/02/08 11:31:00 | 000,000,294 | ---- | M] () -- C:\Users\jeen\Desktop\http--media-cache-ec7.pinterest.com-originals-07-bf-d5-07bfd513a7147ff0a4b43f2f727c7d51.jpg.url
[2013/02/08 10:22:03 | 000,000,324 | ---- | M] () -- C:\Users\jeen\Desktop\Download Enhanced Internet Explorer 9.url
[2013/02/08 10:20:12 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/08 09:36:25 | 011,195,496 | ---- | M] (OPSWAT, Inc.) -- C:\Users\jeen\Desktop\AppRemover.exe
[2013/02/08 09:24:25 | 000,000,424 | ---- | M] () -- C:\Users\jeen\Desktop\MSE scan freeze on - Microsoft Community.url
[2013/02/07 22:17:34 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/07 21:23:31 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/07 21:23:31 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/07 20:53:12 | 000,510,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/07 12:54:33 | 000,000,472 | ---- | M] () -- C:\Users\jeen\Desktop\Full scan doesnt complete-stalls at a file - Microsoft Community.url
[2013/02/07 07:10:31 | 000,000,316 | ---- | M] () -- C:\Users\jeen\Desktop\Make a wall of paper hearts  How About Orange.url
[2013/02/05 13:27:35 | 000,000,874 | ---- | M] () -- C:\Users\jeen\Desktop\5 Foods To NEVER Eat  Beyond Diet.url
[2013/02/05 10:46:03 | 000,000,294 | ---- | M] () -- C:\Users\jeen\Desktop\http--audio2.duluthbible.org-sermons-media-06-10ei_mr_TopicID=14580&ei_mr_ResourceID=22459.url
[2013/02/04 21:39:31 | 000,000,256 | ---- | M] () -- C:\Users\jeen\Desktop\Precious Moments.url
[2013/02/04 21:39:12 | 000,000,284 | ---- | M] () -- C:\Users\jeen\Desktop\Christian Postcards, Christian Post Cards.url
[2013/02/03 22:09:09 | 000,499,766 | ---- | M] () -- C:\Users\jeen\Documents\1 Jesus is the answer postcard.jpg
[2013/02/03 22:08:46 | 000,136,080 | ---- | M] () -- C:\Users\jeen\Documents\Jesus is the answer postcard.jpg
[2013/02/03 21:57:04 | 000,365,311 | ---- | M] () -- C:\Users\jeen\Documents\1 Praise The Lord Anyhow postcard.jpg
[2013/02/03 21:56:33 | 000,113,940 | ---- | M] () -- C:\Users\jeen\Documents\Praise The Lord Anyhow postcard.jpg
[2013/02/03 21:27:54 | 000,967,344 | ---- | M] () -- C:\Users\jeen\Documents\Sunday School Lesson Activity 219 Moses Builds a Tablernacle in the Wilderness - Printable 3D Model Kit.pdf
[2013/02/02 22:53:51 | 000,064,865 | ---- | M] () -- C:\Users\jeen\Desktop\CD-268028-2T.jpg
[2013/02/02 20:17:20 | 000,002,771 | ---- | M] () -- C:\Users\jeen\Desktop\The Activity Mom Bible People (printable).url
[2013/02/02 20:15:43 | 023,157,986 | ---- | M] () -- C:\Users\jeen\Desktop\BGS_BibleCharacters_Medium.pdf
[2013/02/02 20:10:22 | 000,001,995 | ---- | M] () -- C:\Users\jeen\Desktop\Sunday school crafts-Ideas,Books.url
[2013/02/01 13:31:20 | 000,000,293 | ---- | M] () -- C:\Users\jeen\Desktop\American Girl Frequently Asked Doll Care Questions  American Girl®.url
[2013/01/31 11:48:22 | 000,000,183 | ---- | M] () -- C:\Users\jeen\Desktop\Buy Gold and Silver Bullion Coins Bars Online  Buying Liberty Gold Coins  Gold And Silver Online.url
[2013/01/29 09:07:40 | 000,800,736 | ---- | M] () -- C:\Users\jeen\Desktop\Rose_Bible_e-Charts_maps.pdf
[2013/01/27 20:55:42 | 000,000,168 | ---- | M] () -- C:\Users\jeen\Desktop\MarriageToday.url
[2013/01/26 23:04:24 | 000,003,104 | ---- | M] () -- C:\Users\jeen\Desktop\Ten Commandments File Folder Game (2).url
[2013/01/26 21:00:20 | 000,003,105 | ---- | M] () -- C:\Users\jeen\Desktop\Ten Commandments File Folder Game.url
[2013/01/26 13:49:26 | 000,021,432 | ---- | M] () -- C:\Users\jeen\Desktop\commandgame2.gif
[2013/01/26 12:50:53 | 000,069,248 | ---- | M] () -- C:\Users\jeen\Desktop\258464466084803054_0PxMClWL_c.jpg
[2013/01/26 07:10:17 | 000,000,220 | ---- | M] () -- C:\Users\jeen\Desktop\Dainty Jewell's  Modest Apparel for Today's Lady.url
[2013/01/26 07:08:50 | 000,098,508 | ---- | M] () -- C:\Users\jeen\Desktop\10Commandments-Kids-500x500.jpg
[2013/01/25 21:32:50 | 000,165,212 | ---- | M] () -- C:\Users\jeen\Desktop\autoplayhandlers_backup.reg
[2013/01/24 20:19:15 | 000,000,227 | ---- | M] () -- C:\Users\jeen\Desktop\Remote Access and Remote Desktop Software for Your Computer  LogMeIn.url
[2013/01/24 13:18:07 | 000,000,218 | ---- | M] () -- C:\Users\jeen\Desktop\Coin replicas of the Bible, coins and information from Whispering Dream Pewter, Bennington Vermont.url
[2013/01/23 19:58:50 | 000,001,996 | ---- | M] () -- C:\Users\jeen\Desktop\What Is a Chiropractic Activator.url
[2013/01/23 14:02:12 | 001,135,921 | ---- | M] () -- C:\Users\jeen\Desktop\The 3 dogs.jpg
[2013/01/23 13:59:41 | 000,701,569 | ---- | M] () -- C:\Users\jeen\Desktop\Daisy sleepying.jpg
[2013/01/23 13:57:36 | 001,007,090 | ---- | M] () -- C:\Users\jeen\Desktop\Daisy.jpg
[2013/01/23 11:52:26 | 000,031,767 | ---- | M] () -- C:\Users\jeen\Desktop\daisy and annie 2006.jpg
[2013/01/23 10:00:19 | 000,000,681 | ---- | M] () -- C:\Users\jeen\Desktop\The Country Cook Southern Pecan Praline Cake with Butter Sauce.url
[2013/01/22 14:53:38 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\ChurchTrac 9.lnk
[2013/01/22 14:53:38 | 000,000,942 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2013/01/16 20:13:08 | 000,000,215 | ---- | M] () -- C:\Users\jeen\Desktop\Welcome to FamilySearch.url
[2013/01/16 09:26:54 | 000,216,447 | ---- | M] () -- C:\Users\jeen\Desktop\bible-book-cards.pdf
 
========== Files Created - No Company Name ==========
 
[2013/02/13 13:47:46 | 000,365,402 | ---- | C] () -- C:\Users\jeen\Desktop\gmer.zip
[2013/02/12 16:46:37 | 004,302,353 | ---- | C] () -- C:\Users\jeen\Documents\valentines-day-giveaway-book.pdf
[2013/02/11 21:23:22 | 000,000,497 | ---- | C] () -- C:\Users\jeen\Desktop\How to Backup Emails, Calendar, and Contacts from Outlook 2010 and Outlook 2007 - YouTube.url
[2013/02/11 21:06:18 | 000,001,879 | ---- | C] () -- C:\Users\jeen\Desktop\virtool-win32-obfuscator removal - Tech Support Guy Forums.url
[2013/02/11 08:46:04 | 000,003,722 | ---- | C] () -- C:\Users\jeen\Desktop\Errors in Event Viewer - Windows 7 Support Forums.url
[2013/02/11 07:03:05 | 000,000,226 | ---- | C] () -- C:\Users\jeen\Desktop\How To Fix 0X80070645 Error.url
[2013/02/11 06:39:55 | 000,000,299 | ---- | C] () -- C:\Users\jeen\Desktop\Fix problems with programs that can't be installed or uninstalled.url
[2013/02/10 20:37:45 | 000,000,327 | ---- | C] () -- C:\Users\jeen\Desktop\[dandee] Hearts Stitched Together  A Handmade Valentine..url
[2013/02/10 20:35:31 | 000,003,309 | ---- | C] () -- C:\Users\jeen\Desktop\Three Day Workout Tabatta method exercises  abc7chicago.com.url
[2013/02/09 22:43:07 | 000,002,069 | ---- | C] () -- C:\Users\jeen\Desktop\Kids Bible Crafts Jesus and New Testament Sunday School Activities, Lesson Resources.url
[2013/02/09 22:42:05 | 000,000,934 | ---- | C] () -- C:\Users\jeen\Desktop\Faith Sunday school kids Old Testament resource 2.htm
[2013/02/09 22:36:41 | 000,000,922 | ---- | C] () -- C:\Users\jeen\Desktop\Faith Sunday school kids Old Testament resource.htm
[2013/02/09 16:14:52 | 000,000,333 | ---- | C] () -- C:\Users\jeen\Desktop\Java SE Downloads.url
[2013/02/09 00:23:25 | 000,000,505 | ---- | C] () -- C:\Users\jeen\Desktop\Download Microsoft Security Essentials from Official Microsoft Download Center.url
[2013/02/08 20:43:09 | 000,002,409 | ---- | C] () -- C:\Users\jeen\Desktop\Microsoft Security Essentials hung up - BleepingComputer.com.url
[2013/02/08 19:23:11 | 000,000,271 | ---- | C] () -- C:\Users\jeen\Desktop\Free Online Virus Scanner  ESET.url
[2013/02/08 19:22:01 | 000,000,434 | ---- | C] () -- C:\Users\jeen\Desktop\MSE stops and sticks at - Microsoft Community (2).url
[2013/02/08 19:07:30 | 000,000,434 | ---- | C] () -- C:\Users\jeen\Desktop\MSE stops and sticks at - Microsoft Community.url
[2013/02/08 15:10:36 | 000,363,008 | ---- | C] () -- C:\Users\jeen\Documents\georgekill.exe
[2013/02/08 15:02:21 | 000,365,419 | ---- | C] () -- C:\Users\jeen\Documents\georgekill.7z
[2013/02/08 11:55:03 | 000,001,958 | ---- | C] () -- C:\Users\jeen\Desktop\Pinterest - Search results for valentines crafts.url
[2013/02/08 11:31:00 | 000,000,294 | ---- | C] () -- C:\Users\jeen\Desktop\http--media-cache-ec7.pinterest.com-originals-07-bf-d5-07bfd513a7147ff0a4b43f2f727c7d51.jpg.url
[2013/02/08 10:22:03 | 000,000,324 | ---- | C] () -- C:\Users\jeen\Desktop\Download Enhanced Internet Explorer 9.url
[2013/02/08 10:20:07 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/02/08 09:24:25 | 000,000,424 | ---- | C] () -- C:\Users\jeen\Desktop\MSE scan freeze on - Microsoft Community.url
[2013/02/07 12:54:33 | 000,000,472 | ---- | C] () -- C:\Users\jeen\Desktop\Full scan doesnt complete-stalls at a file - Microsoft Community.url
[2013/02/07 07:10:31 | 000,000,316 | ---- | C] () -- C:\Users\jeen\Desktop\Make a wall of paper hearts  How About Orange.url
[2013/02/05 13:27:35 | 000,000,874 | ---- | C] () -- C:\Users\jeen\Desktop\5 Foods To NEVER Eat  Beyond Diet.url
[2013/02/05 10:46:03 | 000,000,294 | ---- | C] () -- C:\Users\jeen\Desktop\http--audio2.duluthbible.org-sermons-media-06-10ei_mr_TopicID=14580&ei_mr_ResourceID=22459.url
[2013/02/04 21:39:31 | 000,000,256 | ---- | C] () -- C:\Users\jeen\Desktop\Precious Moments.url
[2013/02/04 21:39:12 | 000,000,284 | ---- | C] () -- C:\Users\jeen\Desktop\Christian Postcards, Christian Post Cards.url
[2013/02/03 22:09:08 | 000,499,766 | ---- | C] () -- C:\Users\jeen\Documents\1 Jesus is the answer postcard.jpg
[2013/02/03 22:08:45 | 000,136,080 | ---- | C] () -- C:\Users\jeen\Documents\Jesus is the answer postcard.jpg
[2013/02/03 21:57:03 | 000,365,311 | ---- | C] () -- C:\Users\jeen\Documents\1 Praise The Lord Anyhow postcard.jpg
[2013/02/03 21:56:32 | 000,113,940 | ---- | C] () -- C:\Users\jeen\Documents\Praise The Lord Anyhow postcard.jpg
[2013/02/03 21:27:54 | 000,967,344 | ---- | C] () -- C:\Users\jeen\Documents\Sunday School Lesson Activity 219 Moses Builds a Tablernacle in the Wilderness - Printable 3D Model Kit.pdf
[2013/02/02 22:54:30 | 000,064,865 | ---- | C] () -- C:\Users\jeen\Desktop\CD-268028-2T.jpg
[2013/02/02 20:17:19 | 000,002,771 | ---- | C] () -- C:\Users\jeen\Desktop\The Activity Mom Bible People (printable).url
[2013/02/02 20:15:43 | 023,157,986 | ---- | C] () -- C:\Users\jeen\Desktop\BGS_BibleCharacters_Medium.pdf
[2013/02/02 20:10:22 | 000,001,995 | ---- | C] () -- C:\Users\jeen\Desktop\Sunday school crafts-Ideas,Books.url
[2013/02/01 13:31:20 | 000,000,293 | ---- | C] () -- C:\Users\jeen\Desktop\American Girl Frequently Asked Doll Care Questions  American Girl®.url
[2013/01/31 11:48:22 | 000,000,183 | ---- | C] () -- C:\Users\jeen\Desktop\Buy Gold and Silver Bullion Coins Bars Online  Buying Liberty Gold Coins  Gold And Silver Online.url
[2013/01/29 09:07:40 | 000,800,736 | ---- | C] () -- C:\Users\jeen\Desktop\Rose_Bible_e-Charts_maps.pdf
[2013/01/27 20:55:42 | 000,000,168 | ---- | C] () -- C:\Users\jeen\Desktop\MarriageToday.url
[2013/01/26 23:04:24 | 000,003,104 | ---- | C] () -- C:\Users\jeen\Desktop\Ten Commandments File Folder Game (2).url
[2013/01/26 21:00:20 | 000,003,105 | ---- | C] () -- C:\Users\jeen\Desktop\Ten Commandments File Folder Game.url
[2013/01/26 18:11:41 | 000,021,432 | ---- | C] () -- C:\Users\jeen\Desktop\commandgame2.gif
[2013/01/26 12:52:02 | 000,069,248 | ---- | C] () -- C:\Users\jeen\Desktop\258464466084803054_0PxMClWL_c.jpg
[2013/01/26 07:10:17 | 000,000,220 | ---- | C] () -- C:\Users\jeen\Desktop\Dainty Jewell's  Modest Apparel for Today's Lady.url
[2013/01/26 07:09:51 | 000,098,508 | ---- | C] () -- C:\Users\jeen\Desktop\10Commandments-Kids-500x500.jpg
[2013/01/25 21:32:50 | 000,165,212 | ---- | C] () -- C:\Users\jeen\Desktop\autoplayhandlers_backup.reg
[2013/01/24 20:19:15 | 000,000,227 | ---- | C] () -- C:\Users\jeen\Desktop\Remote Access and Remote Desktop Software for Your Computer  LogMeIn.url
[2013/01/24 13:18:07 | 000,000,218 | ---- | C] () -- C:\Users\jeen\Desktop\Coin replicas of the Bible, coins and information from Whispering Dream Pewter, Bennington Vermont.url
[2013/01/23 19:58:50 | 000,001,996 | ---- | C] () -- C:\Users\jeen\Desktop\What Is a Chiropractic Activator.url
[2013/01/23 14:02:10 | 001,135,921 | ---- | C] () -- C:\Users\jeen\Desktop\The 3 dogs.jpg
[2013/01/23 13:59:39 | 000,701,569 | ---- | C] () -- C:\Users\jeen\Desktop\Daisy sleepying.jpg
[2013/01/23 13:57:33 | 001,007,090 | ---- | C] () -- C:\Users\jeen\Desktop\Daisy.jpg
[2013/01/23 11:52:25 | 000,031,767 | ---- | C] () -- C:\Users\jeen\Desktop\daisy and annie 2006.jpg
[2013/01/23 10:00:19 | 000,000,681 | ---- | C] () -- C:\Users\jeen\Desktop\The Country Cook Southern Pecan Praline Cake with Butter Sauce.url
[2013/01/16 20:13:08 | 000,000,215 | ---- | C] () -- C:\Users\jeen\Desktop\Welcome to FamilySearch.url
[2013/01/05 23:27:58 | 000,000,017 | ---- | C] () -- C:\Users\jeen\AppData\Local\resmon.resmoncfg
[2012/12/27 20:24:41 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2012/12/27 20:04:44 | 000,001,901 | ---- | C] () -- C:\Windows\panose.bin
[2012/12/27 20:03:01 | 000,042,483 | ---- | C] () -- C:\Windows\Icccodes.dat
[2012/12/27 20:03:01 | 000,039,095 | ---- | C] () -- C:\Windows\Iccsigs.dat
[2012/12/27 20:03:01 | 000,000,156 | ---- | C] () -- C:\Windows\Kpcms.ini
[2012/12/27 20:02:48 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2012/10/03 20:02:05 | 000,000,823 | ---- | C] () -- C:\Users\jeen\.recently-used.xbel
[2012/08/22 20:35:44 | 000,000,392 | ---- | C] () -- C:\Windows\Dazzle Pawn.INI
[2012/08/22 20:35:44 | 000,000,002 | ---- | C] () -- C:\Windows\SysWow64\parclass.dat
[2012/08/13 10:57:00 | 000,012,927 | ---- | C] () -- C:\Program Files (x86)\readme.html
[2012/07/27 19:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 19:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\basis-link
[2012/04/29 21:16:52 | 000,001,057 | ---- | C] () -- C:\Users\jeen\AppData\Roaming\vso_ts_preview.xml
[2012/03/29 02:18:33 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/03/13 20:15:42 | 000,000,079 | ---- | C] () -- C:\Windows\EW7520.ini
[2011/11/24 20:06:10 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/11/23 09:09:01 | 000,058,222 | ---- | C] () -- C:\Users\jeen\fd dance.jpg
[2011/11/21 21:39:34 | 000,033,001 | ---- | C] () -- C:\Users\jeen\65.jpg
[2011/11/17 15:15:46 | 000,229,452 | ---- | C] () -- C:\Windows\SysWow64\mls_set4.dll
[2011/11/17 15:15:46 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\LMCHART1.dll
[2011/11/17 15:15:46 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\f23dll.dll
[2011/11/17 15:15:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\eztw32.dll
[2011/11/17 15:15:46 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\tstream.dll
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/12 09:06:35 | 000,009,366 | ---- | C] () -- C:\Users\jeen\AppData\Roaming\Comma Separated Values (Windows).EML
[2011/09/05 21:10:46 | 000,000,942 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/07/09 08:21:22 | 000,000,008 | ---- | C] () -- C:\Windows\mvraidver.dat
[2011/04/02 15:32:14 | 000,036,380 | ---- | C] () -- C:\Users\jeen\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/03/30 07:42:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/03/07 09:53:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/02/21 21:27:53 | 001,874,432 | ---- | C] () -- C:\Windows\SysWow64\myodbc5S.dll
[2011/02/21 21:27:53 | 001,743,360 | ---- | C] () -- C:\Windows\SysWow64\myodbc-installer.exe
[2010/12/27 20:33:01 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/04/08 21:56:41 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2010/05/15 20:10:50 | 000,000,349 | ---- | M] ()(C:\Users\jeen\Documents\Pink Paper Peppermints Sweet ? Crafty ? Goodness 31 Crafty Flowers Day Four - Pop Open Petals Card.url) -- C:\Users\jeen\Documents\Pink Paper Peppermints Sweet ♥ Crafty ♥ Goodness 31 Crafty Flowers Day Four - Pop Open Petals Card.url
[2010/05/15 20:10:50 | 000,000,349 | ---- | C] ()(C:\Users\jeen\Documents\Pink Paper Peppermints Sweet ? Crafty ? Goodness 31 Crafty Flowers Day Four - Pop Open Petals Card.url) -- C:\Users\jeen\Documents\Pink Paper Peppermints Sweet ♥ Crafty ♥ Goodness 31 Crafty Flowers Day Four - Pop Open Petals Card.url
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 384 bytes -> C:\ProgramData\desktop.ini:af0a97470ed1c0247b97a9cafea3834b

< End of report >

The extra's log

OTL Extras logfile created on: 2/13/2013 5:50:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jeen\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
8.00 Gb Total Physical Memory | 6.49 Gb Available Physical Memory | 81.15% Memory free
15.99 Gb Paging File | 14.32 Gb Available in Paging File | 89.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 498.51 Gb Total Space | 417.05 Gb Free Space | 83.66% Space Free | Partition Type: NTFS
Drive K: | 146.48 Gb Total Space | 146.18 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive L: | 146.48 Gb Total Space | 116.77 Gb Free Space | 79.71% Space Free | Partition Type: NTFS
Drive M: | 146.48 Gb Total Space | 135.37 Gb Free Space | 92.41% Space Free | Partition Type: NTFS
Drive N: | 156.71 Gb Total Space | 152.63 Gb Free Space | 97.40% Space Free | Partition Type: NTFS
Drive P: | 97.65 Gb Total Space | 97.36 Gb Free Space | 99.69% Space Free | Partition Type: NTFS
Drive Q: | 930.86 Gb Total Space | 540.09 Gb Free Space | 58.02% Space Free | Partition Type: NTFS
 
Computer Name: JEEN-PC | User Name: jeen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10FFDDB7-62B2-4D4A-A3BE-0F6EA719B29D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{18315A59-BA08-4C23-BEFC-5A9DA772156D}" = lport=49184 | protocol=6 | dir=in | name=akamai netsession interface |
"{19830205-63AA-48DC-A884-04CD880F4F6F}" = lport=445 | protocol=6 | dir=in | app=system |
"{1AEFA6B5-C541-491B-ABDC-DDFE75BF0210}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C6FF1EB-CA85-403E-9194-97F9BF372EC8}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E935C3D-B484-4829-8068-843BDA2BD7D8}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{27FE2FA4-4A7A-4DE9-A0F0-30C706C3AE0D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{329AE6D6-EB34-4DE6-A64B-08DB682A2573}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3B26B19C-839D-4F29-BE10-C0A9AFAC43EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{470BE4A0-E9D1-44B3-8A7F-9F79B7C78A40}" = lport=49247 | protocol=6 | dir=in | name=akamai netsession interface |
"{5584757D-06EE-43A5-B2B8-298E4856A74E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55BF711D-4990-45D1-AD3C-AD073CF2352C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AEEA229-A8A3-4CC9-A49F-CD1C29EA6B63}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{646A2810-7053-4849-9A6A-C0C706C0ECB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E03B481-10D7-41EF-A011-914C2BAEF732}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{77C94957-0C55-47E1-837F-055E2BA07FE5}" = lport=139 | protocol=6 | dir=in | app=system |
"{798602D1-1B04-45B3-BCFE-41E130791BCE}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{7B846D16-58CE-4BD4-B5C8-CEA43DA3F4AB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{8CE14FA3-F32D-44D8-B97A-393882D2B362}" = rport=137 | protocol=17 | dir=out | app=system |
"{8D6ECC15-2D39-4258-93A3-A0F1197A02B2}" = lport=137 | protocol=17 | dir=in | app=system |
"{90925D37-5BE0-43C4-948B-F5E49A253A6A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{993351B6-36B5-4ACB-A169-0ADA9AB36825}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CC77333-1426-4356-AEE2-2D7EE34A562E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{A7010311-3078-42DD-B96B-D3D8713CBF78}" = lport=138 | protocol=17 | dir=in | app=system |
"{B3AB0A8B-20AD-4A09-A3B8-5F16A93C3D67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC7B109A-06F6-41AF-B6BB-C44C039F9936}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C3D52C33-5EE0-47DF-A47A-3D8D42168F69}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE1E8F6D-9431-4863-B044-022B49D6E3BE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E71B17D2-DB79-4A4E-B56F-6481DA330A90}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F7B32C5B-96B7-476A-B377-5696BFB2A986}" = rport=445 | protocol=6 | dir=out | app=system |
"{F8938E8D-E979-4F6F-9D24-A5EA5424D75A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FE630980-7ACD-4458-A054-9ABF50087194}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C9B06E-0ACF-4FB1-B175-026BE10CC915}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0E90D23C-C9AD-4B7A-A7DA-16D34F16E398}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{14884540-015C-4E07-9809-E09A684DAB4C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{161BC0FE-CA20-4B52-9A97-70CE3E44D3FC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{1CB40C19-DA62-4C40-BDF6-4E46F20121A9}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{1F6C34E3-EC7C-4A16-8ECD-BEDF105B29F5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector express\pdx.exe |
"{28D85F4A-82C0-4340-90ED-52AA021587E1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2B22DF90-1C79-4AF3-A0AB-791F11D7B5ED}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{2E606CAD-4F80-4DF0-9C9F-D0FFE966B4FD}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{3105060F-0D57-4CFC-B7E6-706AA1F8254C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{326E7FA4-A740-4692-8A53-34859FB55181}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{3BD3E499-5142-4C2F-A77B-D9591E9EB08E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DE99920-8187-42F2-919F-4B850D88C312}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{481064E8-7B93-411C-8970-E9DCDC5F5C4A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{4974A697-FB51-4B3E-B299-E5C9E429DBBC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{4F81F462-6B10-4450-997B-11A857A67285}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5677F8F2-EBFC-4D96-9B31-3BEBD44674D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59B8C43B-F9AA-4815-975C-6BEEFC86F39F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{5EC660CC-3823-4FC7-95E2-4C621ED27A62}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{60DAF741-ADCE-4B69-B766-5EE6F812B364}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6288C7B4-0540-415D-B982-CEE7E4A7A210}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{69C3586E-0BF7-446E-B677-259533205C17}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6AE10008-CCF5-4902-997D-A3F91493C530}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{77177FF3-9074-4F8B-A733-40101786EA5A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{77A76A56-F737-4818-80AE-B2D0BE3F1D7B}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{77D4D4F7-0454-402C-B7EC-5FE492606077}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{7DEDFC51-CD9C-4760-8075-0A3A6572F254}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{817634FC-8FD2-482D-BB2C-697B24B0CBF3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{844002B3-63CA-4F59-B552-135B3A7D7B29}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E044FB6-E815-45BE-8F1B-97CCFCBFB7B4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{8EBFB121-556B-4CF0-A6B3-74C4C90937A5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{95A0BD70-20A1-44D9-BF5E-C8A99651C805}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{95D619C3-CBEA-4EC7-B888-29F2409298AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9DD8B5FD-0555-4A8E-A20D-7A9F9DE7DAFD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A98B6E78-1531-4EA1-B97B-7572EE2E667E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC58D476-52BD-4B2E-8C7A-D98F3D4A944A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B098B534-A066-4475-80F3-910F056A4657}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C4337FC3-6EB3-4A21-B1A7-820E5D1D6E43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB8E7A73-27A1-420B-800D-9E6D2AB6FA02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D02ADE7A-982C-4EDD-A45A-517E2D463E23}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{D29E6BE7-C9F7-4C4C-832E-6DEC1EA61006}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{D7D28234-A381-4C25-9DB7-6F516C0DBCA4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D822FEB0-45CB-43CD-8A91-91D4E96C9AF2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D9971B3F-117A-4C2C-BC3E-A91B785C36D9}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{DBC0FC30-8A76-4B09-898D-A0E6E12CA667}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DCACA4C2-A62E-47A5-8690-70BFEA2E290A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DDB9EF6C-653F-4C96-9D1D-8E20338B0B69}" = protocol=17 | dir=in | app=c:\users\jeen\appdata\local\akamai\netsession_win.exe |
"{E150E7A8-6520-45B9-9054-8C920CF42167}" = protocol=6 | dir=in | app=c:\users\jeen\appdata\local\akamai\netsession_win.exe |
"{E9C84977-8F36-4C44-B8A5-9FB40A50C651}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{ED49D816-8A7F-4E04-BE86-A883BCF5AF2E}" = protocol=6 | dir=out | app=system |
"{F4CEB4A5-096B-409A-8805-83D59825E66F}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{F80BAA50-EF41-4684-963D-0C0289384DB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FBE02826-95F4-43CA-B38F-2DF492C99FF2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{00B219F5-8ECE-4411-AF5F-2A6DAC0108D3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{0DFF6219-825A-409D-B820-7D6643B63DE7}C:\program files (x86)\gigabyte\gbtupd\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\runupd.exe |
"TCP Query User{36478B1E-A928-481A-9F06-59F873FE3379}C:\users\jeen\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jeen\appdata\local\akamai\netsession_win.exe |
"TCP Query User{8235A934-6B2C-4230-A2BF-2EF1A5536519}C:\program files (x86)\gigabyte\gbtupd\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\gbtupd.exe |
"TCP Query User{B6A980A8-A4B1-41A3-BFD6-082B6113D6D4}C:\program files (x86)\noguska\nolapro\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files (x86)\noguska\nolapro\apache\bin\apache.exe |
"TCP Query User{B7C5DCE3-3E75-42D8-8A1C-CCDE3A9001E8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{B9672B80-8093-41B3-9B03-F50686A683A1}C:\program files (x86)\gigabyte\gbtupd\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\runupd.exe |
"TCP Query User{BA2023A9-41A2-47ED-84E2-C918CB633310}C:\program files (x86)\gigabyte\gbtupd\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\gbtupd.exe |
"TCP Query User{DCA92797-DB02-407C-BACF-DC740F6684DE}C:\users\jeen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\jeen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"UDP Query User{00EBD9DE-FF1F-4AD5-840C-B096596E214A}C:\program files (x86)\gigabyte\gbtupd\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\gbtupd.exe |
"UDP Query User{1C989257-FDC2-4008-B54E-E17E4ABBECB1}C:\program files (x86)\gigabyte\gbtupd\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\runupd.exe |
"UDP Query User{3008986F-99BF-4894-8AE5-370B6EAFF510}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{41F2ACAA-B025-4841-8A08-54BA8567E7FA}C:\users\jeen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\jeen\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"UDP Query User{574FB6B7-2E72-417A-9518-AC20750B789E}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{7F2932A1-1E11-4C42-8C0B-924C02CBA1A0}C:\program files (x86)\gigabyte\gbtupd\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\gbtupd.exe |
"UDP Query User{804B29C7-A1B0-4651-9197-A1C55515F487}C:\program files (x86)\gigabyte\gbtupd\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\gbtupd\runupd.exe |
"UDP Query User{A7FCE974-6FA6-410A-A9A4-B258BEA7860D}C:\program files (x86)\noguska\nolapro\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files (x86)\noguska\nolapro\apache\bin\apache.exe |
"UDP Query User{CDCBDA43-C212-44EC-AD69-74F15AD10F9B}C:\users\jeen\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jeen\appdata\local\akamai\netsession_win.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{10E77956-A7A7-6E1E-01E9-7B762A76E1ED}" = ATI AVIVO64 Codecs
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B1E6C4B8-B3D6-1DFF-AF38-50D43885D565}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON WF-7520 Series" = EPSON WF-7520 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C0C196-54AC-8BC5-5F16-87C4A38D13B8}" = Catalyst Control Center Localization All
"{03C754B5-243B-41AC-93B1-932952F1CAB7}_is1" = Partition Wizard Business Edition 4.2.2
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0F9224B1-9331-4D56-A21B-6D4747F6ACB4}" = iRip
"{1063B812-E31C-833F-F5F0-46D9D06B5336}" = Catalyst Control Center Graphics Light
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1EE8648A-1141-BF6F-B002-1F279859606B}" = CCC Help Portuguese
"{1EFE2B13-7C03-E454-00F5-5FF8CFC86343}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C55EBA-401C-F7B8-E932-F7A5D53EADEE}" = Catalyst Control Center Graphics Previews Vista
"{26442B73-03B2-44E5-ACBC-8C6625B89481}" = CCC Help French
"{27097B3A-E801-47B2-B6F2-06E96DE0CFBF}" = Password Resetter
"{2E2660AC-6195-C603-A6BD-5FC039891FFF}" = ccc-core-static
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30E0C424-E68A-FB77-6E45-42EC039264F4}" = CCC Help Greek
"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B9.1014.1
"{3B9DF14F-DA9E-52AE-71ED-BBE2CAC7CC34}" = CCC Help Chinese Standard
"{3DA169A5-3DBC-BBCA-4366-0B8678D5B765}" = Catalyst Control Center Graphics Previews Common
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B09.0908.1
"{49E56237-4F46-5E38-FA6E-5A6651C355C7}" = CCC Help English
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.1008.1
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.5
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{535B21E4-EE17-4970-459F-9AA67EA23261}" = CCC Help Turkish
"{5AA617AF-A4A4-AA20-E81D-EA14F585FB6A}" = CCC Help Swedish
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5D629C4C-1EB4-5436-FA1C-15878067257F}" = CCC Help Danish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{6544BC7B-158C-88EB-9D63-2C37347A4902}" = CCC Help Finnish
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{675D173B-F754-9B62-A847-A78117B3FCEA}" = CCC Help Italian
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D24E9E9-AA3E-4A8C-F62A-6D09717FB8B0}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77791725-5D50-C0DE-059A-5C4B5EE8A212}" = Catalyst Control Center Graphics Full Existing
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7980631D-6A17-EF85-2D95-6F77E0B586AD}" = CCC Help Dutch
"{7DEDD94B-32EB-D72C-CDAE-6BBA3E31276D}" = Catalyst Control Center Graphics Full New
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{964F54B7-4A02-5450-912F-E2A3A66B1418}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B16B8E8-170F-43AF-8EE7-5D04660BF3C7}" = Agere Ethernet Adapter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A01AC54A-5BB8-FE08-1854-5427457FCBCB}" = CCC Help Spanish
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A53E699B-AEAA-65FB-90ED-A45D1DC86D37}" = HydraVision
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD9821-3290-1B1F-D164-1F6D20601FAF}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AD646716-2554-666F-6F72-A5D5B96CF046}" = CCC Help German
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06
"{B624D324-D3FD-01FF-1587-18A650E3EBB6}" = CCC Help Korean
"{B67AE61E-640C-358A-CF8A-4883C03F1E80}" = CCC Help Russian
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BE1B109A-F0D0-2406-AFDB-FEBF9C4E0D9A}" = CCC Help Polish
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB8E27C7-F3E2-ABB0-36DF-D96B3D77B0AD}" = CCC Help Chinese Traditional
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE898A54-E9BB-4F4E-26A6-DBCF9F8DE5A2}" = CCC Help Czech
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{E31B2CB2-1CE3-EEC9-4FC7-48145D6AD674}" = Catalyst Control Center Core Implementation
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F681E38A-E0EF-21F8-B787-B62332B45555}" = CCC Help Norwegian
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"1st Clock_is1" = 1st Clock 5.0 (30-day trial)
"7-Zip" = 7-Zip 9.22beta
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Akamai" = Akamai NetSession Interface Service
"Amazon Kindle" = Amazon Kindle
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AnyDVD" = AnyDVD
"azzCardfile_is1" = azzCardfile 4.0c
"Belarc Advisor" = Belarc Advisor 8.3
"ChurchTrac9" = ChurchTrac 9
"Cisco Connect" = Cisco Connect
"CobBackup11" = Cobian Backup 11 Gravity
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"dBworx_is1" = dBworx ver 3.8 (Freeware)
"DVDFab 8_is1" = DVDFab 8.0.8.5 (19/03/2011)
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"exPressit S.E. 2.2" = exPressit S.E. 2.2
"Family Tree Maker 2010" = Family Tree Maker 2010
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter Studio_is1" = Free YouTube to MP3 Converter Studio 7.2
"GenoPro" = GenoPro 2.5.4.0
"Installation Assistant" = Installation Assistant
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B09.0908.1
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.1008.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"iPod To Computer Transfer_is1" = iPod To Computer Transfer 6.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MiniMinder_is1" = MiniMinder 8.3
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"mv61xxMRU" = Marvell MRU V4
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoMix_is1" = PhotoMix 5.3
"RootsMagic_is1" = RootsMagic 3.2.6.0
"stax-Pinnacle_is1" = SureThing Express Labeler
"TotalRecorder" = Total Recorder 8.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Wondershare Video to DVD Burner_is1" = Wondershare Video to DVD Burner(Build 2.5.8.3)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/11/2013 10:00:15 AM | Computer Name = jeen-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 2/11/2013 1:00:16 PM | Computer Name = jeen-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 2/11/2013 2:57:56 PM | Computer Name = jeen-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
 Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 2/12/2013 2:31:34 AM | Computer Name = jeen-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\azzcardfile\DelZip179.dll".Error
 in manifest or policy file "c:\program files (x86)\azzcardfile\DelZip179.dll" on
 line 8.  The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 2/12/2013 2:31:36 AM | Computer Name = jeen-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 2/12/2013 4:00:01 AM | Computer Name = jeen-PC | Source = VSS | ID = 8194
Description =
 
Error - 2/13/2013 2:31:04 AM | Computer Name = jeen-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\azzcardfile\DelZip179.dll".Error
 in manifest or policy file "c:\program files (x86)\azzcardfile\DelZip179.dll" on
 line 8.  The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 2/13/2013 2:31:05 AM | Computer Name = jeen-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 2/13/2013 7:41:40 PM | Computer Name = jeen-PC | Source = Application Error | ID = 1000
Description = Faulting application name: gmer.exe, version: 2.1.18952.0, time stamp:
 0x511be24e  Faulting module name: gmer.exe, version: 2.1.18952.0, time stamp: 0x511be24e
Exception
 code: 0xc0000005  Fault offset: 0x0000214a  Faulting process id: 0x654  Faulting application
 start time: 0x01ce0a438528cdd6  Faulting application path: C:\Users\jeen\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe
Faulting
 module path: C:\Users\jeen\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe  Report Id:
 e9d4a3f3-7636-11e2-bdc6-8f59cc0f4132
 
Error - 2/13/2013 7:43:00 PM | Computer Name = jeen-PC | Source = Application Error | ID = 1000
Description = Faulting application name: gmer.exe, version: 2.1.18952.0, time stamp:
 0x511be24e  Faulting module name: gmer.exe, version: 2.1.18952.0, time stamp: 0x511be24e
Exception
 code: 0xc0000005  Fault offset: 0x0000214a  Faulting process id: 0x74c  Faulting application
 start time: 0x01ce0a43bc80cc35  Faulting application path: C:\Users\jeen\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe
Faulting
 module path: C:\Users\jeen\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe  Report Id:
 198f1b52-7637-11e2-bdc6-8f59cc0f4132
 
[ Media Center Events ]
Error - 10/19/2012 5:00:23 AM | Computer Name = jeen-PC | Source = MCUpdate | ID = 0
Description = 4:00:19 AM - Error connecting to the internet.  4:00:19 AM -     Unable
 to contact server.. 
 
Error - 10/19/2012 6:00:54 AM | Computer Name = jeen-PC | Source = MCUpdate | ID = 0
Description = 5:00:53 AM - Error connecting to the internet.  5:00:53 AM -     Unable
 to contact server.. 
 
Error - 10/19/2012 7:01:26 AM | Computer Name = jeen-PC | Source = MCUpdate | ID = 0
Description = 6:01:25 AM - Error connecting to the internet.  6:01:25 AM -     Unable
 to contact server.. 
 
Error - 11/16/2012 4:15:24 AM | Computer Name = jeen-PC | Source = MCUpdate | ID = 0
Description = 2:15:20 AM - Error connecting to the internet.  2:15:20 AM -     Unable
 to contact server.. 
 
Error - 2/13/2013 4:38:19 PM | Computer Name = jeen-PC | Source = MCUpdate | ID = 0
Description = 2:38:19 PM - Error connecting to the internet.  2:38:19 PM -     Unable
 to contact server.. 
 
Error - 2/13/2013 4:38:53 PM | Computer Name = jeen-PC | Source = MCUpdate | ID = 0
Description = 2:38:49 PM - Error connecting to the internet.  2:38:49 PM -     Unable
 to contact server.. 
 
Error - 2/13/2013 5:39:24 PM | Computer Name = jeen-PC | Source = MCUpdate | ID = 0
Description = 3:39:24 PM - Error connecting to the internet.  3:39:24 PM -     Unable
 to contact server.. 
 
Error - 2/13/2013 5:39:55 PM | Computer Name = jeen-PC | Source = MCUpdate | ID = 0
Description = 3:39:54 PM - Error connecting to the internet.  3:39:54 PM -     Unable
 to contact server.. 
 
Error - 2/13/2013 6:40:25 PM | Computer Name = jeen-PC | Source = MCUpdate | ID = 0
Description = 4:40:25 PM - Error connecting to the internet.  4:40:25 PM -     Unable
 to contact server.. 
 
Error - 2/13/2013 6:40:56 PM | Computer Name = jeen-PC | Source = MCUpdate | ID = 0
Description = 4:40:55 PM - Error connecting to the internet.  4:40:55 PM -     Unable
 to contact server.. 
 
[ System Events ]
Error - 2/13/2013 7:40:16 PM | Computer Name = jeen-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/13/2013 7:40:19 PM | Computer Name = jeen-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/13/2013 7:40:19 PM | Computer Name = jeen-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/13/2013 7:40:19 PM | Computer Name = jeen-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/13/2013 7:40:19 PM | Computer Name = jeen-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/13/2013 7:40:19 PM | Computer Name = jeen-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/13/2013 7:40:19 PM | Computer Name = jeen-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 2/13/2013 7:52:24 PM | Computer Name = jeen-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

 Feature:
 %%886     Error Code: 0x80070003     Error description: The system cannot find the path specified.
      Reason: %%858
 
Error - 2/13/2013 7:52:27 PM | Computer Name = jeen-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

 Feature:
 %%886     Error Code: 0x80070003     Error description: The system cannot find the path specified.
      Reason: %%858
 
Error - 2/13/2013 7:59:45 PM | Computer Name = jeen-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >



#6 sleepyjeen

sleepyjeen
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 13 February 2013 - 07:38 PM

One more thing.  I did uninstall the Browser configuration utility but I cannot find the ErrorTeck PC Optimization program to uninstall it.



#7 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:05:52 PM

Posted 14 February 2013 - 12:57 AM

Hi sleepyjeen,

 

What a nightmare! So frustrating!

 

It is amazing how much we take our computers for granted when they are working well, but we will work until this machine is completely cleaned up and running normally again, rest assured.

 

I do not know what the Browser Configuration Utility is and I don't believe I have ever used it.

 

Not to worry, it is included with your motherboard, and has most likely been installed since you purchased the machine.  Since it is not necessary your removal from Programs and Features should be sufficient.

 

NOTE: Please do not run any programs or change any settings unless instructed to do so, some of the instructions we provide are in a specific order, and if you make a change that we do not know about we could end up running into issues down the road.  Once we get your computer cleaned up and this topic is finished you can use it normally again.  This helps reduce the number of changes per steps, and makes sure the logs we see aren't altered by an action we did not take.

 

I do not know what the ErrorTeck PC Optimization program is and I don't think I have used it.

 

We will make sure this program is removed after we get the infection itself removed.
 

I ran GMER program and had it running for 3 hours and it finally occured to me that it must not be working so I ran it in safe mode. I did it several times and each time it stopped at the following:

DLL:C:\Programfiles\microsoft security client\MSMPEng.exe@C:\ProgramData\microsoft\microsoftantimalware\definitionupdates\(70B99871-3D1D-4302-B9AE-70A72CB0B917)mpengine.dll

when it stopped at this it told me this was an error and that the program had to close.

 

Thank you for this info, I will check with one of my colleagues to see why we are having difficulty with this tool, and I will have additional instructions up for you as soon as I can.

In your OTL report you mentioned seeing the message "There is no disk in the drive Please insert a disk into drive \device\harddisk8\DR8", do you have a usb drive, sd card, or any other sort of external storage attached?

 

Also, I see that you have an error in the event viewer from GMER crashing, but it shows GMER in a temporary folder.  Did you download and save the file to your desktop instead of running it?  If it crashes after running the saved files, try unchecking the "Devices" option, then run a new scan.

 

Best Regards,

whoabuddy


Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#8 sleepyjeen

sleepyjeen
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 14 February 2013 - 07:21 AM


Good Morning,

I took the GMER program out of the zipped folder and saved it to the desktop and then ran again, unchecking devices.  It did not run so I again tried in safe mode, I also disconnected my external harddrive for this scan in safe mode thinking maybe that would make the difference.  It did not.  Again, I got an error message at: 

DLL:C:\Programfiles\microsoft security
client\MSMPEng.exe@C:\ProgramData\microsoft\microsoftantimalware\definitionupdates\(70B99871-3D1D-4302-B9AE-70A72CB0B917)mpengine.dll




 



#9 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:05:52 PM

Posted 14 February 2013 - 02:03 PM

Hi sleepyjean,

Thank you for trying to run the GMER scan a few different ways, it would give us some good information however we can go a different route for right now to try and address what's going on. Let's back up some of your registry settings, then since you were able to run OTL before, let's download a new copy to your desktop and run the following fix. Afterward we will run a new DDS and aswMBR scan, the latter of which is an alternative to GMER.

Also, I noticed a few more things in the logs as well:

In your OTL report you mentioned seeing getting the message "There is no disk in the drive Please insert a disk into drive \device\harddisk8\DR8": do you have a usb drive, sd card, or any other sort of external storage attached? do you have a card reader on the PC? Devices are typically numbered starting at 0 through 9, so that's a high number to appear during your scan and is usually related to an external device. This is safe to ignore.

I see several links on your desktop as well:

[2013/02/09 00:23:25 | 000,000,505 | ---- | M] () -- C:\Users\jeen\Desktop\Download Microsoft Security Essentials from Official Microsoft Download Center.url
[2013/02/08 19:22:01 | 000,000,434 | ---- | M] () -- C:\Users\jeen\Desktop\MSE stops and sticks at - Microsoft Community (2).url
[2013/02/08 19:07:30 | 000,000,434 | ---- | M] () -- C:\Users\jeen\Desktop\MSE stops and sticks at - Microsoft Community.url
[2013/02/08 09:24:25 | 000,000,424 | ---- | M] () -- C:\Users\jeen\Desktop\MSE scan freeze on - Microsoft Community.url
[2013/02/07 12:54:33 | 000,000,472 | ---- | M] () -- C:\Users\jeen\Desktop\Full scan doesnt complete-stalls at a file - Microsoft Community.url
[2013/02/11 21:06:18 | 000,001,879 | ---- | M] () -- C:\Users\jeen\Desktop\virtool-win32-obfuscator removal - Tech Support Guy Forums.url
[2013/02/11 08:46:04 | 000,003,722 | ---- | M] () -- C:\Users\jeen\Desktop\Errors in Event Viewer - Windows 7 Support Forums.url
[2013/02/11 07:03:05 | 000,000,226 | ---- | M] () -- C:\Users\jeen\Desktop\How To Fix 0X80070645 Error.url
[2013/02/11 06:39:55 | 000,000,299 | ---- | M] () -- C:\Users\jeen\Desktop\Fix problems with programs that can't be installed or uninstalled.url

As I stated before it is very important that you work with this site and your thread on your issue, and we request that you do not post any more information or run any other fixes suggested anywhere else. Please understand we want to get your computer cleaned up as soon as possible, but performing steps out of order or from someone else's direction will only cause more confusion.

Please let me know if you have any questions as we go along!

We need to backup the registry with ERUNT:
  • Click here to open the download page for ERUNT
  • Scroll down to the Download ERUNT: section on the left
  • Choose a download server for erunt-setup.exe
  • Save the file to your desktop
  • Run erunt-setup.exe to install the application on your computer
  • Click Next on each screen accepting the defaults, click Install
  • Choose whether or not to run ERUNT at startup (recommended)
  • Uncheck Show Documentation and click Finish to launch ERUNT
    (it can also be run from Start > Program Files > ERUNT > ERUNT)
  • Click Ok on the dialog box, select the folder for ERUNT to backup to (default recommended)
    (a warning might appear if the folder does not exist, click yes to create it)
  • ERUNT will run and a message will notify that you that the backup is complete
Note: alternatively you can run the version without an installer by downloading erunt.zip, extracting the contents to a directory of your choice, and running ERUNT.EXE

We need to run a custom fix with OTL:
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double-click on the otlicon.png icon on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.

    :OTL
    IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
    FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll File not found
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\49ffxtbr@UtilityChest_49.com: C:\Program Files (x86)\UtilityChest_49\bar\1.bin [2012/01/30 18:26:02 | 000,000,000 | ---D | M]
    [2012/10/13 11:27:00 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\jeen\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Utility Chest) - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No CLSID value found.
    O4 - HKLM..\Run: [ErrorTeck] C:\Program Files (x86)\ErrorTeck\ErrorTeck.exe /scan File not found
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    @Alternate Data Stream - 384 bytes -> C:\ProgramData\desktop.ini:af0a97470ed1c0247b97a9cafea3834b
    :reg
    [-HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}] /64
    [-HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
    [-HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] /64
    [-HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
    :commands
    [reboot]

  • Push the runfix.png button.
  • Your computer will restart when the fix is complete, log back into Windows
  • A report will appear, please click File > Save As... and save a copy to your desktop.
  • Copy and Paste the contents of that report in your next post
We need to run a scan with aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
In your next post I need the following:
  • log from OTL Fix
  • log from new DDS scan
  • log from new aswMBR scan
  • Status Update - how are things running after the reboot/scans?
Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#10 sleepyjeen

sleepyjeen
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 14 February 2013 - 04:44 PM

Okay I ran the OTL fix.  The first time it quit responding so I did it again.  It processed through, rebooted and did not give me any kind of report or log.  I now have 2 new desktop icons that say desktop.ini.  Can I delete these?



#11 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:05:52 PM

Posted 14 February 2013 - 04:47 PM

Hi sleepyjeen,

 

Please leave those files for right now, we will delete them later if needed.  Were you able to run the aswMBR scan now that the OTL fix has been run?  The instructions are right after the OTL fix in my post.

 

Best Regards,

whoabuddy


Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#12 sleepyjeen

sleepyjeen
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 14 February 2013 - 04:49 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-14 15:47:48
-----------------------------
15:47:48.641    OS Version: Windows x64 6.1.7601 Service Pack 1
15:47:48.641    Number of processors: 4 586 0x1E05
15:47:48.641    ComputerName: JEEN-PC  UserName: jeen
15:47:49.795    Initialize success
15:48:05.312    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5
15:48:05.328    Disk 0 Vendor: WDC_WD6402AAEX-00Z3A0 05.01D05 Size: 610480MB BusType: 3
15:48:05.328    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-6
15:48:05.328    Disk 1 Vendor: WDC_WD6402AAEX-00Y9A0 01.01V01 Size: 610480MB BusType: 3
15:48:05.343    Disk 0 MBR read successfully
15:48:05.343    Disk 0 MBR scan
15:48:05.359    Disk 0 Windows 7 default MBR code
15:48:05.359    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       510477 MB offset 2048
15:48:05.359    Disk 0 Partition - 00     0F Extended LBA             99998 MB offset 1045462005
15:48:05.390    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99998 MB offset 1045462068
15:48:05.406    Disk 0 scanning C:\Windows\system32\drivers
15:48:09.852    Service scanning
15:48:19.836    Modules scanning
15:48:19.836    Disk 0 trace - called modules:
15:48:19.867    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:48:19.867    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007803060]
15:48:19.882    3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8007539520]
15:48:19.882    5 ACPI.sys[fffff88000f4a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-5[0xfffffa800753a680]
15:48:19.898    Scan finished successfully
15:48:32.097    Disk 0 MBR has been saved successfully to "C:\Users\jeen\Desktop\MBR.dat"
15:48:32.113    The log file has been saved successfully to "C:\Users\jeen\Desktop\aswMBR.txt"



#13 sleepyjeen

sleepyjeen
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 14 February 2013 - 04:54 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464
Run by jeen at 15:51:58 on 2013-02-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8187.6664 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\jeen\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\1st Clock\1stClock.exe
C:\Users\jeen\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\MiniMind\MiniMind.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\1st Clock\ClockApi64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\jeen\AppData\Local\Akamai\netsession_win.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [GBTUpd] C:\Program Files (x86)\gigabyte\GBTUpd\PreRun.exe
StartupFolder: C:\Users\jeen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\1STCLO~1.LNK - C:\Program Files (x86)\1st Clock\1stClock.exe
StartupFolder: C:\Users\jeen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MINIMI~1.LNK - C:\Program Files (x86)\MiniMind\MiniMind.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~2.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{55011528-03DA-4F4E-8170-1823826FBF09} : DHCPNameServer = 97.64.183.164 97.64.209.37
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2009-10-9 22568]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-30 53488]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2013-2-13 67584]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 GPAdjustTimeService;1st Clock Adjust Time Service;C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe [2012-10-27 467968]
R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-5 151552]
R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2009-4-8 24635]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-3-30 27136]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\gigabyte\smart6\timelock\TimeMgmtDaemon.exe [2010-3-30 114688]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-9-25 73728]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-9-25 178688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-30 239616]
R3 TotRec7;Total Recorder WDM audio driver;C:\Windows\System32\drivers\TotRec7.sys [2010-3-3 183888]
R3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\System32\drivers\TotRec8.sys [2010-4-1 121936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AODDriver;AODDriver;C:\Program Files (x86)\gigabyte\ET6\amd64\AODDriver.sys [2009-2-22 52280]
S3 atidgllk;atidgllk;C:\Program Files (x86)\gigabyte\ET6\atidgllk.sys [2006-7-19 12048]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-3-30 30528]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2010-4-7 19912]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2010-4-7 13264]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-3-30 50688]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-3-30 24064]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-3-30 50688]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-30 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-8 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-02-14 21:09:19 -------- d-----w- C:\_OTL
2013-02-14 12:17:05 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B755FDB-D5E9-4FD7-8DE3-1470743102EE}\mpengine.dll
2013-02-14 01:18:57 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 01:18:57 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 00:19:31 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-14 00:01:37 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-02-14 00:01:36 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66B34192-B5CB-4D99-B778-C8D2617FCFBF}\gapaengine.dll
2013-02-13 23:58:24 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 23:58:23 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 23:58:23 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 23:58:22 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 23:58:20 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 23:58:20 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 23:58:19 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 23:58:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 23:58:19 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 23:58:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 23:58:14 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 23:58:14 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-13 17:24:04 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2013-02-11 12:37:43 -------- d-----w- C:\MATS
2013-02-11 03:32:26 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2013-02-11 03:32:16 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2013-02-09 22:21:31 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-02-09 22:21:31 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-02-09 22:21:28 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-09 21:56:40 -------- d-----w- C:\JRT
2013-02-09 13:45:03 -------- d-----w- C:\Program Files (x86)\ESET
2013-02-08 21:35:11 -------- d-----w- C:\components
2013-02-08 20:49:43 -------- d-----w- C:\ProgramData\Strongvault Online Backup
2013-02-08 20:49:36 -------- d-sh--w- C:\AI_RecycleBin
2013-02-08 16:20:01 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-02-08 16:20:00 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-02-07 22:50:58 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-01-24 12:22:29 -------- d-----w- C:\Program Files (x86)\URE
2013-01-24 12:22:28 -------- d-----w- C:\Program Files (x86)\readmes
2013-01-24 12:22:25 -------- d-----w- C:\Program Files (x86)\share
2013-01-24 12:22:25 -------- d-----w- C:\Program Files (x86)\program
2013-01-24 12:22:25 -------- d-----w- C:\Program Files (x86)\Basis
2013-01-24 12:09:29 -------- d-----w- C:\Users\jeen\AppData\Local\Secunia PSI
2013-01-20 21:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
.
==================== Find3M  ====================
.
2013-02-09 22:17:57 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-09 22:17:57 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-08 03:23:31 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 03:23:31 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-20 21:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-17 07:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-05 17:22:08 50800 ----a-w- C:\Windows\System32\drivers\point64.sys
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-28 02:04:46 1901 ----a-w- C:\Windows\panose.bin
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
.
============= FINISH: 15:52:17.23 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/30/2010 5:24:26 PM
System Uptime: 2/14/2013 3:31:13 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | P55A-UD3P
Processor: Intel® Core™ i5 CPU         750  @ 2.67GHz | Socket 1156 | 2661/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 499 GiB total, 416.797 GiB free.
D: is Removable
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 146 GiB total, 146.18 GiB free.
L: is FIXED (NTFS) - 146 GiB total, 116.765 GiB free.
M: is FIXED (NTFS) - 146 GiB total, 135.365 GiB free.
N: is FIXED (NTFS) - 157 GiB total, 152.63 GiB free.
O: is Removable
P: is FIXED (NTFS) - 98 GiB total, 97.355 GiB free.
R: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3528: 2/9/2013 5:04:59 PM - Automatic creation
RP3532: 2/10/2013 2:00:11 AM - Automatic creation
RP3548: 2/11/2013 7:37:57 AM - Automatic creation
RP3552: 2/12/2013 2:00:12 AM - Automatic creation
RP3554: 2/13/2013 2:00:12 AM - Automatic creation
RP3569: 2/14/2013 6:30:30 AM - Automatic creation
.
==== Installed Programs ======================
.
.
==== End Of File ===========================



#14 sleepyjeen

sleepyjeen
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 14 February 2013 - 04:55 PM

Hopefully, I am doing things correctly for you.  Here is a chuckle for you.  My children and grandchildren come to me for computer help.  Scarey huh??



#15 sleepyjeen

sleepyjeen
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 14 February 2013 - 04:57 PM

There is also an icon named MBR.dat which will not open.  Should I leave that as well?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users