Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Blank Screen, Generic24.CJRC, Win32.Powerspy.af, Fraudyoutube.prx, HEL

Started by kamots22 , Oct 11 2011 10:36 AM

This topic is locked

#16
kamots22

Posted 13 October 2011 - 04:02 PM

Member

Topic Starter
Member
35 posts

Well....I tried loadinig Combofix. I downloaded it to my desktop and double clicked on it after
checking to make sure virus software was not running. It loads, get's about 95% accross the green
bar and then hangs.

The text in the window says "Output folder" so is it actually running? and just putting data in a folder?

I woke to a blue screen this morning. System_Service_Exception Stop: 0x0000003B

#17
SweetTech

Posted 13 October 2011 - 09:51 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

No, it doesn't appear that it ran through it's scan successfully.

Can you try running ComboFix in Safe Mode w/ Networking or Safe Mode and see if it will run for you there?

#18
kamots22

Posted 15 October 2011 - 06:30 PM

Member

Topic Starter
Member
35 posts

Well Sweet.....I've tried running Combofix in normal, safe, safe with network and it always hangs near the end.
I've also made sure I was running it as administrator.

I've been working on making sure everything was backed up and I'm finding that it won't allow me access to some of my
folders on the USB hard drive. I'm trying to change that with advanced security settings but so far no luck.

I don't know what the heck is goin on. It's still running very slow, then it will work for a little bit, then be slow again.
You don't think this could be a hardware issue do you? I did run 2 diff versions of mem test before. I think I told you
that in the beginning.

This is really startin to wear me down....

#19
SweetTech

Posted 15 October 2011 - 09:47 PM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

Okay. Thanks for that additional information. I know this can be extremely frustrating and tiring, don't forget we are in this together! I've been in your shoes before, so I know exactly how you are feeling right now.

You said that it won't allow you access to some folders. What exactly happens when you attempt to access them?

I'd like to have you run a rootkit scanner for me, that will hopefully provide me with some additional information on what else maybe going on with your computer.

Please attempt to run this utility:

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Download GMER Rootkit Scanner from here or here.

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning

#20
kamots22

Posted 16 October 2011 - 03:56 PM

Member

Topic Starter
Member
35 posts

I ran the GMER software. Problem is, nothing was checked when it started except from Services on down. The other items are greyed out....I'm guessing because I'm in safe mode? I will try to load windows normally and run it again but for now, it came up at the end of the scan saying "GMER did not find any modifications" I tried to Save the file, but there was nothing on the screen to save and I'm not sure where it was saving to.

Oddly enough, when I was rebooting the system into safe mode, it rebooted several times. Then when it finally came up, my Logitech mouse that has not been working, is now working. I've been using a wireless HP mouse that has continued to work throughout. Now they both work. Not sure if that has to do with anything at all, but I thought I'd through it out there....

Thanks for sticking with me on this.....greatly appreciated!

Ps.....forgot to answer your question on trying to access some folders. It says "Location is not available - Access is Denied"

Edited by kamots22, 16 October 2011 - 04:07 PM.

#21
SweetTech

Posted 16 October 2011 - 10:22 PM

Sir SpamAlot

Retired Staff
7,671 posts

Good Evening!

Thanks for sticking with me on this.....greatly appreciated!

You're more than welcome!!

I ran the GMER software. Problem is, nothing was checked when it started except from Services on down. The other items are greyed out....I'm guessing because I'm in safe mode? I will try to load windows normally and run it again but for now, it came up at the end of the scan saying "GMER did not find any modifications" I tried to Save the file, but there was nothing on the screen to save and I'm not sure where it was saving to.

Were you able to attempt to boot up Normally and run it there?

Oddly enough, when I was rebooting the system into safe mode, it rebooted several times. Then when it finally came up, my Logitech mouse that has not been working, is now working. I've been using a wireless HP mouse that has continued to work throughout. Now they both work. Not sure if that has to do with anything at all, but I thought I'd through it out there....

That's definitely interesting.

Ps.....forgot to answer your question on trying to access some folders. It says "Location is not available - Access is Denied"

Out of curiosity if you boot up into OTLPE, are you able to access those folders?

#22
kamots22

Posted 18 October 2011 - 10:50 AM

Member

Topic Starter
Member
35 posts

Hi ST...

Here's the current status...

The PC boots in normal mode but hangs after running some of the startup items. In other words, I can't do
much of anything in normal mode now.

I can boot to safe mode with networking, but gmer gives me the same results - nothing has been changed. And combofix will not run....hangs towards the end.

I loaded the Reatogo desktop and I'm still unable to access the "documents & settings" folder. And the folders on my USB drive that I was trying to access simply don't appear to be there. [I had tried to do a fresh windows install on this drive [unsuccessfully] back when this first happened] Thinking I could just move the data over to this drive in the event I could save the original drive. I was trying to delete that 'windows' folder as it was taking up space I could use. There were also some old back up folders I was trying to delete but they don't show up in the desktop. They all show up when I'm in safe mode or normal mode.

Additional note: Windows security center is turned off. I tried to turn it back on but was unable to. I found this when I was checking to see if any antivirus software was running so I could run the GMER software.

I also tried to run MSCONFIG to stop some of the items I have running on Startup but it gave the error "MSCONFIG.MSU is not a windows program. I'm not sure if this is because I was in safe mode or because I'm running a 64bit system and it's a 32bit program. The items I have running on startup are Synergy [for sharing mouse & keyboard with MAC - this is now stopped] Taskeng.exe, running for the program synctoy to synchronize folders with dropbox. I tried to access the "scheduler" that I used to set up taskeng and it gave me a similar error message. [can't remember exactly what it said but it would not let me access it]

I currently have the system in the Reatogo desktop as it seems to be the most stable. Awaiting further Agent ST instructions....

Edited by kamots22, 18 October 2011 - 11:16 AM.

#23
SweetTech

Posted 18 October 2011 - 12:04 PM

Sir SpamAlot

Retired Staff
7,671 posts

Okay, thanks for that information.

It sounds like something really wacky is going on with your computer.

I'd like to have you boot up into Safe Mode w/ Networking and attempt to run this utility:

Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#24
kamots22

Posted 19 October 2011 - 09:27 AM

Member

Topic Starter
Member
35 posts

Here's the latest...

Normal mode boots, but as soon as I click on anything, I get the swirling circle and the PC hangs for hours.

Booted into safe mode....several times it rebooted before finally coming up.

Ran the scan....part way thru it hangs or seems to, and then blue screen. First one said "Bad Pool Header"
One of the items in the scan was yellow or orange and said:
"Service GMSIPCI D:\install\gmsipci.sys *locked* 21"
It went past that and continued to scan, but continues to give me a blue screen.
Last scan hung on "C:\programdata\sectaskman\companioncore.dll q-quarantine_2570186_9"

Tried safe mode only....automatically went into Startup repair.

Could I be fighting two things like a bad ram chip plus the malware/virus? If so, I could try one chip at a time and see if I get it to boot correctly to run the scan. I have 8gb of ram in 4 - 2gb chips.

#25
SweetTech

Posted 19 October 2011 - 09:43 PM

Sir SpamAlot

Retired Staff
7,671 posts

Good Evening kamots22!

Apologizes for not responding to your thread earlier, but I wanted to consult with a colleague of mine to see what the best avenue for us to take is.

I am currently in the process of trying to put together some instructions for you.

While I was doing that I came across an entry in Start-Up that I wanted to get clarification on from you.

Do you recognize the following?

H:\Program Files (x86)\U-Clean\Hd.cmd

#26
kamots22

Posted 19 October 2011 - 10:08 PM

Member

Topic Starter
Member
35 posts

Yes I do I think...lol

U-clean is a registry cleaner and temp file cleaner. Not sure why it's running in the startup though....
It's just a little executable that you run when you feel like it. Again, I tried to run the msconfig file and
Got yet another error.

Take your time...I will patiently await your next instructions.
Dynamite sounds good about now...

#27
SweetTech

Posted 19 October 2011 - 10:20 PM

Sir SpamAlot

Retired Staff
7,671 posts

Okay.

There should be a work around for the MSConfig issue.

Do you plan on keeping the PC Tools utilities? If not, can you attempt to remove them now?

Edited by SweetTech, 19 October 2011 - 10:23 PM.

#28
kamots22

Posted 19 October 2011 - 10:56 PM

Member

Topic Starter
Member
35 posts

Done....

While uninstalling PC tools, I ran across some things I didn't recognize in the control panel software uninstaller.

"Juniper Network Host Checker"
"Juniper Networks Setup Client"
"FARO LS 1.1.406.58" by Faro scanner Production
"Microsoft Silverlight" I recognize it, but it says it was installed on the 18th....I didn't install it...

There is also a software running from my ISP - HiWired is the creator, Windstream Servicepoint & PC Check & Connect.
I installed that because back in May I was having connection problems with our internet. It ran for quite a while without
there being a problem. Just thought you should know....

This is interesting...{attached}

I did some other screen shots while trying to scan the system before it crashed....thought they might be somewhat helpful....or not.

it hung on programdata\microsoft\windows defender\definitions\{6c346DE8.....
and I could no longer send emails [that's how I was getting the screen caps to my imac....

Edited by kamots22, 20 October 2011 - 12:03 AM.

#29
SweetTech

Posted 20 October 2011 - 09:10 AM

Sir SpamAlot

Retired Staff
7,671 posts

Hi!

Thanks for that information.

I am going to need to do some research on those programs you mentioned.

Please try booting up and running this fix. If it doesn't work in Normal mode, boot up into Safe Mode and try running it there.

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Processes
KILLALLPROCESSES
:OTL
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2011/10/03 19:40:54 | 001,182,680 | ---- | C] (PC Tools) -- C:\Windows\is-CAMTS.exe
[2011/10/01 21:46:10 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Registry Mechanic
[2011/10/01 20:59:35 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\PC Tools Performance Toolkit
[2011/10/01 20:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Utilities
[2011/10/01 20:38:15 | 000,189,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTDSMon.sys
[2011/10/01 20:38:15 | 000,162,328 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTDMDefrag.sys
[2011/10/01 20:38:15 | 000,108,056 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTDMDefrag.sys
[2011/10/01 20:38:09 | 000,000,000 | ---D | C] -- c:\Program Files (x86)\PC Tools Utilities
[2011/10/01 14:09:29 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\PCToolsFirewallPlus
[2011/10/01 14:09:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Spam Monitor
[2011/10/01 11:39:03 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Threat Expert
[2011/09/30 17:51:26 | 002,189,264 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll1052.old
[2011/09/30 17:51:26 | 002,189,264 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll1027.old
[2011/09/30 17:51:26 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll1000.old
[2011/09/30 17:51:26 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll1052.old
[2011/09/30 17:51:26 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll1027.old
[2011/09/30 17:51:26 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll1000.old
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\PC Tools
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/09/30 17:09:07 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\PC Tools
[2011/10/03 19:40:54 | 001,182,680 | ---- | M] (PC Tools) -- C:\Windows\is-CAMTS.exe
[2011/10/03 19:40:54 | 000,021,031 | ---- | M] () -- C:\Windows\is-CAMTS.msg
[2011/10/03 19:40:54 | 000,000,284 | ---- | M] () -- C:\Windows\is-CAMTS.lst
[2011/10/01 20:38:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Utilities
[2011/10/03 19:40:54 | 000,021,031 | ---- | C] () -- C:\Windows\is-CAMTS.msg
[2011/10/03 19:40:54 | 000,000,284 | ---- | C] () -- C:\Windows\is-CAMTS.lst
:Reg

:Files
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
dir /s /a "C:\d4f14e97366c60bd3caabb9ca8" /c
dir /s /a "C:\2607f8a13b7c9fa9aa66e8ab31632f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Re-Running OTL

We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

#30
kamots22

Posted 20 October 2011 - 05:27 PM

Member

Topic Starter
Member
35 posts

Good Evening Sweet!
Here's my progress for the day...

Trying to run fix and getting the error:
OTL.exe No Disk
There is no disk in the drive. Please insert a disk into the drive \device\harddisk3\dr3.

After clicking 'continue', it went ahead and emptied the temp folders and asked for reboot.

The PC rebooted in normal mode and OTL asked to be started.
Log file displayed, PC froze. From here, everything was run in Safe Mode with Networking

Here's the log file from the Run Fix:

��All processes killed :yes:

========== SERVICES/DRIVERS ==========

========== PROCESSES ==========

========== OTL ==========

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

C:\Windows\is-CAMTS.exe moved successfully.

C:\Users\admin\AppData\Roaming\Registry Mechanic folder moved successfully.

C:\Users\admin\AppData\Roaming\PC Tools Performance Toolkit\log folder moved successfully.

C:\Users\admin\AppData\Roaming\PC Tools Performance Toolkit\Health folder moved successfully.

C:\Users\admin\AppData\Roaming\PC Tools Performance Toolkit folder moved successfully.

Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Utilities\ not found.

File C:\Windows\System32\drivers\PCTDSMon.sys not found.

C:\Windows\SysWOW64\drivers\PCTDMDefrag.sys moved successfully.

File C:\Windows\SysWow64\drivers\PCTDMDefrag.sys not found.

Folder c:\Program Files (x86)\PC Tools Utilities\ not found.

C:\Users\admin\AppData\Roaming\PCToolsFirewallPlus folder moved successfully.

C:\Users\admin\AppData\Roaming\Spam Monitor folder moved successfully.

C:\Users\admin\AppData\Local\Threat Expert\Browser Defender folder moved successfully.

C:\Users\admin\AppData\Local\Threat Expert folder moved successfully.

C:\Windows\PCTBDCore.dll1052.old moved successfully.

C:\Windows\PCTBDCore.dll1027.old moved successfully.

C:\Windows\PCTBDCore.dll1000.old moved successfully.

C:\Windows\SGDetectionTool.dll1052.old moved successfully.

C:\Windows\SGDetectionTool.dll1027.old moved successfully.

C:\Windows\SGDetectionTool.dll1000.old moved successfully.

C:\Program Files (x86)\Spyware Doctor\BDT\DRM folder moved successfully.

C:\Program Files (x86)\Spyware Doctor\BDT folder moved successfully.

C:\Program Files (x86)\Spyware Doctor folder moved successfully.

C:\Users\admin\AppData\Roaming\PC Tools\Spyware Doctor\quarantine folder moved successfully.

C:\Users\admin\AppData\Roaming\PC Tools\Spyware Doctor folder moved successfully.

C:\Users\admin\AppData\Roaming\PC Tools folder moved successfully.

Folder C:\ProgramData\PC Tools\ not found.

Folder H:\Program Files (x86)\Common Files\PC Tools\ not found.

File C:\Windows\is-CAMTS.exe not found.

C:\Windows\is-CAMTS.msg moved successfully.

C:\Windows\is-CAMTS.lst moved successfully.

Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Utilities\ not found.

File C:\Windows\is-CAMTS.msg not found.

File C:\Windows\is-CAMTS.lst not found.

========== REGISTRY ==========

========== FILES ==========

< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >

No captured output from command...

C:\Users\admin\Desktop\cmd.bat deleted successfully.

< dir /s /a "C:\d4f14e97366c60bd3caabb9ca8" /c >

No captured output from command...

C:\Users\admin\Desktop\cmd.bat deleted successfully.

< dir /s /a "C:\2607f8a13b7c9fa9aa66e8ab31632f /c >

No captured output from command...

C:\Users\admin\Desktop\cmd.bat deleted successfully.

< ipconfig /flushdns /c >

No captured output from command...

C:\Users\admin\Desktop\cmd.bat deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Error creating restore point.

[EMPTYTEMP]

User: admin

->Temp folder emptied: 248998658 bytes

->Temporary Internet Files folder emptied: 100760042 bytes

->Java cache emptied: 33306773 bytes

->FireFox cache emptied: 44452385 bytes

->Flash cache emptied: 69808 bytes

User: admin.sbd

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default.sbd

User: HP_ADMINISTRATOR

User: HP_ADMINISTRATOR.sbd

User: Public

User: Public.sbd

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

User: UpdatusUser.PDS-22

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 2035712 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 27043651 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes

RecycleBin emptied: 815 bytes

Total Files Cleaned = 436.00 mb

[EMPTYFLASH]

User: admin

->Flash cache emptied: 0 bytes

User: admin.sbd

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Default.sbd

User: HP_ADMINISTRATOR

User: HP_ADMINISTRATOR.sbd

User: Public

User: Public.sbd

User: UpdatusUser

->Flash cache emptied: 0 bytes

User: UpdatusUser.PDS-22

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 10202011_173736

Files\Folders moved on Reboot...

C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

==========================================OTL.TXT File Below

OTL logfile created on: 10/20/2011 7:52:13 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\admin\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.11 Gb Available Physical Memory | 88.89% Memory free
16.00 Gb Paging File | 15.15 Gb Available in Paging File | 94.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 213.72 Gb Free Space | 45.90% Space Free | Partition Type: NTFS
Drive J: | 1.88 Gb Total Space | 1.86 Gb Free Space | 98.58% Space Free | Partition Type: FAT
Drive O: | 967.22 Mb Total Space | 509.48 Mb Free Space | 52.68% Space Free | Partition Type: FAT

Computer Name: PDS-22 | User Name: admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/13 01:49:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2011/02/09 15:56:10 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Windstream\Servicepoint\ServicepointService.exe
PRC - [2008/09/21 20:24:44 | 000,443,128 | ---- | M] (HiWired Inc.) -- C:\Program Files (x86)\HiWired\PC Check & Connect\HiWired.Client.Desktop.exe
PRC - [2008/09/21 20:24:20 | 000,487,672 | ---- | M] (HiWired Inc.) -- C:\Program Files (x86)\HiWired\PC Check & Connect\HiWired.Client.Core.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/21 18:57:42 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011/05/04 20:01:07 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/02/05 16:39:26 | 001,012,224 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Synergy\synergys.exe -- (Synergy Server)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/09 12:37:12 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/09 15:56:10 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Windstream\Servicepoint\ServicepointService.exe -- (ServicepointService)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/11/22 11:17:06 | 000,181,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Photodex\CompuPicPro\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/21 20:24:20 | 000,487,672 | ---- | M] (HiWired Inc.) [Auto | Running] -- C:\Program Files (x86)\HiWired\PC Check & Connect\HiWired.Client.Core.exe -- (HiWiredCore)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/08/20 23:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/10/09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 17:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 16:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/05 00:57:34 | 000,075,088 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SAFDSKNT.SYS -- (SafDskNT)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/02/06 14:30:06 | 000,227,328 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3997780417-557740596-1451147213-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3997780417-557740596-1451147213-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.12.3.49167
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.87
FF - prefs.js..extensions.enabledItems: {28FAD68E-4001-48d5-B994-68069F7CFB1D}:0.4.9
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.3.0.0
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.314

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Windstream\Servicepoint\nprpspa.dll (Windstream)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Windstream\Servicepoint\nprpspa.dll (Windstream)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/04 13:42:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/12 13:57:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/04 13:50:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/11/22 06:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2010/11/22 06:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/22 08:51:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/22 08:51:58 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010/11/22 08:51:58 | 000,000,000 | ---D | M] (MouseZoom) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/11/22 08:51:59 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] ("AmazonAssist") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2010/11/22 08:51:56 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2011/10/13 01:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions
[2010/11/22 08:54:01 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/08/29 16:09:43 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/22 08:54:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/17 00:41:08 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2011/06/17 11:44:19 | 000,000,000 | ---D | M] (MouseZoom) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D}
[2011/03/20 18:45:27 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011/10/04 14:31:37 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/09/10 13:45:05 | 000,000,000 | ---D | M] (Showcase) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2011/08/22 14:15:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/06/27 16:59:21 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/05/23 11:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/06/17 11:44:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/08/10 13:10:31 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\[email protected]
[2011/10/04 13:44:42 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\[email protected]
[2010/11/22 08:54:01 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\[email protected]
[2011/05/23 11:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009/09/16 20:55:58 | 000,000,945 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\t5vxif08.default\searchplugins\youtube-video-search.xml
[2011/10/04 13:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/17 23:49:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/27 12:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T5VXIF08.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T5VXIF08.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T5VXIF08.DEFAULT\EXTENSIONS\[email protected]
[2011/09/29 03:10:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/12 13:57:49 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 21:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/20 17:39:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000..\Run: [HD] C:\Program Files (x86)\U-Clean\Hd.cmd ()
O4 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3997780417-557740596-1451147213-1000\..Trusted Domains: millenniumchem.com ([remote] https in Trusted sites)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5A13609-2F3F-4776-9A2A-FFEB9249C421}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5A13609-2F3F-4776-9A2A-FFEB9249C421}: NameServer = 207.69.188.187,207.69.188.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F881E23F-8C50-4F0A-8D6F-CF5F8F68BFF9}: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/21 16:34:34 | 000,000,101 | ---- | M] () - O:\Autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/18 23:57:22 | 000,000,000 | -HSD | C] -- C:\found.009
[2011/10/18 22:42:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/18 22:42:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/18 22:42:08 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/18 22:42:08 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/18 22:42:06 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/18 22:42:06 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/18 22:42:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/18 22:42:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/18 22:42:05 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/18 16:39:51 | 000,000,000 | -HSD | C] -- C:\found.008
[2011/10/17 17:50:20 | 000,000,000 | -HSD | C] -- C:\found.007
[2011/10/14 17:52:16 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/14 17:52:16 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/14 17:52:16 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/14 17:52:16 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/14 17:36:34 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/14 17:36:33 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/14 17:02:54 | 000,000,000 | -HSD | C] -- C:\found.006
[2011/10/13 21:43:06 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\ASCOMP Software
[2011/10/13 21:43:00 | 001,242,552 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\SysWow64\NMSDVDXU.dll
[2011/10/13 15:22:24 | 000,000,000 | --SD | C] -- C:\32788R~1
[2011/10/12 14:02:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\webex
[2011/10/12 13:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2011/10/11 17:11:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/04 18:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2011/10/04 18:14:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2011/10/04 18:06:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/04 18:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/04 18:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/10/04 16:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/04 16:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/04 16:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/04 15:23:12 | 000,000,000 | ---D | C] -- C:\d4f14e97366c60bd3caabb9ca8
[2011/10/04 14:44:18 | 000,000,000 | ---D | C] -- C:\2607f8a13b7c9fa9aa66e8ab31632f
[2011/10/04 13:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/10/04 13:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/10/04 13:23:40 | 006,136,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/10/04 13:23:40 | 003,021,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/10/04 13:23:40 | 000,836,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011/10/04 13:23:40 | 000,117,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/10/04 13:23:40 | 000,061,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011/10/04 13:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/10/04 13:23:00 | 006,613,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/10/04 13:23:00 | 001,519,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011/10/04 13:23:00 | 001,453,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011/10/04 12:50:56 | 000,506,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvudisp.exe
[2011/10/04 12:50:03 | 000,506,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE
[2011/10/03 20:59:27 | 000,000,000 | -HSD | C] -- C:\found.005
[2011/10/03 13:33:13 | 000,000,000 | -HSD | C] -- C:\found.004
[2011/10/01 20:38:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2011/09/30 16:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/09/30 16:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2 C:\Users\admin\*.tmp files -> C:\Users\admin\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/20 18:13:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/20 18:13:15 | 2146,267,135 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/20 17:48:41 | 000,796,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/20 17:48:41 | 000,672,662 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/20 17:48:41 | 000,125,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/20 17:39:46 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/10/19 10:42:40 | 462,058,567 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/19 00:08:06 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/19 00:08:06 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/18 22:50:17 | 000,470,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/18 16:40:38 | 000,006,896 | ---- | M] () -- C:\bootsqm.dat
[2011/10/13 14:41:33 | 000,000,202 | -H-- | M] () -- C:\Windows\SysNative\Drawing1.dwl2
[2011/10/13 14:41:33 | 000,000,052 | -H-- | M] () -- C:\Windows\SysNative\Drawing1.dwl
[2011/10/04 18:01:03 | 000,006,785 | ---- | M] () -- C:\Users\admin\AppData\Roaming\PrimoPDFSet.xml
[2011/10/04 16:21:07 | 000,001,288 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/04 13:51:40 | 000,002,120 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/10/04 13:50:12 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/10/04 13:44:52 | 000,002,052 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/04 13:42:11 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/04 13:24:30 | 001,742,966 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/10/04 12:33:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SM.lock
[2011/09/30 17:47:39 | 000,003,384 | ---- | M] () -- C:\{FE78D6E4-9C9E-421F-946A-53FF7F174791}
[2 C:\Users\admin\*.tmp files -> C:\Users\admin\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/18 16:40:38 | 000,006,896 | ---- | C] () -- C:\bootsqm.dat
[2011/10/13 12:25:55 | 000,000,202 | -H-- | C] () -- C:\Windows\SysNative\Drawing1.dwl2
[2011/10/13 12:25:55 | 000,000,052 | -H-- | C] () -- C:\Windows\SysNative\Drawing1.dwl
[2011/10/04 16:21:07 | 000,001,288 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/04 13:50:11 | 000,002,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/10/04 13:50:11 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/10/04 13:42:11 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/04 13:42:11 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/04 12:50:56 | 001,732,608 | ---- | C] () -- C:\Windows\SysNative\msicpl.dll
[2011/10/04 12:50:56 | 000,052,072 | ---- | C] () -- C:\Windows\SysNative\startup.exe
[2011/10/04 12:50:56 | 000,009,939 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu
[2011/10/04 12:33:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SM.lock
[2011/10/01 13:24:46 | 001,742,966 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/09/30 17:51:26 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1052.old
[2011/09/30 17:51:26 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1027.old
[2011/09/30 17:51:26 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1000.old
[2011/09/30 17:47:38 | 000,003,384 | ---- | C] () -- C:\{FE78D6E4-9C9E-421F-946A-53FF7F174791}
[2011/09/30 17:09:12 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2011/08/11 04:08:18 | 000,004,096 | -H-- | C] () -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 22:56:19 | 000,002,073 | ---- | C] () -- C:\Windows\checkip.dat
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/07 08:03:38 | 000,302,592 | ---- | C] () -- C:\Windows\SysWow64\cmd.exe
[2011/07/07 08:02:59 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\msiexec.exe
[2011/07/07 08:02:54 | 000,030,720 | ---- | C] () -- C:\Windows\SysWow64\msdmo.dll
[2011/07/01 06:31:55 | 000,159,741 | ---- | C] () -- C:\Windows\U-Clean Uninstaller.exe
[2011/05/28 09:36:14 | 000,159,609 | ---- | C] () -- C:\Windows\U-Surf Uninstaller.exe
[2011/05/19 22:10:38 | 000,001,940 | ---- | C] () -- C:\Users\admin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/04 20:48:18 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/04 19:53:52 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/17 08:46:20 | 000,000,760 | ---- | C] () -- C:\Users\admin\AppData\Roaming\setup_ldm.iss
[2011/04/15 21:16:59 | 000,007,631 | ---- | C] () -- C:\Users\admin\AppData\Local\resmon.resmoncfg
[2011/02/25 03:12:17 | 000,117,054 | ---- | C] () -- C:\Windows\CPICWPPR.DAT
[2011/01/10 17:01:00 | 000,006,785 | ---- | C] () -- C:\Users\admin\AppData\Roaming\PrimoPDFSet.xml
[2010/12/10 02:44:40 | 000,186,368 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/06 18:38:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/21 03:33:33 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/11/21 02:38:55 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/12/20 21:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/08/17 21:24:28 | 000,000,108 | RHS- | C] () -- C:\Windows\neoqaz2.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2000/07/15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 108 bytes -> C:\Windows:

< End of report >
=======================================================Extras.txt Below

OTL Extras logfile created on: 10/20/2011 7:52:13 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\admin\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.11 Gb Available Physical Memory | 88.89% Memory free
16.00 Gb Paging File | 15.15 Gb Available in Paging File | 94.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 213.72 Gb Free Space | 45.90% Space Free | Partition Type: NTFS
Drive J: | 1.88 Gb Total Space | 1.86 Gb Free Space | 98.58% Space Free | Partition Type: FAT
Drive O: | 967.22 Mb Total Space | 509.48 Mb Free Space | 52.68% Space Free | Partition Type: FAT

Computer Name: PDS-22 | User Name: admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3997780417-557740596-1451147213-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{266597A9-1664-0000-0100-DCBF2B69166B}" = Autodesk Vault 2012 (Client) English Language Pack
"{295CE5B3-0010-1033-AC4D-42870D4020DC}" = Autodesk SketchBook Designer 2012 - English
"{295CE5B3-1292-49C2-AC4D-42870D4020DC}" = Autodesk SketchBook Designer 2012 - English
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BE91685-1632-47FC-B563-A8A542C6664C}" = Autodesk Network License Manager
"{536CE037-9381-4A3F-9B70-4E0523730123}" = Nitro PDF Reader 2
"{5783F2D7-9005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9005-0409-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - English
"{5783F2D7-A005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2012
"{5783F2D7-A005-0409-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2012 Language Pack - English
"{5783F2D7-A028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2012
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60F61A95-0010-1033-AC10-5CDDAEDE2DF7}" = Autodesk SketchBook Designer for AutoCAD 2012 - English
"{60F61A95-24DA-49B1-AC10-5CDDAEDE2DF7}" = Autodesk SketchBook Designer for AutoCAD 2012 - English
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{76D6189D-1664-0400-0000-DFC2EE337EAC}" = Autodesk Inventor View 2012
"{76D6189D-1664-0400-0001-DFC2EE337EAC}" = Autodesk Inventor View 2012 English Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8BF20445-0010-1033-853B-F016F3127FCD}" = Autodesk Showcase 2012 64-bit - English
"{8BF20445-58A5-4870-853B-F016F3127FCD}" = Autodesk Showcase 2012 64-bit - English
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CC7C5BA5-0010-1033-B966-42899C00BD23}" = Autodesk Mudbox 2012 64-bit - English
"{CC7C5BA5-09B5-428E-B966-42899C00BD23}" = Autodesk Mudbox 2012 64-bit - English
"{CF526A26-1664-0000-0000-02E95019B628}" = Autodesk Vault 2012 (Client)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D28EFBA5-1664-4B79-946A-000BE950E8E2}" = Quick Uninstall Tool for Autodesk Product Design Suite 2012
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDD06F32-C9C8-429C-A7B0-915D8A5AD406}" = 64 Bit HP CIO Components Installer
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"AutoCAD Mechanical 2011 Version 2" = AutoCAD Mechanical 2011 Version 2
"AutoCAD Mechanical 2012" = AutoCAD Mechanical 2012
"Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"Autodesk Inventor View 2012" = Autodesk Inventor View 2012 English
"Autodesk Mudbox 2012 64-bit - English" = Autodesk Mudbox 2012 64-bit - English
"Autodesk Showcase 2012 64-bit - English" = Autodesk Showcase 2012 64-bit - English
"Autodesk SketchBook Designer 2012 - English" = Autodesk SketchBook Designer 2012 - English
"Autodesk SketchBook Designer 2012 - English SP1" = Autodesk SketchBook Designer 2012 - English SP1
"Autodesk SketchBook Designer for AutoCAD 2012 - English" = Autodesk SketchBook Designer for AutoCAD 2012 - English
"DWG TrueView 2012" = DWG TrueView 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.22
"xplorer2p64" = xplorer² professional 64 bit

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DC9CFE8-E7FB-4D9B-99E6-2072994E8EFB}" = Wunderlist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28782E93-6811-44FC-AD36-B4FB75E86CAB}" = One-Click Export
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34770A96-B7B2-4436-A50F-F783BF6F30AC}" = EasyScreenCaptureVideo
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77EC0381-5ACA-456D-B578-8FA5D1435758}" = Merge Tables Wizard for Microsoft Excel
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AD9E6AC8-27B4-326A-69D1-C8A3549DAC22}" = Bamboo Dock
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser
"{D3809427-A155-4008-A8EC-3943B498A974}" = PC Check & Connect
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"Autodesk Vault 2012 (Client)" = Autodesk Vault 2012 (Client)
"CompuPic Pro" = CompuPic Pro
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader_is1" = Foxit Reader 5.0
"HiWiredClient" = PC Check & Connect
"IrfanView" = IrfanView (remove only)
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Mozilla Firefox 7.0.1 (x86 en-ZA)" = Mozilla Firefox 7.0.1 (x86 en-ZA)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Bamboo
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PrimoPDF4.1.0.9" = PrimoPDF
"RadialpointClientGateway_is1" = Windstream Servicepoint 3.7.47
"RocketDock_is1" = RocketDock 1.3.5
"SafeHouseExplorer" = SafeHouse Explorer 3.00
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Synergy" = Synergy
"U-Clean" = U-Clean
"U-Surf" = U-Surf
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3997780417-557740596-1451147213-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >