Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Win32/Alureon.FE

Started by Brad Thomas , Nov 04 2011 11:04 AM

This topic is locked

#1
Brad Thomas

Posted 04 November 2011 - 11:04 AM

New Member

Member
9 posts

My computer was attacked by Win32/Alureon.FE on 23 Oct. With MSE, Superantispware, Malwarebytes and etc. I thought it was removed. Today when I booted computer I now have a icon on desktop from bandoo.com also had favorites in IE for Yahoo and Ebay that I didnt put there.

OTL logfile created on: 11/4/2011 10:45:42 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jbradthomas\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 42.19% Memory free
12.20 Gb Paging File | 9.71 Gb Available in Paging File | 79.54% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.63 Gb Total Space | 347.54 Gb Free Space | 59.86% Space Free | Partition Type: NTFS
Drive D: | 15.54 Gb Total Space | 8.01 Gb Free Space | 51.56% Space Free | Partition Type: NTFS

Computer Name: BRADSPC | User Name: Jbradthomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/04 10:41:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jbradthomas\Desktop\OTL.exe
PRC - [2011/10/09 20:33:21 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
PRC - [2004/07/21 16:28:02 | 000,413,807 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

========== Modules (No Company Name) ==========

MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/03/16 08:37:32 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/13 18:42:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/29 12:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/14 20:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2007/05/31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/20 07:05:02 | 000,059,048 | ---- | M] (SafeNet, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/25 16:08:56 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/16 08:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S5500(UVC)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\Sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/06/10 15:46:04 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 00:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2008/12/17 01:01:20 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/05/01 00:17:40 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/03/16 08:48:25 | 000,324,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/03/16 08:37:38 | 001,513,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/03/16 08:37:37 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/03/16 08:37:37 | 000,403,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/03/16 08:37:34 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/03/16 08:37:32 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/01/20 21:47:27 | 000,214,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 21:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/03/08 17:19:00 | 000,012,800 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/10/06 21:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2011/10/23 09:07:00 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/23 09:07:00 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/10/23 09:07:00 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...M=FX4710-UB003A

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 CD AA CD A3 98 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jbradthomas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jbradthomas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/13 11:39:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/31 12:10:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/31 12:10:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/13 11:39:06 | 000,000,000 | ---D | M]

[2008/10/06 03:24:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Extensions
[2011/10/31 12:08:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\extensions
[2011/09/21 11:09:05 | 000,000,000 | -H-D | M] (Coupons.com Community Toolbar) -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2011/07/07 10:17:58 | 000,000,925 | -H-- | M] () -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\searchplugins\conduit.xml
[2008/12/09 07:07:30 | 000,002,354 | -H-- | M] () -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\searchplugins\kiwee-live-search.xml
[2010/08/28 06:58:15 | 000,002,037 | -H-- | M] () -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\searchplugins\kiwee-toolbar.xml
[2011/10/31 12:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/23 22:33:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/18 11:01:27 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/10/18 11:01:27 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2011/07/13 16:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/13 16:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Coupons.com = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb\2.2.0.5_0\

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B8252B0-298D-434D-B8D5-EF912D57701C}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/16 09:49:12 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/04 10:42:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jbradthomas\Desktop\OTL.exe
[2011/11/04 03:18:24 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{70FDB668-D150-4A4E-BD92-1C6AA891E89B}
[2011/11/04 03:18:23 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{589DF8A6-8BC6-4AB2-9FC1-E953232705DA}
[2011/11/03 15:18:07 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{195EBCCB-7957-4568-A517-4A1C8763A84B}
[2011/11/03 15:18:06 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E2C2FE82-E08F-4988-959C-67A80D8CBF39}
[2011/11/01 08:28:46 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F88CE388-C5C8-4699-94C6-F9A0CFCC158C}
[2011/11/01 08:28:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7E1B170A-0D23-46EA-B4FD-12F61E873C7B}
[2011/10/31 20:28:42 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{80852CC8-B4CD-4318-A858-0852849939D3}
[2011/10/31 20:28:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{3F1B5B42-07E6-46C7-BE6C-01B67733DA7E}
[2011/10/31 10:24:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\jZip
[2011/10/31 10:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Searchqu Toolbar
[2011/10/31 10:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchCore for Browsers
[2011/10/31 10:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
[2011/10/31 10:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2011/10/31 08:27:56 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{0ED09FD6-A13C-43FC-A417-1556C97AFACE}
[2011/10/31 08:27:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{320862B3-F130-466E-A58F-C545964B47E9}
[2011/10/30 20:27:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D98335CB-9528-4F6D-B06F-308A20B23CC5}
[2011/10/30 20:27:50 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1D4C9D33-F408-4F95-AEFC-5DD3AF8DEB1C}
[2011/10/30 08:27:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{FCDD1E53-1EDC-4D30-8EFC-ED51425BBB54}
[2011/10/30 08:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{83B2AE1A-B500-4848-A060-138936DDBA8D}
[2011/10/29 20:27:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4746BADF-6CC0-448D-8DCF-42A80BDA3E22}
[2011/10/29 20:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8F8E56F7-FBCE-4253-98A5-3654EA8E0901}
[2011/10/29 08:27:28 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{177B81AE-2314-40CC-B979-AEB1D24E029F}
[2011/10/29 08:27:26 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5D974420-BE6D-492D-9951-8528B56A17A2}
[2011/10/28 20:27:23 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D389508A-0DCD-406F-8302-BB4711BE68F1}
[2011/10/28 20:27:22 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{72F9DDCB-D683-4F77-A1F4-8A00850E903F}
[2011/10/28 08:27:19 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{3051D001-5E83-433E-A1CA-C3D873C4E389}
[2011/10/28 08:27:18 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{BFB1584D-14C4-41CA-B7B9-2AEFA5FE9654}
[2011/10/27 20:27:15 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9E1D30E6-C19E-408C-9237-A19477B573AD}
[2011/10/27 20:27:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{759A26B4-5E4E-494B-8BDE-2E421D8DD078}
[2011/10/27 08:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8848BA6E-FA92-4304-849F-8A2ABF954CDC}
[2011/10/27 08:27:08 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{CCAAE388-8EDC-45CD-B19E-5F9A98EBFEC9}
[2011/10/26 20:27:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C3AF072B-2A59-440B-A903-514C3978AF5A}
[2011/10/26 20:27:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DA5A2210-8EE5-4E0B-80D6-953B674ABC43}
[2011/10/26 08:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8ED9F5A6-4899-494F-8C5A-3E9C1B67F376}
[2011/10/26 08:26:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{ADC0E36A-BC92-47AE-A3EA-77FF1BA22AEB}
[2011/10/25 22:51:11 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/10/25 22:51:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/25 20:26:21 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{B6228F80-8380-4B25-A0EB-6B87CC6038CE}
[2011/10/25 20:26:20 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{715D5497-7787-4939-81A0-2D9CBD758371}
[2011/10/25 09:51:20 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\Tracing
[2011/10/25 08:26:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9BE6CBBA-6873-41F7-9EA5-0248718DF0A2}
[2011/10/25 08:26:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DC07A535-4B31-4468-BDD2-E4C7C3B6F18C}
[2011/10/25 08:26:02 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1F38FF5D-D06F-43FB-AD44-5794F15FFB1D}
[2011/10/25 08:26:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D8711088-2994-4294-996D-641C9557CB35}
[2011/10/24 20:25:56 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7D62A990-35EB-4555-8CB7-A14A085690E3}
[2011/10/24 20:25:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4D694B52-4212-407D-8595-B384E10ACC57}
[2011/10/24 20:25:54 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F09C6B6C-4878-438A-A14D-B4B93D37CFD1}
[2011/10/24 20:25:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6D19E09E-74C5-4FC5-8671-954ED4C0EFAF}
[2011/10/24 16:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/10/24 10:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/10/24 09:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/10/24 09:21:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/24 08:25:06 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{54697B44-1C82-4FEE-8164-95082EE514EF}
[2011/10/24 08:25:05 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5B1061DF-0384-4BF9-8C08-79AC128CAF25}
[2011/10/24 08:25:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9EF531E7-84A4-4F79-A823-312239D69117}
[2011/10/24 08:25:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{ED97F054-99DE-4FA4-AC96-2D738FD027D8}
[2011/10/23 22:47:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/23 21:28:09 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Roaming\Malwarebytes
[2011/10/23 21:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/23 21:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/23 21:27:42 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/23 21:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/23 21:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/10/23 21:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/23 20:24:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F8F0E839-1A07-4C45-BCC8-2BC570BD7066}
[2011/10/23 20:24:33 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{22AA5ED2-7A03-4B4D-A098-61B5AE8A23FF}
[2011/10/23 08:32:46 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/10/23 01:29:00 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{EF964A13-33BC-4B0B-AA7F-52E3BB26D66C}
[2011/10/23 01:28:59 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{5EED3EC5-4E91-43B5-A8E6-2DAE66BA84DE}
[2011/10/23 01:28:58 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{4EB003C8-3C13-4BD0-B023-040913D69D53}
[2011/10/22 13:28:50 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{6DA3080F-FDC6-45E9-B197-F20A8AC217DE}
[2011/10/22 13:28:48 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{4BF3EB55-880D-4651-8ADB-A8D58FDFBBE9}
[2011/10/22 13:28:45 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{06D9D121-76FC-4BE1-BA8D-30069C36BDB9}
[2011/10/22 01:28:39 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{F4B16603-713D-4476-B831-601F32894C2C}
[2011/10/22 01:28:38 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{66098A67-1925-4DE3-8682-1084B7926471}
[2011/10/22 01:28:37 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{4DB211BB-3540-4FE9-A02E-7E27FEBF642C}
[2011/10/21 13:28:33 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{C6FEEF9A-AEEB-4915-AA1B-D8E1C4D31EEB}
[2011/10/21 13:28:32 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{67A99A51-D200-4AA7-859F-759399918D71}
[2011/10/21 13:28:26 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{D87B6913-6AB5-4760-A606-958503D2730D}
[2011/10/21 01:28:23 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{6FF1EB67-346C-4E83-868E-F2306F800F8C}
[2011/10/21 01:28:22 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{5A229087-D3E0-4195-AE3E-CB3E6BB97F42}
[2011/10/21 01:28:21 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{A2A03C9B-3A29-4FBB-9447-99C2BA93E893}
[2011/10/20 13:28:14 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{701EC79F-3DD4-4AA4-AA4C-D76D9918849A}
[2011/10/20 13:28:14 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{2F797BED-3C2D-4292-A089-9F91F60169B2}
[2011/10/20 13:28:11 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{D39C0BB3-FF14-4446-A6E4-52CE9AA36A5A}
[2011/10/20 01:28:09 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{8C48DA87-FFEB-4CC1-8810-40403623A56B}
[2011/10/20 01:28:08 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{14FD3B5F-BE67-4B28-84D5-98DC49D951C0}
[2011/10/20 01:28:07 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{BA41271D-D074-4652-AC34-8B53CFA1602B}
[2011/10/19 13:28:03 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{FAC1C354-CF5D-413C-BC75-971C930EBE8D}
[2011/10/19 13:28:02 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{98087446-9C54-47DD-BD6C-2E56A7243FC5}
[2011/10/19 13:28:01 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{E01D1A42-B259-4152-956B-8DCCF2E9DE4B}
[2011/10/19 01:27:56 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{E3A61CB1-89B0-447C-B94B-79CC68FD3055}
[2011/10/19 01:27:55 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{456F41DD-AC10-431A-83D4-AF8596BD8118}
[2011/10/19 01:27:54 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{6F0BE716-304D-4094-B26D-04583C3D1853}
[2011/10/19 01:27:53 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{866CAB1D-BE9A-4D63-A1F3-60A27F3F722E}
[2011/10/18 13:27:37 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{8F937E7D-BD7B-43F4-A66F-E8F8A904B749}
[2011/10/18 13:27:37 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{00E1F861-25DC-4B45-83E8-567F3D42F14F}
[2011/10/18 13:27:35 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{D2D79255-E2AB-445D-9AF8-956F03E34A59}
[2011/10/18 01:27:31 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{535FE6C6-9C41-4C34-A632-C7118CAE1D6A}
[2011/10/18 01:27:30 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{BDF4455E-BA83-4B9A-917B-5D371373C32E}
[2011/10/18 01:27:29 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{5804CF67-7342-41D8-9488-405E90086559}
[2011/10/17 13:27:22 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{4A6A1D72-AA73-401B-8DC5-55A67D26D1DD}
[2011/10/17 13:27:22 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{0F95BF70-4426-4695-A96F-C36C66E079B9}
[2011/10/17 13:27:20 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{4F65B4BF-CD24-48B1-935C-0B7ED0E1C222}
[2011/10/17 01:27:16 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{EC8B8277-0692-43D9-8B98-131B871428A5}
[2011/10/17 01:27:15 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{CB6706C1-84D4-4D4B-8689-7688995E2C8F}
[2011/10/17 01:27:13 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{60B029AF-5E51-4151-B7B4-59DB9D0940FD}
[2011/10/16 13:27:09 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{E56F18E1-E765-43B3-8024-1BD4EF6F1271}
[2011/10/16 13:27:08 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{9BD6C68A-8DC0-438E-90BF-F921891149A0}
[2011/10/16 13:27:04 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{BF048472-A3BB-4D38-808F-C554D283638E}
[2011/10/16 01:26:59 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{81162F9D-5D72-4A9B-A5CC-07C70572985B}
[2011/10/16 01:26:58 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{62DB54E8-B02F-4AC0-89C5-88D545675BD2}
[2011/10/16 01:26:55 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{26A37FF5-BB0E-4D6C-BEED-8AB173B7CAA3}
[2011/10/15 13:26:53 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{1E4F7663-327E-47CD-B035-D95B6E426843}
[2011/10/15 13:26:52 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{E39ED672-EADC-41FF-87EC-D03FC150A6B0}
[2011/10/15 13:26:51 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{FC27933C-30AC-44A3-8EC8-606F8B4FD8AF}
[2011/10/15 01:26:47 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{A1EFA759-1DF4-4143-AAB0-4E1D3D61977C}
[2011/10/15 01:26:47 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{8B8E595A-62EF-487E-9B3E-EBF6D3EDEF77}
[2011/10/15 01:26:44 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{ACEF8E28-6BDE-456A-A48B-3CF805331258}
[2011/10/14 13:26:41 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{6FA520DB-2DD0-4938-88E2-36C8339490EA}
[2011/10/14 13:26:40 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{20CB0C14-D98E-44E3-B107-76D3FBB5C131}
[2011/10/14 13:26:39 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{55F30D49-10F2-4196-B89F-75B40F75EDAF}
[2011/10/14 01:26:32 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{E91CD58D-9404-4633-A330-7F7D83FA3723}
[2011/10/14 01:26:32 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{4B0E7FB4-0B0D-464F-9239-EFF2190CCFAC}
[2011/10/14 01:26:31 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{F2FD2EC5-47ED-4B20-8CCD-E3643CB50F22}
[2011/10/14 01:26:30 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{7815CA81-1A45-48D7-A7E3-931F974C0B9E}
[2011/10/13 17:23:41 | 000,145,448 | ---- | C] (SafeNet, Inc.) -- C:\Windows\SysNative\drivers\sentinel64.sys
[2011/10/13 17:20:36 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\Documents\Downloaded Installations
[2011/10/13 13:26:14 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{80D4C827-D0DB-4FC5-9E3D-3C5D48B99F53}
[2011/10/13 13:26:14 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{6DF3083F-2B32-4434-B631-198BF9CE5D8E}
[2011/10/13 13:26:13 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{4057A6D6-EC08-4F65-B7A9-28868AE177F1}
[2011/10/13 13:26:11 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{B68A7EA0-6F01-4E50-BE96-42857E605524}
[2011/10/13 01:25:55 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{4D8AC8DB-A809-45DD-8C80-74AFA82F3968}
[2011/10/13 01:25:54 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{B19F1FE6-08BC-46D4-962E-BAE1F7E2028D}
[2011/10/13 01:25:53 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{9237089F-F10A-4C38-8F99-9157D43ACC33}
[2011/10/13 01:25:49 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{4590DC15-D8FE-4816-B9CD-7F5A0DADFFD8}
[2011/10/12 13:25:46 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{F2C333A0-D951-45DD-9EB8-555B05B6AF1C}
[2011/10/12 13:25:45 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{E1ACC9DE-4F9B-4577-9D39-C952B5A61751}
[2011/10/12 13:25:45 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{A6B9F850-2141-49B1-AD80-CDD3375825DD}
[2011/10/12 13:25:43 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{5B23E5AE-CC09-4488-955C-4B4F117526D7}
[2011/10/12 01:25:40 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{7B01D0AA-38E5-45CD-9CB3-193C7BBF99D2}
[2011/10/12 01:25:40 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{479DA582-8C37-4B90-B94E-AC5509DC4F70}
[2011/10/12 01:25:39 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{732A41F1-C847-4F85-B125-A645ECC4AC3A}
[2011/10/12 01:25:38 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{D31D1069-6879-4F68-A179-0659AE71C1BE}
[2011/10/11 13:25:35 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{4C4A5CFD-7CD3-4F43-874E-3DEB29ABD573}
[2011/10/11 13:25:34 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{A9A8C5D8-CBF9-4C71-8556-4C9BBBD644C2}
[2011/10/11 13:25:33 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{59389D86-8A5C-4F15-AB9A-1FC0777B0312}
[2011/10/11 13:25:31 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{743584B6-D5D7-46FD-9060-B9EBAD363B2A}
[2011/10/11 01:25:28 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{F5537FB3-2FC3-4774-8471-3F602AFA4C63}
[2011/10/11 01:25:28 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{27083800-9DA9-4A04-981E-C47F4CA5F01C}
[2011/10/11 01:25:27 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{C7F1C53B-E5D3-4C73-B195-C0820BDBB266}
[2011/10/11 01:25:26 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{23F28EA3-C65C-4EB1-B3CB-69165AD46827}
[2011/10/10 13:25:18 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{3EE78E11-9370-4F3B-8070-97D826CA9427}
[2011/10/10 13:25:18 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{15D58D09-1C37-4C93-A525-533D2954656F}
[2011/10/10 13:25:16 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{DE1B4200-1ADD-4467-ABB4-84AB7DACE278}
[2011/10/10 13:25:15 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{AEF69827-784A-48D9-BB02-C9DD7A527493}
[2011/10/10 01:25:12 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{C15409FC-2394-4525-AF3C-EF5EDE6912FB}
[2011/10/10 01:25:10 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{C8218B78-E050-4EF4-99E5-94100946639F}
[2011/10/10 01:25:08 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{C114BB55-51F2-4E0E-8955-5FBC2909C9CC}
[2011/10/10 01:25:03 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{19F1B09E-5930-45A9-9AF6-12393E775BAF}
[2011/10/09 13:24:42 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{E64D9953-42E7-41AA-9C36-A44C223D73C6}
[2011/10/09 13:24:21 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{63D6ED6B-11A6-41B1-9349-9BF300F5A525}
[2011/10/09 01:24:16 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{0DE939B9-ACA8-4319-9D9A-98A2F478C37C}
[2011/10/09 01:24:11 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{236C53C1-601E-4A6E-8B06-64B55C24F670}
[2011/10/08 13:24:00 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{E899EC29-5598-42FC-9714-76138276B181}
[2011/10/08 13:23:46 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{4E7F36C5-5DBF-4A2F-A621-B5B0BC1A558A}
[2011/10/08 01:23:44 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{D650B746-D2AF-4216-A835-57CBF2193013}
[2011/10/08 01:23:43 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{9B420DE8-D2BD-4039-92C5-AE98554E005E}
[2011/10/08 01:23:42 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{592DA6F9-81DF-4036-B653-B309B66622A3}
[2011/10/08 01:23:39 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{8035C5F4-065C-40A9-99BD-E14F4380EFBC}
[2011/10/07 13:23:36 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{FB8AFF1D-607D-489B-BD6F-9E0560053943}
[2011/10/07 13:23:35 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{A1C2CBB1-2EC2-49A2-B040-0512D36EFC5B}
[2011/10/07 13:23:34 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{1D2E2476-DB4E-4BA0-8E68-31564B2C07A3}
[2011/10/07 13:23:30 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{2BD7BA1F-C2FE-4793-B298-A8789A890312}
[2011/10/07 01:23:27 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{BACA015F-A246-4CB3-B53F-347103C4541C}
[2011/10/07 01:23:26 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{936CF71E-7F5E-45D4-BE0A-D8BE1560C150}
[2011/10/07 01:23:26 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{811777AF-23D6-4A32-AB38-53A6C10A3054}
[2011/10/07 01:23:24 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{8F679C63-CC22-4790-91E2-ABDC8C8A9D9D}
[2011/10/06 13:23:21 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{A8A66D22-7B58-4A22-B76B-603220163C08}
[2011/10/06 13:23:21 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{700A4CC2-8075-45BE-9AB6-D631F75F2234}
[2011/10/06 13:23:20 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{92B3FBB6-53D2-4592-9DB4-2DB245FE2E7F}
[2011/10/06 13:23:18 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{5A708294-D40F-4001-89C4-18D1F8A7E354}
[2011/10/06 01:23:15 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{375EFB4C-1B41-4CDC-B72B-54548E0C287D}
[2011/10/06 01:23:15 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{2F48667C-C3D1-4230-A20A-025D7B7C1B43}
[2011/10/06 01:23:14 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{3DEE158B-80E3-42C5-B191-DAF2815E0986}
[2011/10/06 01:23:13 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{FB1F0141-507D-42A9-9FF5-76334C6FB93C}
[2011/10/05 13:23:10 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{DAFA3FC3-FEDB-4BB4-A180-8837B879ED3D}
[2011/10/05 13:23:09 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{638894D5-BDD8-4A42-AB8C-DFDF64DDD5F9}
[2011/10/05 13:23:08 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{77E79845-EF3C-47B6-83CF-CC9C8F0F681F}
[2011/10/05 13:23:07 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\AppData\Local\{0A62AC17-4A0C-4628-9301-C3673EFB6782}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/04 10:41:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jbradthomas\Desktop\OTL.exe
[2011/11/04 10:22:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-738866140-2067582595-1557706530-1004UA.job
[2011/11/04 10:03:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/04 09:16:31 | 000,003,344 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 09:16:31 | 000,003,344 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 08:22:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-738866140-2067582595-1557706530-1004Core.job
[2011/11/03 18:30:15 | 000,706,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/03 18:30:15 | 000,606,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/03 18:30:15 | 000,104,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/03 15:19:46 | 000,000,990 | -H-- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (4).lnk
[2011/11/03 15:16:49 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/03 15:16:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/03 15:16:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/11/03 15:16:23 | 2145,574,911 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/01 10:32:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/01 07:40:34 | 000,000,990 | -H-- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (3).lnk
[2011/10/31 12:16:13 | 000,000,990 | -H-- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/10/31 12:10:15 | 000,000,923 | ---- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/31 12:10:15 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/31 10:24:39 | 000,000,133 | ---- | M] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2011/10/31 10:24:37 | 000,000,801 | ---- | M] () -- C:\Users\Public\Desktop\jZip.lnk
[2011/10/31 10:24:37 | 000,000,769 | ---- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2011/10/27 19:24:47 | 000,002,083 | -H-- | M] () -- C:\Users\Jbradthomas\Desktop\Google Chrome.lnk
[2011/10/26 15:29:11 | 000,025,172 | ---- | M] () -- C:\Users\Jbradthomas\Documents\cc_20111026_152858.reg
[2011/10/26 13:34:29 | 000,004,032 | ---- | M] () -- C:\Users\Jbradthomas\Documents\cc_20111026_133401.reg
[2011/10/24 10:05:54 | 000,001,939 | ---- | M] () -- C:\Users\Jbradthomas\Desktop\HiJackThis.lnk
[2011/10/24 08:04:23 | 000,001,102 | ---- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2011/10/24 08:04:04 | 000,000,990 | -H-- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/10/23 21:27:47 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 21:02:26 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/23 20:47:04 | 000,000,732 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps64.dat
[2011/10/23 20:14:58 | 000,001,356 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps.dat
[2011/10/18 17:11:19 | 000,388,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/03 15:19:46 | 000,000,990 | -H-- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (4).lnk
[2011/11/01 07:40:34 | 000,000,990 | -H-- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (3).lnk
[2011/10/31 12:16:13 | 000,000,990 | -H-- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/10/31 12:10:15 | 000,000,923 | ---- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/31 12:10:15 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/31 12:10:14 | 000,000,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/31 10:24:39 | 000,000,133 | ---- | C] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2011/10/31 10:24:37 | 000,000,801 | ---- | C] () -- C:\Users\Public\Desktop\jZip.lnk
[2011/10/31 10:24:37 | 000,000,769 | ---- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2011/10/26 15:29:00 | 000,025,172 | ---- | C] () -- C:\Users\Jbradthomas\Documents\cc_20111026_152858.reg
[2011/10/26 13:34:12 | 000,004,032 | ---- | C] () -- C:\Users\Jbradthomas\Documents\cc_20111026_133401.reg
[2011/10/25 09:49:26 | 2145,574,911 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/24 09:21:55 | 000,001,939 | ---- | C] () -- C:\Users\Jbradthomas\Desktop\HiJackThis.lnk
[2011/10/24 08:04:23 | 000,001,102 | ---- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2011/10/24 08:04:04 | 000,000,990 | -H-- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/10/23 21:27:47 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 21:02:26 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/23 20:47:04 | 000,000,732 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps64.dat
[2011/06/19 16:32:45 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2011/02/08 22:46:00 | 000,165,018 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011/02/08 22:46:00 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/01/26 15:30:24 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/13 11:38:52 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/06/10 19:33:43 | 000,077,381 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/02/04 08:19:33 | 000,000,228 | ---- | C] () -- C:\Windows\DC_Manager.ini
[2009/12/20 17:28:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/20 12:17:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/09/09 15:50:18 | 000,002,348 | -H-- | C] () -- C:\Users\Jbradthomas\AppData\Roaming\wklnhst.dat
[2009/07/16 12:55:12 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/16 12:54:50 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/07/16 12:54:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/05 13:31:17 | 000,001,356 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps.dat
[2009/04/30 16:32:00 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/30 16:32:00 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/18 07:15:37 | 000,000,079 | ---- | C] () -- C:\Windows\GSAK.INI
[2008/12/23 09:59:50 | 000,000,437 | ---- | C] () -- C:\Windows\SysWow64\gmsblist.dll
[2008/12/08 20:32:10 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/12/08 20:32:10 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/10/29 19:46:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/10/12 03:46:16 | 000,164,341 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/10/12 03:46:16 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2008/10/05 20:43:20 | 000,008,192 | -H-- | C] () -- C:\Users\Jbradthomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/05 18:53:38 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/10/05 15:58:07 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/04/09 16:10:19 | 000,360,448 | ---- | C] () -- C:\Windows\SysWow64\HotlineClient.exe
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002/03/14 12:00:26 | 000,038,567 | ---- | C] () -- C:\Windows\SysWow64\pcpbios.exe
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\sysres.dll

========== LOP Check ==========

[2008/12/08 20:44:44 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\agi
[2008/10/25 20:46:26 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Ashampoo
[2009/12/24 08:18:28 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Autodesk
[2011/04/19 06:06:34 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Catalina Marketing Corp
[2009/01/18 07:16:09 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\EurekaLog
[2008/12/21 07:41:19 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\GARMIN
[2010/10/21 19:05:01 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\gtk-2.0
[2009/12/20 07:54:52 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\hIq Inc
[2008/11/21 19:06:43 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\ICAClient
[2010/02/04 15:04:32 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\IMSIDesign
[2011/09/17 17:06:13 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\IObit
[2009/05/15 13:40:34 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\iolo
[2010/03/13 11:22:53 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\IrfanView
[2010/02/16 16:42:45 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\KoshyJohn.com
[2009/04/26 21:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Leadertech
[2008/12/08 13:55:46 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Masque
[2010/09/27 12:11:49 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\SampleView
[2011/09/19 17:10:18 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Teleca
[2009/09/09 15:50:20 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Template
[2010/11/01 12:21:11 | 000,000,000 | -H-D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Windows Live Writer
[2011/11/01 10:32:43 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:BF98CBAF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5F64C164
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B0832161

< End of report >

OTL Extras logfile created on: 11/4/2011 10:45:42 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jbradthomas\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 42.19% Memory free
12.20 Gb Paging File | 9.71 Gb Available in Paging File | 79.54% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.63 Gb Total Space | 347.54 Gb Free Space | 59.86% Space Free | Partition Type: NTFS
Drive D: | 15.54 Gb Total Space | 8.01 Gb Free Space | 51.56% Space Free | Partition Type: NTFS

Computer Name: BRADSPC | User Name: Jbradthomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 74 8F FE 04 52 06 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0254408F-80F0-47C0-AC6C-46C820969D1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{07B95DEB-6370-4836-81A2-652DB087E025}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0FB33BAB-A9E9-4742-B3C4-1A048FC55856}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0FFBBF0A-0AD8-4570-85C4-50E146AFE3DE}" = lport=138 | protocol=17 | dir=in | app=system |
"{1122D6AF-AB21-470B-9063-EABAB8FE29F6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{15C16543-2040-43B1-B624-D487632E73E0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{183CB412-0D95-4F93-AED6-A711C4004531}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{1C6F9091-9531-4A14-8003-655146F2E37C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1F471E53-B35B-4B36-96FE-C532C823472E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{21CE91C9-EB69-4942-AFA8-73A53DB18570}" = rport=138 | protocol=17 | dir=out | app=system |
"{283F1125-E2AD-49C2-9B06-2023104CCCF4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2BA5BFC1-7B4B-4F5F-A596-0CABE6CE2E4A}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{33811702-B724-4FEE-8167-6F2CB4CF6408}" = rport=139 | protocol=6 | dir=out | app=system |
"{3D53611E-FE95-4387-9FA3-73762BC39426}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{49E3E4D7-E6A0-4FC9-83DB-AE5048591D54}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4AF70B34-581B-412B-ABDC-71AE9630D300}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4CB4DCA0-384A-49D2-9E95-B2B63BBA7D66}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{50EC7FC3-0727-4F5D-B1F0-085A62D773CB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{5B7292BC-985B-4938-9972-95087C1AFE1C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5B7A364A-492E-435E-B9FA-82C501AAB68F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{632138CF-4C4A-4AB7-9779-3BDB6DFE87CD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6350F6DC-9D52-47E6-B84A-B0076BA6315D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{6578E40F-55D9-453C-8609-B32573A515C1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{667111B1-F3C0-412D-8A93-6D4B59D96D27}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{708A0880-8D06-4590-AED3-E59D28DEAAC1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7A85E833-B929-4AF8-918E-EB24D25192A2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{88BFB0C2-B79D-49B5-A432-6B6868D5EB7B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8BB9F230-6C47-4DC2-A057-C815080C3946}" = rport=137 | protocol=17 | dir=out | app=system |
"{912C8253-DEA2-4C18-A732-426B7473D5F5}" = lport=139 | protocol=6 | dir=in | app=system |
"{9257AE09-C60F-4F72-ABBB-1F62715CE3B7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{992FCA13-8D6D-4972-863A-45CD66A545B8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9F15A5C2-2AB4-4D1F-B80D-EC9E07241A37}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A1ECDFC9-5F69-4446-A74B-EC4FBE6931F7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A3294B77-ABF3-423E-9629-A7B99E7BF73B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A62672AB-0DFC-40F6-80AE-FCB3F4A83736}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B13F8865-99E4-4790-8215-74872A4BEA84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BBD27E77-1A81-4FC3-84DF-4B40050C4B37}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{C1E5D482-47C5-4AB3-A8E4-BA59D89621AB}" = lport=137 | protocol=17 | dir=in | app=system |
"{C67537BE-9FB1-49C8-82E8-1DD621C8C28F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CB3B85B7-5F6F-432A-A86C-D19A6377F20B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CCAE77F9-3560-4215-B50F-2516612A8A77}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D3DD493A-BEEA-4472-B28F-969B8101570B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D58A4BF7-D1F8-49D3-904B-2C11A57F731F}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6567C79-CDF3-4E8D-A9D2-ED8AC171CD5A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E19670B6-3099-42C5-AF42-3C5E3B8FF730}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E2298996-DEC5-467A-80DF-11BC3EDB9F21}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E69936A4-C2E8-4BCA-A180-52BC9853F6E7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E969B843-9D1C-4E5A-97D4-001A0E2436FC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{EA56C5AC-4A30-43AE-9652-38450F15B40D}" = lport=445 | protocol=6 | dir=in | app=system |
"{ECDAA089-29BA-4B28-A96B-B6DE908F491C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F0BF6342-857F-45B7-A6E5-B3C334E95F3A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F320485E-0008-4153-BE2F-ADE3A7A9EF14}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FB1012E3-ADCB-45C3-8791-C71E93605B66}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0093F028-C15A-4976-B499-442CF5113C44}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{04D8ECFB-7695-4A18-AFEE-6FACBBAE93C1}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{0B211EF3-CA8A-401C-82C0-1563FC39C238}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C916CBD-43E8-4D4F-BBC9-118331C0450F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0DAC8815-8C32-4613-85EE-79AAD8BA59A2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0DDF9F0D-62A7-4DF7-A853-FEA4AE318102}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0EC70995-E0BE-43F2-B300-761D7D3BA444}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0EED8DEB-59D6-4E4E-B892-F0877CFFC2F1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0F74D088-D31C-4117-8A2C-A7959C6A787C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0F92997E-152D-4C00-B89E-C4AF2331091E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0FCEE80C-8B27-4713-BB2D-A236D11AA575}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{116082A3-17EB-4DA2-B4F5-AC812A96A7E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{125D1B65-9B3B-4238-AF32-B1EC7956545B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{14808536-9E80-40BC-A072-163C1EFA1BD3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19BFE0ED-D542-462B-9FF0-FA80FDF8E4A6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1A91B569-A7B9-436E-B05D-A6A247344548}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{1AB47B4C-EBD1-47D0-95FE-7496B2EDB165}" = protocol=58 | dir=in | [email protected],-28545 |
"{222DAE4C-A54A-4B28-961F-2842D1422FD2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2236AEC6-366C-4916-BEB9-EC5B76F69A1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2453BF53-225D-42AB-A789-6CAF9CA833EE}" = protocol=17 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{24D62525-476C-4BCD-BB37-E27C094B70B8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{26784606-F773-4256-85A1-A5E9EF631C49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2A02DAB4-8773-4225-82F5-E6184192C498}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2B098841-C558-482C-9012-411C3F5CDBDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{2B8C0798-21E9-48F6-A0C7-0EFC19A8D84D}" = protocol=1 | dir=in | [email protected],-28543 |
"{2D9C35A6-F0FE-4F37-9B42-72A6C2010151}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3059F51E-4E8E-4A98-8650-AFB1C75FD7A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{30BF6859-8441-4AFE-A2EC-98D536E8C2B3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{310CA76B-8A4D-490E-8C3B-66D32B1DB443}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{31C1FFE8-C1CE-42AA-A27A-A89921D6F471}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3392DA0A-B05F-40F5-8EA0-DAE1916736B0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{39313D4A-97CF-4B9D-850C-7AD06EEDF031}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{39E7D209-9431-40CF-8EBD-7FD00B559238}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3BD6FDF0-BA10-4ADD-A95B-D7110C444857}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3E5B6F51-A5A5-4B86-9FEF-A5FFE4D58857}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3E75EBA3-EE8E-4EDA-B596-DCAF9FEA8803}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3F46D016-2F5A-419D-9F52-B568CBE4456A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3F730694-5E36-4572-ABA3-87F75F8BFF23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3FA20CB3-A74B-42D9-8241-CFBDAA3AD8C3}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{4084B03A-3D5D-4EC5-8A0F-E50BBF3EBE92}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4137FD71-904C-48D0-9987-277415B3E121}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{41ED5DC6-3384-4C1D-8077-F0AE0C9A008D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4215F270-248C-4059-8A91-E47FA054EC3F}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{44B422D9-8EAF-43E0-8826-1F6822415D61}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{45800BC7-C930-4E80-BF6F-1AB1FA223232}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{48330EEB-012D-479C-B5D0-998C56674DD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{49C2BAC8-DACB-41ED-A78F-9B67914D0080}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{4A698773-0D4A-40C8-88CA-BC07AFA1E718}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4B589239-DE24-4547-8548-C4FB9A34C6FB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4C5CBC63-333E-452C-B3EE-874A0347C928}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4DCE1FC3-EE1C-4B75-AA5A-58672B12C8FD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{50E3FBFB-8E13-4A8F-A231-9C73B13D3C89}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5303AD08-6726-4816-BE1B-9B6A651B6524}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{54025732-BA59-405F-AB5C-49AF3B54C472}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{54309E54-718B-444A-9D5C-FA50F57E2A0A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{54EDE2A8-EEBE-4D30-90BE-8C2B9FABB255}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{56828162-EDF7-46DD-BFFE-9417F589157C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5CC0864F-F7CD-4095-8676-A18E68D00C0C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5CF02270-71F6-4D4A-AD57-DEFECFD79BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2007\32bit\ttax.exe |
"{5DFF3384-B76A-4005-9B33-3AB517535C73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5E5C436D-11AB-4F76-92BC-43FC72146D13}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5F0F9702-4B78-4AC5-936B-D44EC5C0E7C3}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{600CF0DD-A4CF-4168-91BD-11472FFC6DE1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{60FCE7DC-B76A-40BB-B173-4A8490D754B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{611D0FE4-B549-4886-BE7B-315DE2743AA3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{66066F9E-AD56-46F0-AE21-5EB43B1FD308}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{66D8687B-2C74-4B76-9BC1-5D714C2456FA}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{691CCC88-0FA4-400A-9BE7-98C23814311A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6AF483BB-2C55-4990-93A6-457A91F02F01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6B37BA2E-161F-4379-B112-8B018A1217A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6BB5F6D3-18DA-4929-B4AA-7E006690E5FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6BD6FDCA-F7CE-4810-8769-3EACDDF0C72A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6D264010-EA81-43AB-931C-6010FFFFF6A1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6E22EF32-9830-4DC7-BA5C-C5D14A0A511F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{700F6491-5241-4FF0-B006-5B049114DBE6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{70826895-02E7-46F7-9FD4-078EFF3D6821}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{72AC4BC3-6E09-403B-949C-99ACE6B8FFDB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{75ABD1BE-F2AD-4496-AA51-34CAB5DBF0FF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7615095D-4C1C-467D-B36B-C128C844818E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{772BD18F-DD0A-4792-99E6-C89AEB024D1D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{77E6B468-7A4E-40B4-ACE0-B68F750C5AC6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7BD2A87E-0624-4751-AE4F-0FAAE8652120}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7F7DED71-BEB6-4865-A04C-6660611FB2E1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7F86C60F-7EC2-4D75-AF3E-AF6ADBD286A1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{80530C26-B67F-45F5-A422-160479E44810}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{80547239-7ED7-439F-B76A-C9990F2A4908}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{80707C41-EC00-4722-8BE7-4CFEB162A573}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{82C9F39D-9FEE-422A-B82D-A9BE7561C982}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{82D3E458-49AB-4476-B0BA-EB4FEDF63A9B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{845E980B-DAB3-48F8-A43B-5A17AF24DBD5}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{8792083A-4C97-40B9-B366-11BB62324E96}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{895B7EFC-2178-449A-A0D1-D72F8AC6D1F7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{89670B4A-D376-4347-B9BC-D2DA1993157E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{89C67F04-7B0C-44E4-9FCC-604CEFC41DF6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8A779035-6A16-4344-A1B9-E33A4F7AEB25}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{8B62C510-4082-4DFA-9F6D-783B39AAE581}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8B6B229F-1659-4275-96F8-D93F0BE79AEA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8C07A974-A80C-4CE0-95F9-9C7589F1D4CD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8CF15C7B-9933-4214-A107-72E7D1E01EBE}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8E4240B0-945F-475A-A0E7-295D497E285E}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{8EE0B0DE-EF22-4A6D-9AEA-19A850C91189}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{8FBA0F10-CD1C-4E0F-A347-B361324EF2CD}" = protocol=58 | dir=out | [email protected],-28546 |
"{9259B56C-9CF6-4DFA-BF85-8EFA459EFDC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{94B71907-3294-49C0-B736-00622413D2FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{94CC8824-70A4-4DB6-BEC2-E8771EE22992}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{94E6E404-B351-4578-A768-254BB71D9950}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{96AA30A2-6F8A-4902-A3CB-C2280B430996}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9815D98C-047B-48B6-B257-B09B0B2839F0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{987AA584-247A-445A-9EBE-C4A721FC40A5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9A5E3425-410C-4B98-90E5-46D341394506}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9AAD1FAA-812A-4ADD-93CB-E0898353DBF4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9B72311D-628B-4585-9D1A-5BCE4E2BA7D2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9C6971CE-16BA-42B4-9435-61A1AF1C87A5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9EBA38C1-0025-4527-89FB-A8B00063E59E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A03B664F-42A6-42F5-B4BA-6F0EB2A5FA11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A2061B48-E565-435B-A089-8E238AEEFF68}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A2606A7D-B4F7-4450-954E-AA2EF72F24B7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A273BD3D-D4DE-4B9F-B767-4080C9C312C6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A61983BF-E71B-4E47-856E-76C0F64EAEC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A69E145A-D59C-405E-B15E-F5804320B616}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A82B17CA-2A9C-4B39-B369-9486966E151F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A8D442AC-D53F-4949-A56F-E3DC35803219}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9587EED-A131-4699-8FB7-8C9502561356}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A9B506DE-DDC0-465C-A7FC-93AD134AE8D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB752398-1195-4028-A07A-613BC818EED3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ABB5B7D3-10FE-4398-B92F-20E0460C4B15}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AD5F40A7-E306-4C2C-A8F4-42995F7CA5B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AD9E6BCD-A285-4D50-9A71-88F49FF96B16}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AEB2D559-9BE2-4C0F-BAAC-079DECD9C7D0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{AF12D13B-ABB6-47EF-BC24-3B4EC95F1BED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AF9FE960-01A4-441C-96E7-12D3D09CE96F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B08A073C-ECCA-44BB-8780-3C449EFCC692}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B109DC12-79C2-49C1-8241-0193682B3065}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{B2D60523-DDEB-4C14-847E-72CDBD849797}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B8B5FBC7-66F2-49B7-88BF-08341CF27CA5}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{BA2335EA-F212-4583-A4CF-B75104E03286}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BABF6378-E97F-43D7-908E-7152B89625F1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BD0DEE84-AAFB-466F-A308-2D416E25B89F}" = protocol=6 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{BE78E839-7C13-4CCA-8528-8867A3D7F5D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{BE94A271-816A-44B5-82F0-974109DE0104}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C44250DE-158C-4094-AF56-9F4DE8216158}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C4F10516-B131-4EA3-85A4-81FF0871653F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C5363F2D-A6CE-4ED0-9C2F-8D0D7750EB01}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C56C71D0-FF77-413E-AF14-6C2B230DCF06}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C5978E27-FD4C-4C5A-8851-3D4106BD980C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{C59F5C54-DAB4-4A27-B304-5E5EBEA19D03}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6025772-2107-43F1-AED4-DAA1E1EC1ED4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CBB39BCB-280C-4E62-A953-378E4836BBD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CDA18685-8793-4AC8-94F7-F36208D1E44D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE5F0A31-951B-4A4D-A341-8D684395F613}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D029EF08-7328-46BD-A758-5B05ACCDAD11}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D03E3C91-7C9C-489E-AEDE-105194D800C9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D0D4A678-347F-4E3D-A7FC-939EC533FCB8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D226A423-9D40-49BB-A940-F7A30E70A86F}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D2A4E740-2C3D-4939-9474-FA7FFC5CAD44}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D49D328A-B239-42D9-8AD5-3FF37DB9A1C4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D6142125-FA70-4D3C-938A-7B1414BDE4DF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D61CC5D1-A009-4C1C-9452-16509747E60D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DCEE0C09-7693-40A9-A8C3-722D1C0A0CDA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DDCC2DBF-3E6F-462E-B0AB-E4F8EBEECDC6}" = protocol=17 | dir=in | app=c:\program files (x86)\turbotax\deluxe 2007\32bit\ttax.exe |
"{E1009F15-47DD-452F-A685-CD507545DF9D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E18A0B13-5DB8-4E22-8726-A5CD0256CFB8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{E2D265E4-34AF-4687-9999-BB72B40EC0BC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E3E92CFC-9DC2-41BB-BB37-29E1295CBB43}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{E41D0D05-68C8-46EA-9323-DCF8B15B51A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E4B76327-0AFE-442F-9ACE-4422C2C1B682}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E58ECE92-9F8E-45FD-AE1B-E39D4FAC719E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E5DC7302-8446-4524-AC33-426EECD8A5CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E6200F64-FEF4-4832-885F-83854553B019}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E95535EE-04F3-4CF1-9A3D-84386246864B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EA649632-97D5-480A-8155-BCEB3DB41944}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ED149403-44B9-472F-90D4-AB0ED541851D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EE70027F-A5F0-44C0-A775-CCC2C33A6CEA}" = protocol=1 | dir=out | [email protected],-28544 |
"{EEAFA104-84E9-4CDE-9268-E9B3DB1E561E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EEDA004E-C1B2-4A38-9E43-5DDACFA22C71}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F08679F7-4E9E-4F92-AFAA-BC2881E99D9A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F346C913-342E-41BE-A4B4-B0A1422E9053}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{F487D957-0239-4ABB-9660-6481A726480F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F587ACF5-A497-48EC-A868-5D8AF290C7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FDAF8B23-EE35-44D8-9230-C59730D2E213}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FE2C117B-EF8F-438E-9372-9E53742DC3E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF8FD49E-EF1E-40B2-80A3-612CEF6B44DD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{3FF73372-3411-4474-9F2F-FCE7341B0EBE}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{A4D34147-BFD4-4949-9B6D-3038597C54A0}C:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{FD93BF80-7D14-47C7-A71A-C8644D4A3DD9}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{0C84F841-EC35-4BB9-B3A0-D96F7D1AAA00}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{D963AAA7-955D-44DB-A03E-1EEC9264B593}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{E6A0B886-012C-44CD-9E88-CCF88AAD7F26}C:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{240FCE0B-F553-4ab3-9C7B-3CD082FCA117}" = NetDeviceManager64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PROSet" = Intel® PRO Network Connections Drivers
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{162d74e4-7d6d-4949-8018-50e96e314696}" = C6200_Help
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BB1ED4-F1BE-4691-B2B5-6DF1A672DF43}" = DoubleCAD XT Pro 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 29
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37EBB600-EAA2-012B-AD89-000000000000}" = TurboTax 2009 wiliper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5783F2D7-9031-0409-0000-0060B0CE6BBA}" = Autodesk Project Cooper
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C96722E-F9DF-4053-96A1-ABF6D996C8DD}" = OSBuilder
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80A2A967-C1B7-412D-B2B2-C4A33209C205}" = Garmin POI Loader
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8DCD7A9A-8B0B-4184-A5D7-C4BDAA31C750}" = Microsoft Office Live Add-in Patches
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A54F806B-A2E1-4794-A7FE-365167EC67CB}" = Masque IGT Slots Little Green Men
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}" = Microsoft Streets & Trips 2008
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEAEEFA6-DEBC-4B16-8F04-84C81440CA32}" = Garmin Training Center 3.4.3
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DFEE6545-7BAA-4E18-A981-CFBDE865CBA9}" = GoldRush
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4C07CAB-99A1-4177-8EA1-67B0FE6474C8}" = TurboTax 2008 wiliper
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Album Art Downloader XUI" = Album Art Downloader XUI 0.24
"Android SDK Tools" = Android SDK Tools
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Autodesk Project Cooper" = Autodesk Project Cooper
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CutePDF Professional (Evaluation)_is1" = CutePDF Professional 3.5 (Evaluation)
"ESET Online Scanner" = ESET Online Scanner v3
"Florida Topo" = Florida Topo Map
"GSAK_is1" = GSAK 7.6.2.45 (Final)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Illinois" = Illinois Map
"InstallShield_{F2C3E56B-2C9A-486D-A2FD-6DFE2E204BFD}" = CMS XPandy
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"mti_ky" = Kentucky Topo Map
"mti_mo" = Missouri Topo Map
"mti_tn" = Tennessee Topo Map
"My POIs" = My POIs Maps
"My Trails" = My Trail Maps
"OpenAL" = OpenAL
"Searchqu 102 MediaBar" = Windows Searchqu Toolbar
"SEUSA" = SE USA Topo Map
"Smart Copy" = Smart Copy 3.0.5.8
"Spb Screenshot" = Spb Screenshot
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"WildTangent gateway Master Uninstall" = Gateway Games
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2010 1:16:16 PM | Computer Name = BradsPC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2010 1:16:16 PM | Computer Name = BradsPC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2010 1:16:16 PM | Computer Name = BradsPC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2010 1:16:16 PM | Computer Name = BradsPC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2010 1:16:16 PM | Computer Name = BradsPC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/10/2010 6:27:59 PM | Computer Name = BradsPC | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 7/10/2010 6:28:11 PM | Computer Name = BradsPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_WcesComm, version 6.0.6001.18000,
time stamp 0x47919291, faulting module ntdll.dll, version 6.0.6002.18005, time
stamp 0x49e0421d, exception code 0xc0000005, fault offset 0x00000000000490f2, process
id 0xfac, application start time 0x01cb1faca2cbbedf.

Error - 7/10/2010 6:29:15 PM | Computer Name = BradsPC | Source = WcesComm | ID = 7
Description = Windows Mobile-based device failed to connect due to Start USB Connection
(0x80004005) failure (see data for failure code).

Error - 7/10/2010 8:32:20 PM | Computer Name = BradsPC | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 7/10/2010 9:35:55 PM | Computer Name = BradsPC | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

[ Media Center Events ]
Error - 3/7/2009 6:39:30 PM | Computer Name = BradsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/8/2009 9:31:41 PM | Computer Name = BradsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/24/2009 9:36:44 PM | Computer Name = BradsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/24/2009 3:32:23 AM | Computer Name = BradsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/1/2010 8:31:29 PM | Computer Name = BradsPC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 3/7/2010 6:30:37 PM | Computer Name = BradsPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/2/2010 8:25:21 PM | Computer Name = BradsPC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 11/3/2011 4:16:30 PM | Computer Name = BradsPC | Source = HTTP | ID = 15021
Description =

Error - 11/3/2011 4:16:30 PM | Computer Name = BradsPC | Source = HTTP | ID = 15021
Description =

Error - 11/3/2011 4:16:30 PM | Computer Name = BradsPC | Source = HTTP | ID = 15021
Description =

Error - 11/3/2011 4:16:30 PM | Computer Name = BradsPC | Source = HTTP | ID = 15021
Description =

Error - 11/3/2011 4:16:30 PM | Computer Name = BradsPC | Source = HTTP | ID = 15021
Description =

Error - 11/3/2011 4:16:30 PM | Computer Name = BradsPC | Source = HTTP | ID = 15021
Description =

Error - 11/3/2011 4:16:30 PM | Computer Name = BradsPC | Source = HTTP | ID = 15021
Description =

Error - 11/3/2011 4:16:30 PM | Computer Name = BradsPC | Source = HTTP | ID = 15021
Description =

Error - 11/3/2011 4:18:32 PM | Computer Name = BradsPC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/3/2011 4:18:32 PM | Computer Name = BradsPC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

#2
BlackOxide

Posted 07 November 2011 - 01:05 PM

Trusted Helper

Malware Removal
1,976 posts

Hi, Brad! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :yes:

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:

Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
If you are not sure of anything along the way, just ask.

OK, lets start

First of all, sorry for the delay. Lets start trying to get you sorted now

Could you do the following for me please....

1)
OTL Quick Scan

Double click on the OTL icon to run it.
When the window appears, underneath Output at the top, make sure Standard Output is selected.
Tick the Scan All Users box at the top
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window.
Please post the contents of this log

2)
Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

In your next reply
Please post the contents of...
OTL log
TDSSKiller log

#3
Brad Thomas

Posted 07 November 2011 - 01:27 PM

New Member

Topic Starter
Member
9 posts

First Thank You for the reply. Here is the OTL log. Back in a few with TDSSKiller log.

OTL logfile created on: 11/7/2011 1:14:20 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jbradthomas\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.19 Gb Available Physical Memory | 69.89% Memory free
12.20 Gb Paging File | 10.09 Gb Available in Paging File | 82.68% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.63 Gb Total Space | 343.93 Gb Free Space | 59.24% Space Free | Partition Type: NTFS
Drive D: | 15.54 Gb Total Space | 8.01 Gb Free Space | 51.56% Space Free | Partition Type: NTFS

Computer Name: BRADSPC | User Name: Jbradthomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/04 09:41:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jbradthomas\Desktop\OTL.exe
PRC - [2011/10/09 19:33:21 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/05/21 04:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/31 15:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/16 14:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
PRC - [2005/07/15 15:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
PRC - [2004/07/21 15:28:02 | 000,413,807 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2004/07/21 15:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

========== Modules (No Company Name) ==========

MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 12:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/07/16 14:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/16 14:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009/07/16 14:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009/07/16 14:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
MOD - [2009/07/16 14:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtxml4.dll
MOD - [2009/07/16 14:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009/07/16 14:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtsql4.dll
MOD - [2009/07/16 14:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009/07/16 14:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009/07/16 14:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009/07/16 14:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009/07/16 14:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 15:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 15:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/03/16 07:37:32 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/21 04:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/31 15:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/13 17:42:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/29 11:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/14 19:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2007/05/31 08:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004/07/21 15:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/27 13:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/20 06:05:02 | 000,059,048 | ---- | M] (SafeNet, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/25 15:08:56 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 15:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010/04/27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/16 07:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S5500(UVC)
DRV:64bit: - [2009/10/07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/17 06:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\Sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/06/10 14:46:04 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/10 23:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2008/12/17 00:01:20 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/04/30 23:17:40 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/03/16 07:48:25 | 000,324,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/03/16 07:37:38 | 001,513,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/03/16 07:37:37 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/03/16 07:37:37 | 000,403,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/03/16 07:37:34 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/03/16 07:37:32 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/01/20 20:47:27 | 000,214,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/03/08 16:19:00 | 000,012,800 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2006/11/02 01:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/10/06 20:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2011/10/23 08:07:00 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/23 08:07:00 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/10/23 08:07:00 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...M=FX4710-UB003A

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found

IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found

IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 CD AA CD A3 98 CC 01 [binary data]
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jbradthomas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jbradthomas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/13 10:39:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/31 11:10:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/31 11:10:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/13 10:39:06 | 000,000,000 | ---D | M]

[2008/10/06 02:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Extensions
[2011/11/07 13:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\extensions
[2011/11/07 13:05:06 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2011/07/07 09:17:58 | 000,000,925 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\searchplugins\conduit.xml
[2008/12/09 06:07:30 | 000,002,354 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\searchplugins\kiwee-live-search.xml
[2010/08/28 05:58:15 | 000,002,037 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\searchplugins\kiwee-toolbar.xml
[2011/10/31 11:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/23 21:33:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/18 10:01:27 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/10/18 10:01:27 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2011/07/13 15:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/13 15:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Coupons.com = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb\2.2.0.5_0\

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Smart Copy] C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-738866140-2067582595-1557706530-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-738866140-2067582595-1557706530-1005..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B8252B0-298D-434D-B8D5-EF912D57701C}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/16 08:49:12 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 10:10:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6D3A174D-3C06-4D09-A01B-55E431144883}
[2011/11/07 10:10:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{B1468517-7326-48A8-9622-AD8AE1968494}
[2011/11/06 20:17:19 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5BC79F16-900A-4C8C-B11B-43F25C7D84AA}
[2011/11/06 20:17:18 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{20925621-04F4-4596-B4E5-FE42A022DC3D}
[2011/11/06 08:17:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4DC23114-5B9D-47B2-A162-B137C1391528}
[2011/11/06 08:17:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1250F0BA-6D7E-4FDD-98B0-29743A040994}
[2011/11/05 20:17:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F46BDDC7-A08E-4639-B961-703070F1EC80}
[2011/11/05 20:16:59 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{74BB1609-85FF-4926-BFAC-4B1AF63AB4E7}
[2011/11/05 08:16:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DF71CD39-8C7C-4641-917D-30C6E42DBB4C}
[2011/11/05 08:16:54 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C5495C73-8227-4082-B864-DCC01F8B7E69}
[2011/11/04 20:16:38 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7C517642-83BB-42E1-AACE-70C6D3F6D382}
[2011/11/04 20:16:33 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5C59B6A7-08BD-4F5E-92BD-3284768FC74E}
[2011/11/04 09:42:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jbradthomas\Desktop\OTL.exe
[2011/11/04 02:18:24 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{70FDB668-D150-4A4E-BD92-1C6AA891E89B}
[2011/11/04 02:18:23 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{589DF8A6-8BC6-4AB2-9FC1-E953232705DA}
[2011/11/03 14:18:07 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{195EBCCB-7957-4568-A517-4A1C8763A84B}
[2011/11/03 14:18:06 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E2C2FE82-E08F-4988-959C-67A80D8CBF39}
[2011/11/01 07:28:46 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F88CE388-C5C8-4699-94C6-F9A0CFCC158C}
[2011/11/01 07:28:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7E1B170A-0D23-46EA-B4FD-12F61E873C7B}
[2011/10/31 19:28:42 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{80852CC8-B4CD-4318-A858-0852849939D3}
[2011/10/31 19:28:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{3F1B5B42-07E6-46C7-BE6C-01B67733DA7E}
[2011/10/31 09:24:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\jZip
[2011/10/31 09:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchCore for Browsers
[2011/10/31 09:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
[2011/10/31 09:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2011/10/31 07:27:56 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{0ED09FD6-A13C-43FC-A417-1556C97AFACE}
[2011/10/31 07:27:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{320862B3-F130-466E-A58F-C545964B47E9}
[2011/10/30 19:27:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D98335CB-9528-4F6D-B06F-308A20B23CC5}
[2011/10/30 19:27:50 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1D4C9D33-F408-4F95-AEFC-5DD3AF8DEB1C}
[2011/10/30 07:27:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{FCDD1E53-1EDC-4D30-8EFC-ED51425BBB54}
[2011/10/30 07:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{83B2AE1A-B500-4848-A060-138936DDBA8D}
[2011/10/29 19:27:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4746BADF-6CC0-448D-8DCF-42A80BDA3E22}
[2011/10/29 19:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8F8E56F7-FBCE-4253-98A5-3654EA8E0901}
[2011/10/29 07:27:28 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{177B81AE-2314-40CC-B979-AEB1D24E029F}
[2011/10/29 07:27:26 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5D974420-BE6D-492D-9951-8528B56A17A2}
[2011/10/28 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D389508A-0DCD-406F-8302-BB4711BE68F1}
[2011/10/28 19:27:22 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{72F9DDCB-D683-4F77-A1F4-8A00850E903F}
[2011/10/28 07:27:19 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{3051D001-5E83-433E-A1CA-C3D873C4E389}
[2011/10/28 07:27:18 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{BFB1584D-14C4-41CA-B7B9-2AEFA5FE9654}
[2011/10/27 19:27:15 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9E1D30E6-C19E-408C-9237-A19477B573AD}
[2011/10/27 19:27:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{759A26B4-5E4E-494B-8BDE-2E421D8DD078}
[2011/10/27 07:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8848BA6E-FA92-4304-849F-8A2ABF954CDC}
[2011/10/27 07:27:08 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{CCAAE388-8EDC-45CD-B19E-5F9A98EBFEC9}
[2011/10/26 19:27:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C3AF072B-2A59-440B-A903-514C3978AF5A}
[2011/10/26 19:27:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DA5A2210-8EE5-4E0B-80D6-953B674ABC43}
[2011/10/26 07:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8ED9F5A6-4899-494F-8C5A-3E9C1B67F376}
[2011/10/26 07:26:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{ADC0E36A-BC92-47AE-A3EA-77FF1BA22AEB}
[2011/10/25 21:51:11 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/10/25 19:26:21 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{B6228F80-8380-4B25-A0EB-6B87CC6038CE}
[2011/10/25 19:26:20 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{715D5497-7787-4939-81A0-2D9CBD758371}
[2011/10/25 08:51:20 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\Tracing
[2011/10/25 07:26:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9BE6CBBA-6873-41F7-9EA5-0248718DF0A2}
[2011/10/25 07:26:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DC07A535-4B31-4468-BDD2-E4C7C3B6F18C}
[2011/10/25 07:26:02 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1F38FF5D-D06F-43FB-AD44-5794F15FFB1D}
[2011/10/25 07:26:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D8711088-2994-4294-996D-641C9557CB35}
[2011/10/24 19:25:56 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7D62A990-35EB-4555-8CB7-A14A085690E3}
[2011/10/24 19:25:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4D694B52-4212-407D-8595-B384E10ACC57}
[2011/10/24 19:25:54 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F09C6B6C-4878-438A-A14D-B4B93D37CFD1}
[2011/10/24 19:25:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6D19E09E-74C5-4FC5-8671-954ED4C0EFAF}
[2011/10/24 15:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/10/24 09:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/10/24 08:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/10/24 07:25:06 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{54697B44-1C82-4FEE-8164-95082EE514EF}
[2011/10/24 07:25:05 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5B1061DF-0384-4BF9-8C08-79AC128CAF25}
[2011/10/24 07:25:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9EF531E7-84A4-4F79-A823-312239D69117}
[2011/10/24 07:25:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{ED97F054-99DE-4FA4-AC96-2D738FD027D8}
[2011/10/23 21:47:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/23 20:28:09 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Roaming\Malwarebytes
[2011/10/23 20:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/23 20:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/23 20:27:42 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/23 20:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/23 20:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/10/23 20:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/23 19:24:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F8F0E839-1A07-4C45-BCC8-2BC570BD7066}
[2011/10/23 19:24:33 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{22AA5ED2-7A03-4B4D-A098-61B5AE8A23FF}
[2011/10/23 07:32:46 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/10/23 00:29:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{EF964A13-33BC-4B0B-AA7F-52E3BB26D66C}
[2011/10/23 00:28:59 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5EED3EC5-4E91-43B5-A8E6-2DAE66BA84DE}
[2011/10/23 00:28:58 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4EB003C8-3C13-4BD0-B023-040913D69D53}
[2011/10/22 12:28:50 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6DA3080F-FDC6-45E9-B197-F20A8AC217DE}
[2011/10/22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4BF3EB55-880D-4651-8ADB-A8D58FDFBBE9}
[2011/10/22 12:28:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{06D9D121-76FC-4BE1-BA8D-30069C36BDB9}
[2011/10/22 00:28:39 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F4B16603-713D-4476-B831-601F32894C2C}
[2011/10/22 00:28:38 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{66098A67-1925-4DE3-8682-1084B7926471}
[2011/10/22 00:28:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4DB211BB-3540-4FE9-A02E-7E27FEBF642C}
[2011/10/21 12:28:33 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C6FEEF9A-AEEB-4915-AA1B-D8E1C4D31EEB}
[2011/10/21 12:28:32 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{67A99A51-D200-4AA7-859F-759399918D71}
[2011/10/21 12:28:26 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D87B6913-6AB5-4760-A606-958503D2730D}
[2011/10/21 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6FF1EB67-346C-4E83-868E-F2306F800F8C}
[2011/10/21 00:28:22 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5A229087-D3E0-4195-AE3E-CB3E6BB97F42}
[2011/10/21 00:28:21 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{A2A03C9B-3A29-4FBB-9447-99C2BA93E893}
[2011/10/20 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{701EC79F-3DD4-4AA4-AA4C-D76D9918849A}
[2011/10/20 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{2F797BED-3C2D-4292-A089-9F91F60169B2}
[2011/10/20 12:28:11 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D39C0BB3-FF14-4446-A6E4-52CE9AA36A5A}
[2011/10/20 00:28:09 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8C48DA87-FFEB-4CC1-8810-40403623A56B}
[2011/10/20 00:28:08 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{14FD3B5F-BE67-4B28-84D5-98DC49D951C0}
[2011/10/20 00:28:07 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{BA41271D-D074-4652-AC34-8B53CFA1602B}
[2011/10/19 12:28:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{FAC1C354-CF5D-413C-BC75-971C930EBE8D}
[2011/10/19 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{98087446-9C54-47DD-BD6C-2E56A7243FC5}
[2011/10/19 12:28:01 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E01D1A42-B259-4152-956B-8DCCF2E9DE4B}
[2011/10/19 00:27:56 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E3A61CB1-89B0-447C-B94B-79CC68FD3055}
[2011/10/19 00:27:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{456F41DD-AC10-431A-83D4-AF8596BD8118}
[2011/10/19 00:27:54 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6F0BE716-304D-4094-B26D-04583C3D1853}
[2011/10/19 00:27:53 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{866CAB1D-BE9A-4D63-A1F3-60A27F3F722E}
[2011/10/18 12:27:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8F937E7D-BD7B-43F4-A66F-E8F8A904B749}
[2011/10/18 12:27:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{00E1F861-25DC-4B45-83E8-567F3D42F14F}
[2011/10/18 12:27:35 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D2D79255-E2AB-445D-9AF8-956F03E34A59}
[2011/10/18 00:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{535FE6C6-9C41-4C34-A632-C7118CAE1D6A}
[2011/10/18 00:27:30 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{BDF4455E-BA83-4B9A-917B-5D371373C32E}
[2011/10/18 00:27:29 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5804CF67-7342-41D8-9488-405E90086559}
[2011/10/17 12:27:22 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4A6A1D72-AA73-401B-8DC5-55A67D26D1DD}
[2011/10/17 12:27:22 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{0F95BF70-4426-4695-A96F-C36C66E079B9}
[2011/10/17 12:27:20 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4F65B4BF-CD24-48B1-935C-0B7ED0E1C222}
[2011/10/17 00:27:16 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{EC8B8277-0692-43D9-8B98-131B871428A5}
[2011/10/17 00:27:15 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{CB6706C1-84D4-4D4B-8689-7688995E2C8F}
[2011/10/17 00:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{60B029AF-5E51-4151-B7B4-59DB9D0940FD}
[2011/10/16 12:27:09 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E56F18E1-E765-43B3-8024-1BD4EF6F1271}
[2011/10/16 12:27:08 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9BD6C68A-8DC0-438E-90BF-F921891149A0}
[2011/10/16 12:27:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{BF048472-A3BB-4D38-808F-C554D283638E}
[2011/10/16 00:26:59 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{81162F9D-5D72-4A9B-A5CC-07C70572985B}
[2011/10/16 00:26:58 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{62DB54E8-B02F-4AC0-89C5-88D545675BD2}
[2011/10/16 00:26:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{26A37FF5-BB0E-4D6C-BEED-8AB173B7CAA3}
[2011/10/15 12:26:53 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1E4F7663-327E-47CD-B035-D95B6E426843}
[2011/10/15 12:26:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E39ED672-EADC-41FF-87EC-D03FC150A6B0}
[2011/10/15 12:26:51 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{FC27933C-30AC-44A3-8EC8-606F8B4FD8AF}
[2011/10/15 00:26:47 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{A1EFA759-1DF4-4143-AAB0-4E1D3D61977C}
[2011/10/15 00:26:47 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8B8E595A-62EF-487E-9B3E-EBF6D3EDEF77}
[2011/10/15 00:26:44 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{ACEF8E28-6BDE-456A-A48B-3CF805331258}
[2011/10/14 12:26:41 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6FA520DB-2DD0-4938-88E2-36C8339490EA}
[2011/10/14 12:26:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{20CB0C14-D98E-44E3-B107-76D3FBB5C131}
[2011/10/14 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{55F30D49-10F2-4196-B89F-75B40F75EDAF}
[2011/10/14 00:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E91CD58D-9404-4633-A330-7F7D83FA3723}
[2011/10/14 00:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4B0E7FB4-0B0D-464F-9239-EFF2190CCFAC}
[2011/10/14 00:26:31 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F2FD2EC5-47ED-4B20-8CCD-E3643CB50F22}
[2011/10/14 00:26:30 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7815CA81-1A45-48D7-A7E3-931F974C0B9E}
[2011/10/13 16:23:41 | 000,145,448 | ---- | C] (SafeNet, Inc.) -- C:\Windows\SysNative\drivers\sentinel64.sys
[2011/10/13 16:20:36 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\Documents\Downloaded Installations
[2011/10/13 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{80D4C827-D0DB-4FC5-9E3D-3C5D48B99F53}
[2011/10/13 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6DF3083F-2B32-4434-B631-198BF9CE5D8E}
[2011/10/13 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4057A6D6-EC08-4F65-B7A9-28868AE177F1}
[2011/10/13 12:26:11 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{B68A7EA0-6F01-4E50-BE96-42857E605524}
[2011/10/13 00:25:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4D8AC8DB-A809-45DD-8C80-74AFA82F3968}
[2011/10/13 00:25:54 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{B19F1FE6-08BC-46D4-962E-BAE1F7E2028D}
[2011/10/13 00:25:53 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9237089F-F10A-4C38-8F99-9157D43ACC33}
[2011/10/13 00:25:49 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4590DC15-D8FE-4816-B9CD-7F5A0DADFFD8}
[2011/10/12 12:25:46 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F2C333A0-D951-45DD-9EB8-555B05B6AF1C}
[2011/10/12 12:25:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E1ACC9DE-4F9B-4577-9D39-C952B5A61751}
[2011/10/12 12:25:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{A6B9F850-2141-49B1-AD80-CDD3375825DD}
[2011/10/12 12:25:43 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5B23E5AE-CC09-4488-955C-4B4F117526D7}
[2011/10/12 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7B01D0AA-38E5-45CD-9CB3-193C7BBF99D2}
[2011/10/12 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{479DA582-8C37-4B90-B94E-AC5509DC4F70}
[2011/10/12 00:25:39 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{732A41F1-C847-4F85-B125-A645ECC4AC3A}
[2011/10/12 00:25:38 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D31D1069-6879-4F68-A179-0659AE71C1BE}
[2011/10/11 12:25:35 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4C4A5CFD-7CD3-4F43-874E-3DEB29ABD573}
[2011/10/11 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{A9A8C5D8-CBF9-4C71-8556-4C9BBBD644C2}
[2011/10/11 12:25:33 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{59389D86-8A5C-4F15-AB9A-1FC0777B0312}
[2011/10/11 12:25:31 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{743584B6-D5D7-46FD-9060-B9EBAD363B2A}
[2011/10/11 00:25:28 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F5537FB3-2FC3-4774-8471-3F602AFA4C63}
[2011/10/11 00:25:28 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{27083800-9DA9-4A04-981E-C47F4CA5F01C}
[2011/10/11 00:25:27 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C7F1C53B-E5D3-4C73-B195-C0820BDBB266}
[2011/10/11 00:25:26 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{23F28EA3-C65C-4EB1-B3CB-69165AD46827}
[2011/10/10 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{3EE78E11-9370-4F3B-8070-97D826CA9427}
[2011/10/10 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{15D58D09-1C37-4C93-A525-533D2954656F}
[2011/10/10 12:25:16 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DE1B4200-1ADD-4467-ABB4-84AB7DACE278}
[2011/10/10 12:25:15 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{AEF69827-784A-48D9-BB02-C9DD7A527493}
[2011/10/10 00:25:12 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C15409FC-2394-4525-AF3C-EF5EDE6912FB}
[2011/10/10 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C8218B78-E050-4EF4-99E5-94100946639F}
[2011/10/10 00:25:08 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C114BB55-51F2-4E0E-8955-5FBC2909C9CC}
[2011/10/10 00:25:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{19F1B09E-5930-45A9-9AF6-12393E775BAF}
[2011/10/09 12:24:42 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E64D9953-42E7-41AA-9C36-A44C223D73C6}
[2011/10/09 12:24:21 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{63D6ED6B-11A6-41B1-9349-9BF300F5A525}
[2011/10/09 00:24:16 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{0DE939B9-ACA8-4319-9D9A-98A2F478C37C}
[2011/10/09 00:24:11 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{236C53C1-601E-4A6E-8B06-64B55C24F670}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 13:03:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/07 13:02:59 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/07 12:21:59 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-738866140-2067582595-1557706530-1004UA.job
[2011/11/07 11:50:33 | 000,003,344 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 11:50:33 | 000,003,344 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 08:22:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-738866140-2067582595-1557706530-1004Core.job
[2011/11/07 07:56:31 | 000,706,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/07 07:56:31 | 000,606,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/07 07:56:31 | 000,104,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/07 07:50:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/07 07:50:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/11/07 07:50:27 | 2145,574,911 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 07:50:25 | 970,462,469 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/05 07:41:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/05 07:13:54 | 000,005,938 | ---- | M] () -- C:\Users\Jbradthomas\Documents\cc_20111105_081324.reg
[2011/11/05 07:00:28 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/04 09:41:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jbradthomas\Desktop\OTL.exe
[2011/10/31 11:10:15 | 000,000,923 | ---- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/31 11:10:15 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/31 09:24:37 | 000,000,801 | ---- | M] () -- C:\Users\Public\Desktop\jZip.lnk
[2011/10/27 18:24:47 | 000,002,083 | -H-- | M] () -- C:\Users\Jbradthomas\Desktop\Google Chrome.lnk
[2011/10/26 14:29:11 | 000,025,172 | ---- | M] () -- C:\Users\Jbradthomas\Documents\cc_20111026_152858.reg
[2011/10/26 12:34:29 | 000,004,032 | ---- | M] () -- C:\Users\Jbradthomas\Documents\cc_20111026_133401.reg
[2011/10/24 07:04:23 | 000,001,102 | ---- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2011/10/24 07:04:04 | 000,000,990 | ---- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/10/23 20:27:47 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 19:47:04 | 000,000,732 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps64.dat
[2011/10/23 19:14:58 | 000,001,356 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps.dat
[2011/10/18 16:11:19 | 000,388,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 07:50:25 | 970,462,469 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/05 07:41:09 | 000,001,687 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/11/05 07:13:29 | 000,005,938 | ---- | C] () -- C:\Users\Jbradthomas\Documents\cc_20111105_081324.reg
[2011/10/31 11:10:15 | 000,000,923 | ---- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/31 11:10:15 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/31 11:10:14 | 000,000,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/31 09:24:37 | 000,000,801 | ---- | C] () -- C:\Users\Public\Desktop\jZip.lnk
[2011/10/26 14:29:00 | 000,025,172 | ---- | C] () -- C:\Users\Jbradthomas\Documents\cc_20111026_152858.reg
[2011/10/26 12:34:12 | 000,004,032 | ---- | C] () -- C:\Users\Jbradthomas\Documents\cc_20111026_133401.reg
[2011/10/25 08:49:26 | 2145,574,911 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/24 07:04:23 | 000,001,102 | ---- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2011/10/24 07:04:04 | 000,000,990 | ---- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/10/23 20:27:47 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 20:02:26 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/23 19:47:04 | 000,000,732 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps64.dat
[2011/06/19 15:32:45 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2011/02/08 21:46:00 | 000,165,018 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011/02/08 21:46:00 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/01/26 14:30:24 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/13 10:38:52 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/06/10 18:33:43 | 000,077,381 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/02/04 07:19:33 | 000,000,228 | ---- | C] () -- C:\Windows\DC_Manager.ini
[2009/12/20 16:28:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/20 11:17:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/09/09 14:50:18 | 000,002,348 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Roaming\wklnhst.dat
[2009/07/16 11:55:12 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/16 11:54:50 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/07/16 11:54:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/05 12:31:17 | 000,001,356 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps.dat
[2009/04/30 15:32:00 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/30 15:32:00 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/18 06:15:37 | 000,000,079 | ---- | C] () -- C:\Windows\GSAK.INI
[2008/12/23 08:59:50 | 000,000,437 | ---- | C] () -- C:\Windows\SysWow64\gmsblist.dll
[2008/12/08 19:32:10 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/12/08 19:32:10 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/10/29 18:46:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/10/12 02:46:16 | 000,164,341 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/10/12 02:46:16 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2008/10/05 19:43:20 | 000,008,192 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/05 17:53:38 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/10/05 14:58:07 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/04/09 15:10:19 | 000,360,448 | ---- | C] () -- C:\Windows\SysWow64\HotlineClient.exe
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002/03/14 11:00:26 | 000,038,567 | ---- | C] () -- C:\Windows\SysWow64\pcpbios.exe
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\sysres.dll

========== LOP Check ==========

[2008/10/25 19:46:26 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Ashampoo
[2009/12/24 07:18:28 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Autodesk
[2011/04/19 05:06:34 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Catalina Marketing Corp
[2009/01/18 06:16:09 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\EurekaLog
[2008/12/21 06:41:19 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\GARMIN
[2010/10/21 18:05:01 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\gtk-2.0
[2008/11/21 18:06:43 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\ICAClient
[2010/02/04 14:04:32 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\IMSIDesign
[2010/03/13 10:22:53 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\IrfanView
[2010/02/16 15:42:45 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\KoshyJohn.com
[2009/04/26 20:13:16 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Leadertech
[2008/12/08 12:55:46 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Masque
[2010/09/27 11:11:49 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\SampleView
[2011/09/19 16:10:18 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Teleca
[2009/09/09 14:50:20 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Template
[2010/11/01 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Windows Live Writer
[2011/11/05 07:41:30 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:BF98CBAF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5F64C164
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B0832161

< End of report >

#4
Brad Thomas

Posted 07 November 2011 - 01:33 PM

New Member

Topic Starter
Member
9 posts

13:29:58.0971 1244 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
13:29:59.0502 1244 ============================================================
13:29:59.0502 1244 Current date / time: 2011/11/07 13:29:59.0502
13:29:59.0502 1244 SystemInfo:
13:29:59.0502 1244
13:29:59.0502 1244 OS Version: 6.0.6002 ServicePack: 2.0
13:29:59.0502 1244 Product type: Workstation
13:29:59.0502 1244 ComputerName: BRADSPC
13:29:59.0502 1244 UserName: Jbradthomas
13:29:59.0502 1244 Windows directory: C:\Windows
13:29:59.0502 1244 System windows directory: C:\Windows
13:29:59.0503 1244 Running under WOW64
13:29:59.0503 1244 Processor architecture: Intel x64
13:29:59.0503 1244 Number of processors: 4
13:29:59.0503 1244 Page size: 0x1000
13:29:59.0503 1244 Boot type: Normal boot
13:29:59.0503 1244 ============================================================
13:29:59.0842 1244 Initialize success
13:31:05.0117 4840 ============================================================
13:31:05.0117 4840 Scan started
13:31:05.0117 4840 Mode: Manual; SigCheck; TDLFS;
13:31:05.0117 4840 ============================================================
13:31:05.0559 4840 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
13:31:05.0651 4840 ACPI - ok
13:31:05.0740 4840 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:31:05.0764 4840 adp94xx - ok
13:31:05.0821 4840 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:31:05.0842 4840 adpahci - ok
13:31:05.0863 4840 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:31:05.0879 4840 adpu160m - ok
13:31:05.0899 4840 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:31:05.0915 4840 adpu320 - ok
13:31:05.0982 4840 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
13:31:06.0009 4840 AFD - ok
13:31:06.0042 4840 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:31:06.0059 4840 agp440 - ok
13:31:06.0115 4840 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:31:06.0134 4840 aic78xx - ok
13:31:06.0176 4840 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:31:06.0191 4840 aliide - ok
13:31:06.0205 4840 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:31:06.0219 4840 amdide - ok
13:31:06.0259 4840 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
13:31:06.0295 4840 AmdK8 - ok
13:31:06.0363 4840 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:31:06.0378 4840 arc - ok
13:31:06.0408 4840 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:31:06.0424 4840 arcsas - ok
13:31:06.0448 4840 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:31:06.0481 4840 AsyncMac - ok
13:31:06.0506 4840 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
13:31:06.0521 4840 atapi - ok
13:31:06.0571 4840 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:31:06.0608 4840 b57nd60a - ok
13:31:06.0649 4840 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:31:06.0706 4840 BCM43XV - ok
13:31:06.0733 4840 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:31:06.0767 4840 blbdrive - ok
13:31:06.0799 4840 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
13:31:06.0818 4840 bowser - ok
13:31:06.0841 4840 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:31:06.0868 4840 BrFiltLo - ok
13:31:06.0883 4840 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:31:06.0909 4840 BrFiltUp - ok
13:31:06.0930 4840 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:31:06.0980 4840 Brserid - ok
13:31:07.0000 4840 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:31:07.0052 4840 BrSerWdm - ok
13:31:07.0067 4840 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:31:07.0123 4840 BrUsbMdm - ok
13:31:07.0146 4840 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:31:07.0202 4840 BrUsbSer - ok
13:31:07.0224 4840 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:31:07.0278 4840 BTHMODEM - ok
13:31:07.0335 4840 CAXHWBS2 (551be1536b27dc056ea4d48275efb089) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
13:31:07.0358 4840 CAXHWBS2 - ok
13:31:07.0382 4840 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:31:07.0420 4840 cdfs - ok
13:31:07.0448 4840 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
13:31:07.0488 4840 cdrom - ok
13:31:07.0498 4840 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
13:31:07.0534 4840 circlass - ok
13:31:07.0562 4840 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
13:31:07.0587 4840 CLFS - ok
13:31:07.0657 4840 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
13:31:07.0692 4840 CmBatt - ok
13:31:07.0709 4840 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:31:07.0723 4840 cmdide - ok
13:31:07.0747 4840 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
13:31:07.0763 4840 Compbatt - ok
13:31:07.0773 4840 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:31:07.0788 4840 crcdisk - ok
13:31:07.0824 4840 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
13:31:07.0842 4840 DfsC - ok
13:31:07.0877 4840 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
13:31:07.0894 4840 disk - ok
13:31:07.0929 4840 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:31:07.0955 4840 drmkaud - ok
13:31:07.0994 4840 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
13:31:08.0034 4840 DXGKrnl - ok
13:31:08.0068 4840 e1express (6130d06a3d41ac5dc67e9d4513239125) C:\Windows\system32\DRIVERS\e1e6032e.sys
13:31:08.0102 4840 e1express - ok
13:31:08.0126 4840 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:31:08.0163 4840 E1G60 - ok
13:31:08.0203 4840 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
13:31:08.0224 4840 Ecache - ok
13:31:08.0260 4840 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:31:08.0282 4840 elxstor - ok
13:31:08.0308 4840 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:31:08.0341 4840 ErrDev - ok
13:31:08.0384 4840 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
13:31:08.0404 4840 exfat - ok
13:31:08.0438 4840 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
13:31:08.0473 4840 fastfat - ok
13:31:08.0496 4840 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:31:08.0531 4840 fdc - ok
13:31:08.0559 4840 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:31:08.0575 4840 FileInfo - ok
13:31:08.0601 4840 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:31:08.0641 4840 Filetrace - ok
13:31:08.0659 4840 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:31:08.0693 4840 flpydisk - ok
13:31:08.0730 4840 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
13:31:08.0752 4840 FltMgr - ok
13:31:08.0810 4840 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
13:31:08.0826 4840 fssfltr - ok
13:31:08.0867 4840 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
13:31:08.0893 4840 Fs_Rec - ok
13:31:08.0915 4840 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:31:08.0930 4840 gagp30kx - ok
13:31:08.0962 4840 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:31:08.0975 4840 GEARAspiWDM - ok
13:31:09.0007 4840 grmnusb (38f92e8510b8faec9bbb9e31724236dc) C:\Windows\system32\drivers\grmnusb.sys
13:31:09.0022 4840 grmnusb - ok
13:31:09.0095 4840 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
13:31:09.0147 4840 HdAudAddService - ok
13:31:09.0195 4840 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:31:09.0237 4840 HDAudBus - ok
13:31:09.0271 4840 HidBatt (68214c82fa6222591873677a72df2a66) C:\Windows\system32\DRIVERS\HidBatt.sys
13:31:09.0313 4840 HidBatt - ok
13:31:09.0335 4840 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:31:09.0385 4840 HidBth - ok
13:31:09.0411 4840 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
13:31:09.0441 4840 HidIr - ok
13:31:09.0483 4840 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
13:31:09.0511 4840 HidUsb - ok
13:31:09.0543 4840 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:31:09.0557 4840 HpCISSs - ok
13:31:09.0630 4840 HSF_DPV (9c369cbc5f19da9968223197b5205f68) C:\Windows\system32\DRIVERS\CAX_DPV.sys
13:31:09.0668 4840 HSF_DPV - ok
13:31:09.0717 4840 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:\Windows\system32\Drivers\ANDROIDUSB.sys
13:31:09.0734 4840 HTCAND64 - ok
13:31:09.0765 4840 htcnprot (4f6c3122817049997cd696d4a38bfacb) C:\Windows\system32\DRIVERS\htcnprot.sys
13:31:09.0779 4840 htcnprot - ok
13:31:09.0820 4840 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
13:31:09.0851 4840 HTTP - ok
13:31:09.0877 4840 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:31:09.0891 4840 i2omp - ok
13:31:09.0933 4840 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:31:09.0961 4840 i8042prt - ok
13:31:09.0984 4840 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:31:10.0003 4840 iaStorV - ok
13:31:10.0027 4840 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:31:10.0042 4840 iirsp - ok
13:31:10.0102 4840 IntcAzAudAddService (2c62599e693372a9221c262b8040e3ac) C:\Windows\system32\drivers\RTKVHD64.sys
13:31:10.0143 4840 IntcAzAudAddService - ok
13:31:10.0185 4840 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:31:10.0199 4840 intelide - ok
13:31:10.0225 4840 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:31:10.0259 4840 intelppm - ok
13:31:10.0304 4840 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:31:10.0332 4840 IpFilterDriver - ok
13:31:10.0346 4840 IpInIp - ok
13:31:10.0366 4840 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:31:10.0403 4840 IPMIDRV - ok
13:31:10.0419 4840 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:31:10.0456 4840 IPNAT - ok
13:31:10.0474 4840 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:31:10.0516 4840 IRENUM - ok
13:31:10.0557 4840 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:31:10.0572 4840 isapnp - ok
13:31:10.0601 4840 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
13:31:10.0621 4840 iScsiPrt - ok
13:31:10.0641 4840 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:31:10.0656 4840 iteatapi - ok
13:31:10.0671 4840 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:31:10.0685 4840 iteraid - ok
13:31:10.0705 4840 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:31:10.0720 4840 kbdclass - ok
13:31:10.0741 4840 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
13:31:10.0767 4840 kbdhid - ok
13:31:10.0797 4840 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
13:31:10.0823 4840 KSecDD - ok
13:31:10.0834 4840 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:31:10.0871 4840 ksthunk - ok
13:31:10.0896 4840 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:31:10.0931 4840 lltdio - ok
13:31:10.0962 4840 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:31:10.0977 4840 LSI_FC - ok
13:31:10.0994 4840 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:31:11.0009 4840 LSI_SAS - ok
13:31:11.0025 4840 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:31:11.0041 4840 LSI_SCSI - ok
13:31:11.0069 4840 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:31:11.0107 4840 luafv - ok
13:31:11.0141 4840 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
13:31:11.0155 4840 LVPr2M64 - ok
13:31:11.0161 4840 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
13:31:11.0175 4840 LVPr2Mon - ok
13:31:11.0206 4840 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
13:31:11.0260 4840 LVRS64 - ok
13:31:11.0322 4840 LVUSBS64 (f1cc5f4341df18da482531e55e0bb074) C:\Windows\system32\drivers\LVUSBS64.sys
13:31:11.0337 4840 LVUSBS64 - ok
13:31:11.0453 4840 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
13:31:11.0631 4840 LVUVC64 - ok
13:31:11.0673 4840 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
13:31:11.0688 4840 MBAMProtector - ok
13:31:11.0725 4840 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:31:11.0750 4840 mdmxsdk - ok
13:31:11.0787 4840 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:31:11.0802 4840 megasas - ok
13:31:11.0842 4840 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:31:11.0864 4840 MegaSR - ok
13:31:11.0894 4840 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:31:11.0928 4840 Modem - ok
13:31:11.0939 4840 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:31:11.0974 4840 monitor - ok
13:31:11.0989 4840 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:31:12.0005 4840 mouclass - ok
13:31:12.0019 4840 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:31:12.0053 4840 mouhid - ok
13:31:12.0070 4840 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:31:12.0085 4840 MountMgr - ok
13:31:12.0122 4840 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
13:31:12.0142 4840 MpFilter - ok
13:31:12.0169 4840 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:31:12.0185 4840 mpio - ok
13:31:12.0217 4840 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:31:12.0234 4840 MpNWMon - ok
13:31:12.0248 4840 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:31:12.0276 4840 mpsdrv - ok
13:31:12.0302 4840 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:31:12.0317 4840 Mraid35x - ok
13:31:12.0355 4840 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
13:31:12.0378 4840 MRxDAV - ok
13:31:12.0404 4840 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:31:12.0425 4840 mrxsmb - ok
13:31:12.0452 4840 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:31:12.0474 4840 mrxsmb10 - ok
13:31:12.0482 4840 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:31:12.0502 4840 mrxsmb20 - ok
13:31:12.0530 4840 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
13:31:12.0546 4840 msahci - ok
13:31:12.0564 4840 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:31:12.0582 4840 msdsm - ok
13:31:12.0609 4840 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:31:12.0645 4840 Msfs - ok
13:31:12.0662 4840 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:31:12.0677 4840 msisadrv - ok
13:31:12.0706 4840 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:31:12.0740 4840 MSKSSRV - ok
13:31:12.0778 4840 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:31:12.0813 4840 MSPCLOCK - ok
13:31:12.0826 4840 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:31:12.0860 4840 MSPQM - ok
13:31:12.0894 4840 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
13:31:12.0914 4840 MsRPC - ok
13:31:12.0934 4840 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:31:12.0949 4840 mssmbios - ok
13:31:12.0969 4840 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:31:13.0003 4840 MSTEE - ok
13:31:13.0023 4840 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
13:31:13.0040 4840 Mup - ok
13:31:13.0080 4840 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
13:31:13.0101 4840 NativeWifiP - ok
13:31:13.0142 4840 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
13:31:13.0172 4840 NDIS - ok
13:31:13.0179 4840 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:31:13.0206 4840 NdisTapi - ok
13:31:13.0223 4840 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:31:13.0257 4840 Ndisuio - ok
13:31:13.0289 4840 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
13:31:13.0318 4840 NdisWan - ok
13:31:13.0331 4840 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:31:13.0358 4840 NDProxy - ok
13:31:13.0374 4840 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:31:13.0409 4840 NetBIOS - ok
13:31:13.0438 4840 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
13:31:13.0498 4840 netbt - ok
13:31:13.0523 4840 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:31:13.0538 4840 nfrd960 - ok
13:31:13.0600 4840 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:31:13.0615 4840 NisDrv - ok
13:31:13.0641 4840 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
13:31:13.0668 4840 Npfs - ok
13:31:13.0678 4840 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:31:13.0712 4840 nsiproxy - ok
13:31:13.0759 4840 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
13:31:13.0812 4840 Ntfs - ok
13:31:13.0830 4840 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:31:13.0864 4840 Null - ok
13:31:14.0086 4840 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:31:15.0120 4840 nvlddmkm - ok
13:31:15.0146 4840 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:31:15.0163 4840 nvraid - ok
13:31:15.0176 4840 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:31:15.0191 4840 nvstor - ok
13:31:15.0248 4840 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:31:15.0265 4840 nv_agp - ok
13:31:15.0272 4840 NwlnkFlt - ok
13:31:15.0281 4840 NwlnkFwd - ok
13:31:15.0323 4840 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
13:31:15.0352 4840 ohci1394 - ok
13:31:15.0377 4840 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
13:31:15.0428 4840 Parport - ok
13:31:15.0457 4840 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
13:31:15.0475 4840 partmgr - ok
13:31:15.0488 4840 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
13:31:15.0507 4840 pci - ok
13:31:15.0528 4840 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
13:31:15.0544 4840 pciide - ok
13:31:15.0569 4840 pcmcia (a2d6b9c3f532baa27cb0c158d8ef4da6) C:\Windows\system32\DRIVERS\pcmcia.sys
13:31:15.0588 4840 pcmcia - ok
13:31:15.0623 4840 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:31:15.0687 4840 PEAUTH - ok
13:31:15.0751 4840 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
13:31:15.0779 4840 PptpMiniport - ok
13:31:15.0798 4840 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
13:31:15.0833 4840 Processor - ok
13:31:15.0878 4840 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
13:31:15.0906 4840 PSched - ok
13:31:15.0929 4840 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
13:31:15.0945 4840 PxHlpa64 - ok
13:31:15.0984 4840 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:31:16.0020 4840 ql2300 - ok
13:31:16.0043 4840 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:31:16.0059 4840 ql40xx - ok
13:31:16.0085 4840 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:31:16.0103 4840 QWAVEdrv - ok
13:31:16.0173 4840 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
13:31:16.0278 4840 R300 - ok
13:31:16.0308 4840 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:31:16.0342 4840 RasAcd - ok
13:31:16.0356 4840 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:31:16.0386 4840 Rasl2tp - ok
13:31:16.0410 4840 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
13:31:16.0437 4840 RasPppoe - ok
13:31:16.0461 4840 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
13:31:16.0491 4840 RasSstp - ok
13:31:16.0519 4840 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
13:31:16.0550 4840 rdbss - ok
13:31:16.0564 4840 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:31:16.0597 4840 RDPCDD - ok
13:31:16.0630 4840 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:31:16.0669 4840 rdpdr - ok
13:31:16.0677 4840 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:31:16.0711 4840 RDPENCDD - ok
13:31:16.0736 4840 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
13:31:16.0766 4840 RDPWD - ok
13:31:16.0811 4840 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:31:16.0847 4840 rspndr - ok
13:31:16.0862 4840 RTSTOR (fe1d4924e1680a192f9617c5eca19c93) C:\Windows\system32\drivers\RTSTOR64.SYS
13:31:16.0878 4840 RTSTOR - ok
13:31:16.0931 4840 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
13:31:16.0975 4840 SASDIFSV - ok
13:31:17.0002 4840 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
13:31:17.0015 4840 SASENUM - ok
13:31:17.0036 4840 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys
13:31:17.0058 4840 SASKUTIL - ok
13:31:17.0083 4840 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:31:17.0099 4840 sbp2port - ok
13:31:17.0125 4840 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
13:31:17.0160 4840 sdbus - ok
13:31:17.0192 4840 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:31:17.0242 4840 secdrv - ok
13:31:17.0274 4840 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys
13:31:17.0289 4840 Sentinel64 - ok
13:31:17.0309 4840 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
13:31:17.0357 4840 Serenum - ok
13:31:17.0372 4840 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
13:31:17.0422 4840 Serial - ok
13:31:17.0437 4840 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:31:17.0471 4840 sermouse - ok
13:31:17.0491 4840 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:31:17.0525 4840 sffdisk - ok
13:31:17.0539 4840 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:31:17.0573 4840 sffp_mmc - ok
13:31:17.0584 4840 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:31:17.0619 4840 sffp_sd - ok
13:31:17.0633 4840 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:31:17.0681 4840 sfloppy - ok
13:31:17.0702 4840 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:31:17.0717 4840 SiSRaid2 - ok
13:31:17.0736 4840 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:31:17.0751 4840 SiSRaid4 - ok
13:31:17.0764 4840 SmartDefragDriver - ok
13:31:17.0799 4840 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
13:31:17.0827 4840 Smb - ok
13:31:17.0862 4840 SNTUSB64 (47f99a3ff5900f70adcf043580e595cb) C:\Windows\system32\DRIVERS\SNTUSB64.SYS
13:31:17.0878 4840 SNTUSB64 - ok
13:31:17.0907 4840 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
13:31:17.0923 4840 spldr - ok
13:31:17.0951 4840 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
13:31:17.0976 4840 srv - ok
13:31:18.0003 4840 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
13:31:18.0023 4840 srv2 - ok
13:31:18.0047 4840 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
13:31:18.0067 4840 srvnet - ok
13:31:18.0089 4840 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
13:31:18.0116 4840 StillCam - ok
13:31:18.0136 4840 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:31:18.0150 4840 swenum - ok
13:31:18.0176 4840 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:31:18.0191 4840 Symc8xx - ok
13:31:18.0212 4840 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:31:18.0227 4840 Sym_hi - ok
13:31:18.0247 4840 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:31:18.0262 4840 Sym_u3 - ok
13:31:18.0323 4840 Tcpip (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\drivers\tcpip.sys
13:31:18.0366 4840 Tcpip - ok
13:31:18.0423 4840 Tcpip6 (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\DRIVERS\tcpip.sys
13:31:18.0476 4840 Tcpip6 - ok
13:31:18.0499 4840 tcpipreg (2aa1b7ebc271e995f3358c1fa7a1d35b) C:\Windows\system32\drivers\tcpipreg.sys
13:31:18.0516 4840 tcpipreg - ok
13:31:18.0538 4840 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:31:18.0572 4840 TDPIPE - ok
13:31:18.0587 4840 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:31:18.0622 4840 TDTCP - ok
13:31:18.0650 4840 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
13:31:18.0678 4840 tdx - ok
13:31:18.0705 4840 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
13:31:18.0722 4840 TermDD - ok
13:31:18.0757 4840 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:31:18.0791 4840 tssecsrv - ok
13:31:18.0821 4840 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:31:18.0838 4840 tunmp - ok
13:31:18.0863 4840 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
13:31:18.0880 4840 tunnel - ok
13:31:18.0907 4840 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:31:18.0923 4840 uagp35 - ok
13:31:18.0957 4840 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
13:31:18.0989 4840 udfs - ok
13:31:19.0021 4840 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:31:19.0039 4840 uliagpkx - ok
13:31:19.0060 4840 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:31:19.0079 4840 uliahci - ok
13:31:19.0093 4840 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:31:19.0110 4840 UlSata - ok
13:31:19.0124 4840 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:31:19.0159 4840 ulsata2 - ok
13:31:19.0182 4840 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:31:19.0218 4840 umbus - ok
13:31:19.0253 4840 USBAAPL64 (5cf1ead086176dd3348e920a40bed03d) C:\Windows\system32\Drivers\usbaapl64.sys
13:31:19.0268 4840 USBAAPL64 - ok
13:31:19.0296 4840 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
13:31:19.0326 4840 usbaudio - ok
13:31:19.0350 4840 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:31:19.0378 4840 usbccgp - ok
13:31:19.0399 4840 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
13:31:19.0434 4840 usbcir - ok
13:31:19.0452 4840 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
13:31:19.0479 4840 usbehci - ok
13:31:19.0503 4840 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
13:31:19.0534 4840 usbhub - ok
13:31:19.0553 4840 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
13:31:19.0587 4840 usbohci - ok
13:31:19.0596 4840 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
13:31:19.0645 4840 usbprint - ok
13:31:19.0653 4840 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:31:19.0681 4840 USBSTOR - ok
13:31:19.0702 4840 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:31:19.0729 4840 usbuhci - ok
13:31:19.0776 4840 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys
13:31:19.0803 4840 usb_rndisx - ok
13:31:19.0824 4840 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:31:19.0858 4840 vga - ok
13:31:19.0886 4840 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:31:19.0920 4840 VgaSave - ok
13:31:19.0946 4840 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:31:19.0959 4840 viaide - ok
13:31:19.0989 4840 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
13:31:20.0007 4840 volmgr - ok
13:31:20.0038 4840 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
13:31:20.0061 4840 volmgrx - ok
13:31:20.0092 4840 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
13:31:20.0113 4840 volsnap - ok
13:31:20.0137 4840 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:31:20.0153 4840 vsmraid - ok
13:31:20.0175 4840 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:31:20.0226 4840 WacomPen - ok
13:31:20.0256 4840 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:31:20.0285 4840 Wanarp - ok
13:31:20.0288 4840 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:31:20.0317 4840 Wanarpv6 - ok
13:31:20.0345 4840 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:31:20.0360 4840 Wd - ok
13:31:20.0395 4840 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
13:31:20.0427 4840 Wdf01000 - ok
13:31:20.0464 4840 winachsf (d36af55c2c09b55aacf4a65c7fea9c37) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
13:31:20.0489 4840 winachsf - ok
13:31:20.0535 4840 winusb (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.SYS
13:31:20.0562 4840 winusb - ok
13:31:20.0610 4840 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
13:31:20.0624 4840 WmBEnum - ok
13:31:20.0691 4840 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
13:31:20.0707 4840 WmFilter - ok
13:31:20.0747 4840 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
13:31:20.0760 4840 WmHidLo - ok
13:31:20.0778 4840 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
13:31:20.0805 4840 WmiAcpi - ok
13:31:20.0850 4840 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
13:31:20.0864 4840 WmVirHid - ok
13:31:20.0886 4840 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
13:31:20.0903 4840 WmXlCore - ok
13:31:20.0941 4840 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
13:31:20.0959 4840 WpdUsb - ok
13:31:20.0978 4840 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:31:21.0012 4840 ws2ifsl - ok
13:31:21.0060 4840 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:31:21.0096 4840 WUDFRd - ok
13:31:21.0111 4840 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys
13:31:21.0126 4840 XAudio - ok
13:31:21.0145 4840 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:31:21.0215 4840 \Device\Harddisk0\DR0 - ok
13:31:21.0218 4840 Boot (0x1200) (ff5ecfc544b3324e2044f5ede986f013) \Device\Harddisk0\DR0\Partition0
13:31:21.0219 4840 \Device\Harddisk0\DR0\Partition0 - ok
13:31:21.0222 4840 Boot (0x1200) (02a5620de4624e5f7cfc717d51abb990) \Device\Harddisk0\DR0\Partition1
13:31:21.0223 4840 \Device\Harddisk0\DR0\Partition1 - ok
13:31:21.0224 4840 ============================================================
13:31:21.0224 4840 Scan finished
13:31:21.0224 4840 ============================================================
13:31:21.0234 5220 Detected object count: 0
13:31:21.0234 5220 Actual detected object count: 0
13:31:31.0117 5540 Deinitialize success

#5
BlackOxide

Posted 08 November 2011 - 01:36 PM

Trusted Helper

Malware Removal
1,976 posts

Thanks for the logs. Looking over them, I don't see anything too bad, but I do see how the Bandoo.com and shortcuts got on your PC. They were created at the exact time when jZip was installed. I've had a look at some of the reviews of jZip and it seems as though it can install some of this rubbish as part of the installation, see here.

Lets just remove some items found in the OTL logs, then we'll do a scan with MBAM

1)
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/10/31 10:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Searchqu Toolbar
[2011/10/31 10:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchCore for Browsers
[2011/10/31 10:24:39 | 000,000,133 | ---- | C] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
[2011/10/23 07:32:46 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

In your next reply
Please post the contents of...
OTL log
MBAM log

#6
Brad Thomas

Posted 08 November 2011 - 03:15 PM

New Member

Topic Starter
Member
9 posts

This is the report I got after computer rebooted. I can not find the Windows Searchqu Toolbar in C:\Program Files (x86).

All processes killed
Error: Unable to interpret <:OTL[2011/10/31 10:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Searchqu Toolbar[2011/10/31 10:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchCore for Browsers[2011/10/31 10:24:39 | 000,000,133 | ---- | C] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.urlO3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.[2011/10/23 07:32:46 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore:Services:Reg:Files:Commands[purity][resethosts][emptytemp][EMPTYFLASH][CREATERESTOREPOINT][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 11082011_134522

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 11/8/2011 3:16:34 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jbradthomas\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 67.90% Memory free
12.11 Gb Paging File | 10.20 Gb Available in Paging File | 84.25% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.63 Gb Total Space | 346.80 Gb Free Space | 59.73% Space Free | Partition Type: NTFS
Drive D: | 15.54 Gb Total Space | 8.01 Gb Free Space | 51.56% Space Free | Partition Type: NTFS

Computer Name: BRADSPC | User Name: Jbradthomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/04 09:41:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jbradthomas\Desktop\OTL.exe
PRC - [2011/10/09 19:33:21 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/05/21 04:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/31 15:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/16 14:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
PRC - [2005/07/15 15:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
PRC - [2004/07/21 15:28:02 | 000,413,807 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2004/07/21 15:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

========== Modules (No Company Name) ==========

MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 12:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/07/16 14:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/16 14:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009/07/16 14:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009/07/16 14:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
MOD - [2009/07/16 14:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtxml4.dll
MOD - [2009/07/16 14:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009/07/16 14:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtsql4.dll
MOD - [2009/07/16 14:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009/07/16 14:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009/07/16 14:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009/07/16 14:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009/07/16 14:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 15:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 15:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/03/16 07:37:32 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/21 04:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/31 15:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/13 17:42:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/29 11:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/14 19:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2007/05/31 08:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004/07/21 15:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/27 13:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/20 06:05:02 | 000,059,048 | ---- | M] (SafeNet, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/25 15:08:56 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 15:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010/04/27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/16 07:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S5500(UVC)
DRV:64bit: - [2009/10/07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/17 06:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\Sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/06/10 14:46:04 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/10 23:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2008/12/17 00:01:20 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/04/30 23:17:40 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/03/16 07:48:25 | 000,324,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/03/16 07:37:38 | 001,513,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/03/16 07:37:37 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/03/16 07:37:37 | 000,403,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/03/16 07:37:34 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/03/16 07:37:32 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/01/20 20:47:27 | 000,214,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/03/08 16:19:00 | 000,012,800 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2006/11/02 01:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/10/06 20:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2011/10/23 08:07:00 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/23 08:07:00 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/10/23 08:07:00 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...M=FX4710-UB003A

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found

IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found

IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 A6 AD DC 28 9E CC 01 [binary data]
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jbradthomas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jbradthomas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/13 10:39:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/31 11:10:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/31 11:10:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/13 10:39:06 | 000,000,000 | ---D | M]

[2008/10/06 02:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Extensions
[2011/11/07 13:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\extensions
[2011/11/07 13:05:06 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2011/07/07 09:17:58 | 000,000,925 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\searchplugins\conduit.xml
[2008/12/09 06:07:30 | 000,002,354 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\searchplugins\kiwee-live-search.xml
[2010/08/28 05:58:15 | 000,002,037 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\searchplugins\kiwee-toolbar.xml
[2011/10/31 11:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/23 21:33:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/18 10:01:27 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/10/18 10:01:27 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2011/07/13 15:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/13 15:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Coupons.com = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb\2.2.0.5_0\

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Smart Copy] C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-738866140-2067582595-1557706530-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-738866140-2067582595-1557706530-1005..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B8252B0-298D-434D-B8D5-EF912D57701C}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/16 08:49:12 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 13:45:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/08 10:10:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5075D35E-3E40-45B8-8D23-17B2120418E9}
[2011/11/08 10:10:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{3224A8C6-7606-4871-BB50-9ECC7FB0CD7A}
[2011/11/07 22:10:49 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{72F83D4F-D737-4D06-A4C3-AB82A93E8651}
[2011/11/07 22:10:48 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{92810C39-2D53-4A71-9DE7-BE2F9E12100F}
[2011/11/07 13:28:46 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jbradthomas\Desktop\TDSSKiller.exe
[2011/11/07 10:10:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6D3A174D-3C06-4D09-A01B-55E431144883}
[2011/11/07 10:10:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{B1468517-7326-48A8-9622-AD8AE1968494}
[2011/11/06 20:17:19 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5BC79F16-900A-4C8C-B11B-43F25C7D84AA}
[2011/11/06 20:17:18 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{20925621-04F4-4596-B4E5-FE42A022DC3D}
[2011/11/06 08:17:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4DC23114-5B9D-47B2-A162-B137C1391528}
[2011/11/06 08:17:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1250F0BA-6D7E-4FDD-98B0-29743A040994}
[2011/11/05 20:17:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F46BDDC7-A08E-4639-B961-703070F1EC80}
[2011/11/05 20:16:59 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{74BB1609-85FF-4926-BFAC-4B1AF63AB4E7}
[2011/11/05 08:16:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DF71CD39-8C7C-4641-917D-30C6E42DBB4C}
[2011/11/05 08:16:54 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C5495C73-8227-4082-B864-DCC01F8B7E69}
[2011/11/04 20:16:38 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7C517642-83BB-42E1-AACE-70C6D3F6D382}
[2011/11/04 20:16:33 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5C59B6A7-08BD-4F5E-92BD-3284768FC74E}
[2011/11/04 09:42:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jbradthomas\Desktop\OTL.exe
[2011/11/04 02:18:24 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{70FDB668-D150-4A4E-BD92-1C6AA891E89B}
[2011/11/04 02:18:23 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{589DF8A6-8BC6-4AB2-9FC1-E953232705DA}
[2011/11/03 14:18:07 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{195EBCCB-7957-4568-A517-4A1C8763A84B}
[2011/11/03 14:18:06 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E2C2FE82-E08F-4988-959C-67A80D8CBF39}
[2011/11/01 07:28:46 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F88CE388-C5C8-4699-94C6-F9A0CFCC158C}
[2011/11/01 07:28:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7E1B170A-0D23-46EA-B4FD-12F61E873C7B}
[2011/10/31 19:28:42 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{80852CC8-B4CD-4318-A858-0852849939D3}
[2011/10/31 19:28:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{3F1B5B42-07E6-46C7-BE6C-01B67733DA7E}
[2011/10/31 09:24:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\jZip
[2011/10/31 09:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchCore for Browsers
[2011/10/31 09:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
[2011/10/31 09:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2011/10/31 07:27:56 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{0ED09FD6-A13C-43FC-A417-1556C97AFACE}
[2011/10/31 07:27:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{320862B3-F130-466E-A58F-C545964B47E9}
[2011/10/30 19:27:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D98335CB-9528-4F6D-B06F-308A20B23CC5}
[2011/10/30 19:27:50 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1D4C9D33-F408-4F95-AEFC-5DD3AF8DEB1C}
[2011/10/30 07:27:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{FCDD1E53-1EDC-4D30-8EFC-ED51425BBB54}
[2011/10/30 07:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{83B2AE1A-B500-4848-A060-138936DDBA8D}
[2011/10/29 19:27:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4746BADF-6CC0-448D-8DCF-42A80BDA3E22}
[2011/10/29 19:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8F8E56F7-FBCE-4253-98A5-3654EA8E0901}
[2011/10/29 07:27:28 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{177B81AE-2314-40CC-B979-AEB1D24E029F}
[2011/10/29 07:27:26 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5D974420-BE6D-492D-9951-8528B56A17A2}
[2011/10/28 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D389508A-0DCD-406F-8302-BB4711BE68F1}
[2011/10/28 19:27:22 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{72F9DDCB-D683-4F77-A1F4-8A00850E903F}
[2011/10/28 07:27:19 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{3051D001-5E83-433E-A1CA-C3D873C4E389}
[2011/10/28 07:27:18 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{BFB1584D-14C4-41CA-B7B9-2AEFA5FE9654}
[2011/10/27 19:27:15 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9E1D30E6-C19E-408C-9237-A19477B573AD}
[2011/10/27 19:27:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{759A26B4-5E4E-494B-8BDE-2E421D8DD078}
[2011/10/27 07:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8848BA6E-FA92-4304-849F-8A2ABF954CDC}
[2011/10/27 07:27:08 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{CCAAE388-8EDC-45CD-B19E-5F9A98EBFEC9}
[2011/10/26 19:27:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C3AF072B-2A59-440B-A903-514C3978AF5A}
[2011/10/26 19:27:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DA5A2210-8EE5-4E0B-80D6-953B674ABC43}
[2011/10/26 07:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8ED9F5A6-4899-494F-8C5A-3E9C1B67F376}
[2011/10/26 07:26:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{ADC0E36A-BC92-47AE-A3EA-77FF1BA22AEB}
[2011/10/25 21:51:11 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/10/25 19:26:21 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{B6228F80-8380-4B25-A0EB-6B87CC6038CE}
[2011/10/25 19:26:20 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{715D5497-7787-4939-81A0-2D9CBD758371}
[2011/10/25 08:51:20 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\Tracing
[2011/10/25 07:26:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9BE6CBBA-6873-41F7-9EA5-0248718DF0A2}
[2011/10/25 07:26:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DC07A535-4B31-4468-BDD2-E4C7C3B6F18C}
[2011/10/25 07:26:02 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1F38FF5D-D06F-43FB-AD44-5794F15FFB1D}
[2011/10/25 07:26:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D8711088-2994-4294-996D-641C9557CB35}
[2011/10/24 19:25:56 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7D62A990-35EB-4555-8CB7-A14A085690E3}
[2011/10/24 19:25:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4D694B52-4212-407D-8595-B384E10ACC57}
[2011/10/24 19:25:54 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F09C6B6C-4878-438A-A14D-B4B93D37CFD1}
[2011/10/24 19:25:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6D19E09E-74C5-4FC5-8671-954ED4C0EFAF}
[2011/10/24 15:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/10/24 09:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/10/24 08:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/10/24 07:25:06 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{54697B44-1C82-4FEE-8164-95082EE514EF}
[2011/10/24 07:25:05 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5B1061DF-0384-4BF9-8C08-79AC128CAF25}
[2011/10/24 07:25:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9EF531E7-84A4-4F79-A823-312239D69117}
[2011/10/24 07:25:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{ED97F054-99DE-4FA4-AC96-2D738FD027D8}
[2011/10/23 21:47:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/23 20:28:09 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Roaming\Malwarebytes
[2011/10/23 20:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/23 20:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/23 20:27:42 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/23 20:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/23 20:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/10/23 20:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/23 19:24:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F8F0E839-1A07-4C45-BCC8-2BC570BD7066}
[2011/10/23 19:24:33 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{22AA5ED2-7A03-4B4D-A098-61B5AE8A23FF}
[2011/10/23 07:32:46 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/10/23 00:29:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{EF964A13-33BC-4B0B-AA7F-52E3BB26D66C}
[2011/10/23 00:28:59 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5EED3EC5-4E91-43B5-A8E6-2DAE66BA84DE}
[2011/10/23 00:28:58 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4EB003C8-3C13-4BD0-B023-040913D69D53}
[2011/10/22 12:28:50 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6DA3080F-FDC6-45E9-B197-F20A8AC217DE}
[2011/10/22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4BF3EB55-880D-4651-8ADB-A8D58FDFBBE9}
[2011/10/22 12:28:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{06D9D121-76FC-4BE1-BA8D-30069C36BDB9}
[2011/10/22 00:28:39 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F4B16603-713D-4476-B831-601F32894C2C}
[2011/10/22 00:28:38 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{66098A67-1925-4DE3-8682-1084B7926471}
[2011/10/22 00:28:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4DB211BB-3540-4FE9-A02E-7E27FEBF642C}
[2011/10/21 12:28:33 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C6FEEF9A-AEEB-4915-AA1B-D8E1C4D31EEB}
[2011/10/21 12:28:32 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{67A99A51-D200-4AA7-859F-759399918D71}
[2011/10/21 12:28:26 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D87B6913-6AB5-4760-A606-958503D2730D}
[2011/10/21 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6FF1EB67-346C-4E83-868E-F2306F800F8C}
[2011/10/21 00:28:22 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5A229087-D3E0-4195-AE3E-CB3E6BB97F42}
[2011/10/21 00:28:21 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{A2A03C9B-3A29-4FBB-9447-99C2BA93E893}
[2011/10/20 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{701EC79F-3DD4-4AA4-AA4C-D76D9918849A}
[2011/10/20 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{2F797BED-3C2D-4292-A089-9F91F60169B2}
[2011/10/20 12:28:11 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D39C0BB3-FF14-4446-A6E4-52CE9AA36A5A}
[2011/10/20 00:28:09 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8C48DA87-FFEB-4CC1-8810-40403623A56B}
[2011/10/20 00:28:08 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{14FD3B5F-BE67-4B28-84D5-98DC49D951C0}
[2011/10/20 00:28:07 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{BA41271D-D074-4652-AC34-8B53CFA1602B}
[2011/10/19 12:28:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{FAC1C354-CF5D-413C-BC75-971C930EBE8D}
[2011/10/19 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{98087446-9C54-47DD-BD6C-2E56A7243FC5}
[2011/10/19 12:28:01 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E01D1A42-B259-4152-956B-8DCCF2E9DE4B}
[2011/10/19 00:27:56 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E3A61CB1-89B0-447C-B94B-79CC68FD3055}
[2011/10/19 00:27:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{456F41DD-AC10-431A-83D4-AF8596BD8118}
[2011/10/19 00:27:54 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6F0BE716-304D-4094-B26D-04583C3D1853}
[2011/10/19 00:27:53 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{866CAB1D-BE9A-4D63-A1F3-60A27F3F722E}
[2011/10/18 12:27:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8F937E7D-BD7B-43F4-A66F-E8F8A904B749}
[2011/10/18 12:27:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{00E1F861-25DC-4B45-83E8-567F3D42F14F}
[2011/10/18 12:27:35 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D2D79255-E2AB-445D-9AF8-956F03E34A59}
[2011/10/18 00:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{535FE6C6-9C41-4C34-A632-C7118CAE1D6A}
[2011/10/18 00:27:30 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{BDF4455E-BA83-4B9A-917B-5D371373C32E}
[2011/10/18 00:27:29 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5804CF67-7342-41D8-9488-405E90086559}
[2011/10/17 12:27:22 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4A6A1D72-AA73-401B-8DC5-55A67D26D1DD}
[2011/10/17 12:27:22 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{0F95BF70-4426-4695-A96F-C36C66E079B9}
[2011/10/17 12:27:20 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4F65B4BF-CD24-48B1-935C-0B7ED0E1C222}
[2011/10/17 00:27:16 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{EC8B8277-0692-43D9-8B98-131B871428A5}
[2011/10/17 00:27:15 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{CB6706C1-84D4-4D4B-8689-7688995E2C8F}
[2011/10/17 00:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{60B029AF-5E51-4151-B7B4-59DB9D0940FD}
[2011/10/16 12:27:09 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E56F18E1-E765-43B3-8024-1BD4EF6F1271}
[2011/10/16 12:27:08 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9BD6C68A-8DC0-438E-90BF-F921891149A0}
[2011/10/16 12:27:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{BF048472-A3BB-4D38-808F-C554D283638E}
[2011/10/16 00:26:59 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{81162F9D-5D72-4A9B-A5CC-07C70572985B}
[2011/10/16 00:26:58 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{62DB54E8-B02F-4AC0-89C5-88D545675BD2}
[2011/10/16 00:26:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{26A37FF5-BB0E-4D6C-BEED-8AB173B7CAA3}
[2011/10/15 12:26:53 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1E4F7663-327E-47CD-B035-D95B6E426843}
[2011/10/15 12:26:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E39ED672-EADC-41FF-87EC-D03FC150A6B0}
[2011/10/15 12:26:51 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{FC27933C-30AC-44A3-8EC8-606F8B4FD8AF}
[2011/10/15 00:26:47 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{A1EFA759-1DF4-4143-AAB0-4E1D3D61977C}
[2011/10/15 00:26:47 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8B8E595A-62EF-487E-9B3E-EBF6D3EDEF77}
[2011/10/15 00:26:44 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{ACEF8E28-6BDE-456A-A48B-3CF805331258}
[2011/10/14 12:26:41 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6FA520DB-2DD0-4938-88E2-36C8339490EA}
[2011/10/14 12:26:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{20CB0C14-D98E-44E3-B107-76D3FBB5C131}
[2011/10/14 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{55F30D49-10F2-4196-B89F-75B40F75EDAF}
[2011/10/14 00:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E91CD58D-9404-4633-A330-7F7D83FA3723}
[2011/10/14 00:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4B0E7FB4-0B0D-464F-9239-EFF2190CCFAC}
[2011/10/14 00:26:31 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F2FD2EC5-47ED-4B20-8CCD-E3643CB50F22}
[2011/10/14 00:26:30 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7815CA81-1A45-48D7-A7E3-931F974C0B9E}
[2011/10/13 16:23:41 | 000,145,448 | ---- | C] (SafeNet, Inc.) -- C:\Windows\SysNative\drivers\sentinel64.sys
[2011/10/13 16:20:36 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\Documents\Downloaded Installations
[2011/10/13 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{80D4C827-D0DB-4FC5-9E3D-3C5D48B99F53}
[2011/10/13 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6DF3083F-2B32-4434-B631-198BF9CE5D8E}
[2011/10/13 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4057A6D6-EC08-4F65-B7A9-28868AE177F1}
[2011/10/13 12:26:11 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{B68A7EA0-6F01-4E50-BE96-42857E605524}
[2011/10/13 00:25:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4D8AC8DB-A809-45DD-8C80-74AFA82F3968}
[2011/10/13 00:25:54 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{B19F1FE6-08BC-46D4-962E-BAE1F7E2028D}
[2011/10/13 00:25:53 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9237089F-F10A-4C38-8F99-9157D43ACC33}
[2011/10/13 00:25:49 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4590DC15-D8FE-4816-B9CD-7F5A0DADFFD8}
[2011/10/12 12:25:46 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F2C333A0-D951-45DD-9EB8-555B05B6AF1C}
[2011/10/12 12:25:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E1ACC9DE-4F9B-4577-9D39-C952B5A61751}
[2011/10/12 12:25:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{A6B9F850-2141-49B1-AD80-CDD3375825DD}
[2011/10/12 12:25:43 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5B23E5AE-CC09-4488-955C-4B4F117526D7}
[2011/10/12 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7B01D0AA-38E5-45CD-9CB3-193C7BBF99D2}
[2011/10/12 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{479DA582-8C37-4B90-B94E-AC5509DC4F70}
[2011/10/12 00:25:39 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{732A41F1-C847-4F85-B125-A645ECC4AC3A}
[2011/10/12 00:25:38 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D31D1069-6879-4F68-A179-0659AE71C1BE}
[2011/10/11 12:25:35 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4C4A5CFD-7CD3-4F43-874E-3DEB29ABD573}
[2011/10/11 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{A9A8C5D8-CBF9-4C71-8556-4C9BBBD644C2}
[2011/10/11 12:25:33 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{59389D86-8A5C-4F15-AB9A-1FC0777B0312}
[2011/10/11 12:25:31 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{743584B6-D5D7-46FD-9060-B9EBAD363B2A}
[2011/10/11 00:25:28 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F5537FB3-2FC3-4774-8471-3F602AFA4C63}
[2011/10/11 00:25:28 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{27083800-9DA9-4A04-981E-C47F4CA5F01C}
[2011/10/11 00:25:27 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C7F1C53B-E5D3-4C73-B195-C0820BDBB266}
[2011/10/11 00:25:26 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{23F28EA3-C65C-4EB1-B3CB-69165AD46827}
[2011/10/10 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{3EE78E11-9370-4F3B-8070-97D826CA9427}
[2011/10/10 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{15D58D09-1C37-4C93-A525-533D2954656F}
[2011/10/10 12:25:16 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DE1B4200-1ADD-4467-ABB4-84AB7DACE278}
[2011/10/10 12:25:15 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{AEF69827-784A-48D9-BB02-C9DD7A527493}
[2011/10/10 00:25:12 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C15409FC-2394-4525-AF3C-EF5EDE6912FB}
[2011/10/10 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C8218B78-E050-4EF4-99E5-94100946639F}
[2011/10/10 00:25:08 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C114BB55-51F2-4E0E-8955-5FBC2909C9CC}
[2011/10/10 00:25:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{19F1B09E-5930-45A9-9AF6-12393E775BAF}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/08 15:02:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/08 14:22:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-738866140-2067582595-1557706530-1004UA.job
[2011/11/08 13:52:33 | 000,706,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 13:52:33 | 000,606,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 13:52:33 | 000,104,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 13:46:35 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/08 13:46:23 | 000,003,344 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 13:46:23 | 000,003,344 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 13:46:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/08 13:46:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/11/08 13:46:13 | 2145,574,911 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 13:45:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/08 08:22:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-738866140-2067582595-1557706530-1004Core.job
[2011/11/07 16:27:58 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jbradthomas\Desktop\TDSSKiller.exe
[2011/11/07 07:50:25 | 970,462,469 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/05 07:13:54 | 000,005,938 | ---- | M] () -- C:\Users\Jbradthomas\Documents\cc_20111105_081324.reg
[2011/11/05 07:00:28 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/04 09:41:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jbradthomas\Desktop\OTL.exe
[2011/10/31 11:10:15 | 000,000,923 | ---- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/31 11:10:15 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/31 09:24:37 | 000,000,801 | ---- | M] () -- C:\Users\Public\Desktop\jZip.lnk
[2011/10/27 18:24:47 | 000,002,083 | -H-- | M] () -- C:\Users\Jbradthomas\Desktop\Google Chrome.lnk
[2011/10/26 14:29:11 | 000,025,172 | ---- | M] () -- C:\Users\Jbradthomas\Documents\cc_20111026_152858.reg
[2011/10/26 12:34:29 | 000,004,032 | ---- | M] () -- C:\Users\Jbradthomas\Documents\cc_20111026_133401.reg
[2011/10/24 07:04:23 | 000,001,102 | ---- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2011/10/24 07:04:04 | 000,000,990 | ---- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/10/23 20:27:47 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 19:47:04 | 000,000,732 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps64.dat
[2011/10/23 19:14:58 | 000,001,356 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps.dat
[2011/10/18 16:11:19 | 000,388,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 07:50:25 | 970,462,469 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/05 07:41:09 | 000,001,687 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/11/05 07:13:29 | 000,005,938 | ---- | C] () -- C:\Users\Jbradthomas\Documents\cc_20111105_081324.reg
[2011/10/31 11:10:15 | 000,000,923 | ---- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/31 11:10:15 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/31 11:10:14 | 000,000,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/31 09:24:37 | 000,000,801 | ---- | C] () -- C:\Users\Public\Desktop\jZip.lnk
[2011/10/26 14:29:00 | 000,025,172 | ---- | C] () -- C:\Users\Jbradthomas\Documents\cc_20111026_152858.reg
[2011/10/26 12:34:12 | 000,004,032 | ---- | C] () -- C:\Users\Jbradthomas\Documents\cc_20111026_133401.reg
[2011/10/25 08:49:26 | 2145,574,911 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/24 07:04:23 | 000,001,102 | ---- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2011/10/24 07:04:04 | 000,000,990 | ---- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/10/23 20:27:47 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 20:02:26 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/23 19:47:04 | 000,000,732 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps64.dat
[2011/06/19 15:32:45 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2011/02/08 21:46:00 | 000,165,018 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011/02/08 21:46:00 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/01/26 14:30:24 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/13 10:38:52 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/06/10 18:33:43 | 000,077,381 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/02/04 07:19:33 | 000,000,228 | ---- | C] () -- C:\Windows\DC_Manager.ini
[2009/12/20 16:28:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/20 11:17:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/09/09 14:50:18 | 000,002,348 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Roaming\wklnhst.dat
[2009/07/16 11:55:12 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/16 11:54:50 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/07/16 11:54:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/05 12:31:17 | 000,001,356 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps.dat
[2009/04/30 15:32:00 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/30 15:32:00 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/18 06:15:37 | 000,000,079 | ---- | C] () -- C:\Windows\GSAK.INI
[2008/12/23 08:59:50 | 000,000,437 | ---- | C] () -- C:\Windows\SysWow64\gmsblist.dll
[2008/12/08 19:32:10 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/12/08 19:32:10 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/10/29 18:46:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/10/12 02:46:16 | 000,164,341 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/10/12 02:46:16 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2008/10/05 19:43:20 | 000,008,192 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/05 17:53:38 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/10/05 14:58:07 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/04/09 15:10:19 | 000,360,448 | ---- | C] () -- C:\Windows\SysWow64\HotlineClient.exe
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002/03/14 11:00:26 | 000,038,567 | ---- | C] () -- C:\Windows\SysWow64\pcpbios.exe
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\sysres.dll

========== LOP Check ==========

[2008/10/25 19:46:26 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Ashampoo
[2009/12/24 07:18:28 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Autodesk
[2011/04/19 05:06:34 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Catalina Marketing Corp
[2009/01/18 06:16:09 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\EurekaLog
[2008/12/21 06:41:19 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\GARMIN
[2010/10/21 18:05:01 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\gtk-2.0
[2008/11/21 18:06:43 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\ICAClient
[2010/02/04 14:04:32 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\IMSIDesign
[2010/03/13 10:22:53 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\IrfanView
[2010/02/16 15:42:45 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\KoshyJohn.com
[2009/04/26 20:13:16 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Leadertech
[2008/12/08 12:55:46 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Masque
[2010/09/27 11:11:49 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\SampleView
[2011/09/19 16:10:18 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Teleca
[2009/09/09 14:50:20 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Template
[2010/11/01 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Windows Live Writer
[2011/11/08 13:45:32 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:BF98CBAF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5F64C164
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B0832161

< End of report >

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8119

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/8/2011 3:27:46 PM
mbam-log-2011-11-08 (15-27-46).txt

Scan type: Quick scan
Objects scanned: 219011
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thank You BlackOxide. My Desktop Icons are no longer transparent. I was sure I had stopped the virus, but wasn't sure howto repair the damage. Still not sure how it got past MSE.

Edited by Brad Thomas, 08 November 2011 - 03:34 PM.

#7
BlackOxide

Posted 08 November 2011 - 04:26 PM

Trusted Helper

Malware Removal
1,976 posts

Hey,

Still not sure how it got past MSE.

Unfortunately no Anti Virus product is 100% effective. All major AV's will let something by every now and then. I personally like MSE, it's one of the best out there I've found.

The OTL fix didn't go through by the looks of it. Could you try again for me please. I'll post it again below. Just make sure that when it gets pasted into the OTL box, it looks like the code below, with no joined up lines etc. Thanks

1)
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/10/31 10:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Searchqu Toolbar
[2011/10/31 10:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchCore for Browsers
[2011/10/31 10:24:39 | 000,000,133 | ---- | C] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
[2011/10/23 07:32:46 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[EMPTYFLASH]
[CREATERESTOREPOINT]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

In your next reply
Please post the contents of...
OTL log

#8
Brad Thomas

Posted 08 November 2011 - 07:20 PM

New Member

Topic Starter
Member
9 posts

========== OTL ==========
Folder C:\Program Files (x86)\Windows Searchqu Toolbar\ not found.
C:\Program Files (x86)\SearchCore for Browsers folder moved successfully.
File C:\Users\Public\Desktop\Emoticons for your messenger!.url not found.
Registry value HKEY_USERS\S-1-5-21-738866140-2067582595-1557706530-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
C:\Users\Jbradthomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Experience

User: Gamer

User: Jbradthomas
->Flash cache emptied: 4331 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 11082011_185635

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

OTL logfile created on: 11/8/2011 7:05:13 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jbradthomas\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.04 Gb Available Physical Memory | 67.29% Memory free
12.11 Gb Paging File | 10.15 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.63 Gb Total Space | 346.73 Gb Free Space | 59.72% Space Free | Partition Type: NTFS
Drive D: | 15.54 Gb Total Space | 8.01 Gb Free Space | 51.56% Space Free | Partition Type: NTFS

Computer Name: BRADSPC | User Name: Jbradthomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/04 09:41:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jbradthomas\Desktop\OTL.exe
PRC - [2011/10/09 19:33:21 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/05/21 04:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/31 15:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/16 14:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
PRC - [2005/07/15 15:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
PRC - [2004/07/21 15:28:02 | 000,413,807 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2004/07/21 15:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

========== Modules (No Company Name) ==========

MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 12:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/07/16 14:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/16 14:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009/07/16 14:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009/07/16 14:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
MOD - [2009/07/16 14:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtxml4.dll
MOD - [2009/07/16 14:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009/07/16 14:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtsql4.dll
MOD - [2009/07/16 14:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009/07/16 14:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009/07/16 14:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009/07/16 14:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009/07/16 14:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 15:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 15:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/03/16 07:37:32 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/21 04:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/31 15:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/13 17:42:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/29 11:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/14 19:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2007/05/31 08:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004/07/21 15:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/27 13:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/20 06:05:02 | 000,059,048 | ---- | M] (SafeNet, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/25 15:08:56 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 15:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010/04/27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/16 07:33:36 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S5500(UVC)
DRV:64bit: - [2009/10/07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/17 06:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\Sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/06/10 14:46:04 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/10 23:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2008/12/17 00:01:20 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/04/30 23:17:40 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/03/16 07:48:25 | 000,324,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/03/16 07:37:38 | 001,513,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/03/16 07:37:37 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/03/16 07:37:37 | 000,403,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/03/16 07:37:34 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/03/16 07:37:32 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/01/20 20:47:27 | 000,214,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/03/08 16:19:00 | 000,012,800 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2006/11/02 01:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/10/06 20:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2011/10/23 08:07:00 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/23 08:07:00 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/10/23 08:07:00 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...M=FX4710-UB003A

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found

IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found

IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...M=FX4710-UB003A
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 A6 AD DC 28 9E CC 01 [binary data]
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jbradthomas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jbradthomas\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/13 10:39:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/31 11:10:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/31 11:10:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/13 10:39:06 | 000,000,000 | ---D | M]

[2008/10/06 02:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Extensions
[2011/11/07 13:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\extensions
[2011/11/07 13:05:06 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2011/07/07 09:17:58 | 000,000,925 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\searchplugins\conduit.xml
[2008/12/09 06:07:30 | 000,002,354 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\searchplugins\kiwee-live-search.xml
[2010/08/28 05:58:15 | 000,002,037 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Roaming\Mozilla\Firefox\Profiles\4k9cxl1m.default\searchplugins\kiwee-toolbar.xml
[2011/10/31 11:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/23 21:33:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/18 10:01:27 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/10/18 10:01:27 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2011/07/13 15:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/13 15:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Coupons.com = C:\Users\Jbradthomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb\2.2.0.5_0\

O1 HOSTS File: ([2011/11/08 18:56:35 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Smart Copy] C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-738866140-2067582595-1557706530-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-738866140-2067582595-1557706530-1005..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B8252B0-298D-434D-B8D5-EF912D57701C}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/16 08:49:12 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 13:45:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/08 10:10:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5075D35E-3E40-45B8-8D23-17B2120418E9}
[2011/11/08 10:10:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{3224A8C6-7606-4871-BB50-9ECC7FB0CD7A}
[2011/11/07 22:10:49 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{72F83D4F-D737-4D06-A4C3-AB82A93E8651}
[2011/11/07 22:10:48 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{92810C39-2D53-4A71-9DE7-BE2F9E12100F}
[2011/11/07 13:28:46 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jbradthomas\Desktop\TDSSKiller.exe
[2011/11/07 10:10:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6D3A174D-3C06-4D09-A01B-55E431144883}
[2011/11/07 10:10:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{B1468517-7326-48A8-9622-AD8AE1968494}
[2011/11/06 20:17:19 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5BC79F16-900A-4C8C-B11B-43F25C7D84AA}
[2011/11/06 20:17:18 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{20925621-04F4-4596-B4E5-FE42A022DC3D}
[2011/11/06 08:17:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4DC23114-5B9D-47B2-A162-B137C1391528}
[2011/11/06 08:17:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1250F0BA-6D7E-4FDD-98B0-29743A040994}
[2011/11/05 20:17:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F46BDDC7-A08E-4639-B961-703070F1EC80}
[2011/11/05 20:16:59 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{74BB1609-85FF-4926-BFAC-4B1AF63AB4E7}
[2011/11/05 08:16:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DF71CD39-8C7C-4641-917D-30C6E42DBB4C}
[2011/11/05 08:16:54 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C5495C73-8227-4082-B864-DCC01F8B7E69}
[2011/11/04 20:16:38 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7C517642-83BB-42E1-AACE-70C6D3F6D382}
[2011/11/04 20:16:33 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5C59B6A7-08BD-4F5E-92BD-3284768FC74E}
[2011/11/04 09:42:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jbradthomas\Desktop\OTL.exe
[2011/11/04 02:18:24 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{70FDB668-D150-4A4E-BD92-1C6AA891E89B}
[2011/11/04 02:18:23 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{589DF8A6-8BC6-4AB2-9FC1-E953232705DA}
[2011/11/03 14:18:07 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{195EBCCB-7957-4568-A517-4A1C8763A84B}
[2011/11/03 14:18:06 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E2C2FE82-E08F-4988-959C-67A80D8CBF39}
[2011/11/01 07:28:46 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F88CE388-C5C8-4699-94C6-F9A0CFCC158C}
[2011/11/01 07:28:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7E1B170A-0D23-46EA-B4FD-12F61E873C7B}
[2011/10/31 19:28:42 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{80852CC8-B4CD-4318-A858-0852849939D3}
[2011/10/31 19:28:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{3F1B5B42-07E6-46C7-BE6C-01B67733DA7E}
[2011/10/31 09:24:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\jZip
[2011/10/31 09:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
[2011/10/31 09:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2011/10/31 07:27:56 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{0ED09FD6-A13C-43FC-A417-1556C97AFACE}
[2011/10/31 07:27:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{320862B3-F130-466E-A58F-C545964B47E9}
[2011/10/30 19:27:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D98335CB-9528-4F6D-B06F-308A20B23CC5}
[2011/10/30 19:27:50 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1D4C9D33-F408-4F95-AEFC-5DD3AF8DEB1C}
[2011/10/30 07:27:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{FCDD1E53-1EDC-4D30-8EFC-ED51425BBB54}
[2011/10/30 07:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{83B2AE1A-B500-4848-A060-138936DDBA8D}
[2011/10/29 19:27:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4746BADF-6CC0-448D-8DCF-42A80BDA3E22}
[2011/10/29 19:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8F8E56F7-FBCE-4253-98A5-3654EA8E0901}
[2011/10/29 07:27:28 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{177B81AE-2314-40CC-B979-AEB1D24E029F}
[2011/10/29 07:27:26 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5D974420-BE6D-492D-9951-8528B56A17A2}
[2011/10/28 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D389508A-0DCD-406F-8302-BB4711BE68F1}
[2011/10/28 19:27:22 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{72F9DDCB-D683-4F77-A1F4-8A00850E903F}
[2011/10/28 07:27:19 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{3051D001-5E83-433E-A1CA-C3D873C4E389}
[2011/10/28 07:27:18 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{BFB1584D-14C4-41CA-B7B9-2AEFA5FE9654}
[2011/10/27 19:27:15 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9E1D30E6-C19E-408C-9237-A19477B573AD}
[2011/10/27 19:27:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{759A26B4-5E4E-494B-8BDE-2E421D8DD078}
[2011/10/27 07:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8848BA6E-FA92-4304-849F-8A2ABF954CDC}
[2011/10/27 07:27:08 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{CCAAE388-8EDC-45CD-B19E-5F9A98EBFEC9}
[2011/10/26 19:27:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C3AF072B-2A59-440B-A903-514C3978AF5A}
[2011/10/26 19:27:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DA5A2210-8EE5-4E0B-80D6-953B674ABC43}
[2011/10/26 07:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8ED9F5A6-4899-494F-8C5A-3E9C1B67F376}
[2011/10/26 07:26:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{ADC0E36A-BC92-47AE-A3EA-77FF1BA22AEB}
[2011/10/25 21:51:11 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/10/25 19:26:21 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{B6228F80-8380-4B25-A0EB-6B87CC6038CE}
[2011/10/25 19:26:20 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{715D5497-7787-4939-81A0-2D9CBD758371}
[2011/10/25 08:51:20 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\Tracing
[2011/10/25 07:26:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9BE6CBBA-6873-41F7-9EA5-0248718DF0A2}
[2011/10/25 07:26:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DC07A535-4B31-4468-BDD2-E4C7C3B6F18C}
[2011/10/25 07:26:02 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1F38FF5D-D06F-43FB-AD44-5794F15FFB1D}
[2011/10/25 07:26:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D8711088-2994-4294-996D-641C9557CB35}
[2011/10/24 19:25:56 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7D62A990-35EB-4555-8CB7-A14A085690E3}
[2011/10/24 19:25:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4D694B52-4212-407D-8595-B384E10ACC57}
[2011/10/24 19:25:54 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F09C6B6C-4878-438A-A14D-B4B93D37CFD1}
[2011/10/24 19:25:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6D19E09E-74C5-4FC5-8671-954ED4C0EFAF}
[2011/10/24 15:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/10/24 09:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/10/24 08:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/10/24 07:25:06 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{54697B44-1C82-4FEE-8164-95082EE514EF}
[2011/10/24 07:25:05 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5B1061DF-0384-4BF9-8C08-79AC128CAF25}
[2011/10/24 07:25:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9EF531E7-84A4-4F79-A823-312239D69117}
[2011/10/24 07:25:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{ED97F054-99DE-4FA4-AC96-2D738FD027D8}
[2011/10/23 21:47:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/23 20:28:09 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Roaming\Malwarebytes
[2011/10/23 20:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/23 20:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/23 20:27:42 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/23 20:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/23 20:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/10/23 20:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/23 19:24:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F8F0E839-1A07-4C45-BCC8-2BC570BD7066}
[2011/10/23 19:24:33 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{22AA5ED2-7A03-4B4D-A098-61B5AE8A23FF}
[2011/10/23 00:29:00 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{EF964A13-33BC-4B0B-AA7F-52E3BB26D66C}
[2011/10/23 00:28:59 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5EED3EC5-4E91-43B5-A8E6-2DAE66BA84DE}
[2011/10/23 00:28:58 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4EB003C8-3C13-4BD0-B023-040913D69D53}
[2011/10/22 12:28:50 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6DA3080F-FDC6-45E9-B197-F20A8AC217DE}
[2011/10/22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4BF3EB55-880D-4651-8ADB-A8D58FDFBBE9}
[2011/10/22 12:28:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{06D9D121-76FC-4BE1-BA8D-30069C36BDB9}
[2011/10/22 00:28:39 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F4B16603-713D-4476-B831-601F32894C2C}
[2011/10/22 00:28:38 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{66098A67-1925-4DE3-8682-1084B7926471}
[2011/10/22 00:28:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4DB211BB-3540-4FE9-A02E-7E27FEBF642C}
[2011/10/21 12:28:33 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C6FEEF9A-AEEB-4915-AA1B-D8E1C4D31EEB}
[2011/10/21 12:28:32 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{67A99A51-D200-4AA7-859F-759399918D71}
[2011/10/21 12:28:26 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D87B6913-6AB5-4760-A606-958503D2730D}
[2011/10/21 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6FF1EB67-346C-4E83-868E-F2306F800F8C}
[2011/10/21 00:28:22 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5A229087-D3E0-4195-AE3E-CB3E6BB97F42}
[2011/10/21 00:28:21 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{A2A03C9B-3A29-4FBB-9447-99C2BA93E893}
[2011/10/20 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{701EC79F-3DD4-4AA4-AA4C-D76D9918849A}
[2011/10/20 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{2F797BED-3C2D-4292-A089-9F91F60169B2}
[2011/10/20 12:28:11 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D39C0BB3-FF14-4446-A6E4-52CE9AA36A5A}
[2011/10/20 00:28:09 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8C48DA87-FFEB-4CC1-8810-40403623A56B}
[2011/10/20 00:28:08 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{14FD3B5F-BE67-4B28-84D5-98DC49D951C0}
[2011/10/20 00:28:07 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{BA41271D-D074-4652-AC34-8B53CFA1602B}
[2011/10/19 12:28:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{FAC1C354-CF5D-413C-BC75-971C930EBE8D}
[2011/10/19 12:28:02 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{98087446-9C54-47DD-BD6C-2E56A7243FC5}
[2011/10/19 12:28:01 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E01D1A42-B259-4152-956B-8DCCF2E9DE4B}
[2011/10/19 00:27:56 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E3A61CB1-89B0-447C-B94B-79CC68FD3055}
[2011/10/19 00:27:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{456F41DD-AC10-431A-83D4-AF8596BD8118}
[2011/10/19 00:27:54 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6F0BE716-304D-4094-B26D-04583C3D1853}
[2011/10/19 00:27:53 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{866CAB1D-BE9A-4D63-A1F3-60A27F3F722E}
[2011/10/18 12:27:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8F937E7D-BD7B-43F4-A66F-E8F8A904B749}
[2011/10/18 12:27:37 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{00E1F861-25DC-4B45-83E8-567F3D42F14F}
[2011/10/18 12:27:35 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D2D79255-E2AB-445D-9AF8-956F03E34A59}
[2011/10/18 00:27:31 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{535FE6C6-9C41-4C34-A632-C7118CAE1D6A}
[2011/10/18 00:27:30 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{BDF4455E-BA83-4B9A-917B-5D371373C32E}
[2011/10/18 00:27:29 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5804CF67-7342-41D8-9488-405E90086559}
[2011/10/17 12:27:22 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4A6A1D72-AA73-401B-8DC5-55A67D26D1DD}
[2011/10/17 12:27:22 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{0F95BF70-4426-4695-A96F-C36C66E079B9}
[2011/10/17 12:27:20 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4F65B4BF-CD24-48B1-935C-0B7ED0E1C222}
[2011/10/17 00:27:16 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{EC8B8277-0692-43D9-8B98-131B871428A5}
[2011/10/17 00:27:15 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{CB6706C1-84D4-4D4B-8689-7688995E2C8F}
[2011/10/17 00:27:13 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{60B029AF-5E51-4151-B7B4-59DB9D0940FD}
[2011/10/16 12:27:09 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E56F18E1-E765-43B3-8024-1BD4EF6F1271}
[2011/10/16 12:27:08 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9BD6C68A-8DC0-438E-90BF-F921891149A0}
[2011/10/16 12:27:04 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{BF048472-A3BB-4D38-808F-C554D283638E}
[2011/10/16 00:26:59 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{81162F9D-5D72-4A9B-A5CC-07C70572985B}
[2011/10/16 00:26:58 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{62DB54E8-B02F-4AC0-89C5-88D545675BD2}
[2011/10/16 00:26:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{26A37FF5-BB0E-4D6C-BEED-8AB173B7CAA3}
[2011/10/15 12:26:53 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{1E4F7663-327E-47CD-B035-D95B6E426843}
[2011/10/15 12:26:52 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E39ED672-EADC-41FF-87EC-D03FC150A6B0}
[2011/10/15 12:26:51 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{FC27933C-30AC-44A3-8EC8-606F8B4FD8AF}
[2011/10/15 00:26:47 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{A1EFA759-1DF4-4143-AAB0-4E1D3D61977C}
[2011/10/15 00:26:47 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{8B8E595A-62EF-487E-9B3E-EBF6D3EDEF77}
[2011/10/15 00:26:44 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{ACEF8E28-6BDE-456A-A48B-3CF805331258}
[2011/10/14 12:26:41 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6FA520DB-2DD0-4938-88E2-36C8339490EA}
[2011/10/14 12:26:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{20CB0C14-D98E-44E3-B107-76D3FBB5C131}
[2011/10/14 12:26:39 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{55F30D49-10F2-4196-B89F-75B40F75EDAF}
[2011/10/14 00:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E91CD58D-9404-4633-A330-7F7D83FA3723}
[2011/10/14 00:26:32 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4B0E7FB4-0B0D-464F-9239-EFF2190CCFAC}
[2011/10/14 00:26:31 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F2FD2EC5-47ED-4B20-8CCD-E3643CB50F22}
[2011/10/14 00:26:30 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7815CA81-1A45-48D7-A7E3-931F974C0B9E}
[2011/10/13 16:23:41 | 000,145,448 | ---- | C] (SafeNet, Inc.) -- C:\Windows\SysNative\drivers\sentinel64.sys
[2011/10/13 16:20:36 | 000,000,000 | -H-D | C] -- C:\Users\Jbradthomas\Documents\Downloaded Installations
[2011/10/13 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{80D4C827-D0DB-4FC5-9E3D-3C5D48B99F53}
[2011/10/13 12:26:14 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{6DF3083F-2B32-4434-B631-198BF9CE5D8E}
[2011/10/13 12:26:13 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4057A6D6-EC08-4F65-B7A9-28868AE177F1}
[2011/10/13 12:26:11 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{B68A7EA0-6F01-4E50-BE96-42857E605524}
[2011/10/13 00:25:55 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4D8AC8DB-A809-45DD-8C80-74AFA82F3968}
[2011/10/13 00:25:54 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{B19F1FE6-08BC-46D4-962E-BAE1F7E2028D}
[2011/10/13 00:25:53 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{9237089F-F10A-4C38-8F99-9157D43ACC33}
[2011/10/13 00:25:49 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4590DC15-D8FE-4816-B9CD-7F5A0DADFFD8}
[2011/10/12 12:25:46 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F2C333A0-D951-45DD-9EB8-555B05B6AF1C}
[2011/10/12 12:25:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{E1ACC9DE-4F9B-4577-9D39-C952B5A61751}
[2011/10/12 12:25:45 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{A6B9F850-2141-49B1-AD80-CDD3375825DD}
[2011/10/12 12:25:43 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{5B23E5AE-CC09-4488-955C-4B4F117526D7}
[2011/10/12 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{7B01D0AA-38E5-45CD-9CB3-193C7BBF99D2}
[2011/10/12 00:25:40 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{479DA582-8C37-4B90-B94E-AC5509DC4F70}
[2011/10/12 00:25:39 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{732A41F1-C847-4F85-B125-A645ECC4AC3A}
[2011/10/12 00:25:38 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{D31D1069-6879-4F68-A179-0659AE71C1BE}
[2011/10/11 12:25:35 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{4C4A5CFD-7CD3-4F43-874E-3DEB29ABD573}
[2011/10/11 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{A9A8C5D8-CBF9-4C71-8556-4C9BBBD644C2}
[2011/10/11 12:25:33 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{59389D86-8A5C-4F15-AB9A-1FC0777B0312}
[2011/10/11 12:25:31 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{743584B6-D5D7-46FD-9060-B9EBAD363B2A}
[2011/10/11 00:25:28 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{F5537FB3-2FC3-4774-8471-3F602AFA4C63}
[2011/10/11 00:25:28 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{27083800-9DA9-4A04-981E-C47F4CA5F01C}
[2011/10/11 00:25:27 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C7F1C53B-E5D3-4C73-B195-C0820BDBB266}
[2011/10/11 00:25:26 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{23F28EA3-C65C-4EB1-B3CB-69165AD46827}
[2011/10/10 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{3EE78E11-9370-4F3B-8070-97D826CA9427}
[2011/10/10 12:25:18 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{15D58D09-1C37-4C93-A525-533D2954656F}
[2011/10/10 12:25:16 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{DE1B4200-1ADD-4467-ABB4-84AB7DACE278}
[2011/10/10 12:25:15 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{AEF69827-784A-48D9-BB02-C9DD7A527493}
[2011/10/10 00:25:12 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C15409FC-2394-4525-AF3C-EF5EDE6912FB}
[2011/10/10 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C8218B78-E050-4EF4-99E5-94100946639F}
[2011/10/10 00:25:08 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{C114BB55-51F2-4E0E-8955-5FBC2909C9CC}
[2011/10/10 00:25:03 | 000,000,000 | ---D | C] -- C:\Users\Jbradthomas\AppData\Local\{19F1B09E-5930-45A9-9AF6-12393E775BAF}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/08 19:04:10 | 000,706,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 19:04:10 | 000,606,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 19:04:10 | 000,104,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 19:03:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/08 18:59:41 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/08 18:58:15 | 000,003,344 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 18:58:15 | 000,003,344 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/08 18:58:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/08 18:58:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/11/08 18:58:04 | 2145,574,911 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 18:57:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/08 18:21:59 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-738866140-2067582595-1557706530-1004UA.job
[2011/11/08 08:22:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-738866140-2067582595-1557706530-1004Core.job
[2011/11/07 16:27:58 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jbradthomas\Desktop\TDSSKiller.exe
[2011/11/07 07:50:25 | 970,462,469 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/05 07:13:54 | 000,005,938 | ---- | M] () -- C:\Users\Jbradthomas\Documents\cc_20111105_081324.reg
[2011/11/05 07:00:28 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/04 09:41:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jbradthomas\Desktop\OTL.exe
[2011/10/31 11:10:15 | 000,000,923 | ---- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/31 11:10:15 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/31 09:24:37 | 000,000,801 | ---- | M] () -- C:\Users\Public\Desktop\jZip.lnk
[2011/10/27 18:24:47 | 000,002,083 | -H-- | M] () -- C:\Users\Jbradthomas\Desktop\Google Chrome.lnk
[2011/10/26 14:29:11 | 000,025,172 | ---- | M] () -- C:\Users\Jbradthomas\Documents\cc_20111026_152858.reg
[2011/10/26 12:34:29 | 000,004,032 | ---- | M] () -- C:\Users\Jbradthomas\Documents\cc_20111026_133401.reg
[2011/10/24 07:04:23 | 000,001,102 | ---- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2011/10/24 07:04:04 | 000,000,990 | ---- | M] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/10/23 20:27:47 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 19:47:04 | 000,000,732 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps64.dat
[2011/10/23 19:14:58 | 000,001,356 | ---- | M] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps.dat
[2011/10/18 16:11:19 | 000,388,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 07:50:25 | 970,462,469 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/05 07:41:09 | 000,001,687 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/11/05 07:13:29 | 000,005,938 | ---- | C] () -- C:\Users\Jbradthomas\Documents\cc_20111105_081324.reg
[2011/10/31 11:10:15 | 000,000,923 | ---- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/31 11:10:15 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/31 11:10:14 | 000,000,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/31 09:24:37 | 000,000,801 | ---- | C] () -- C:\Users\Public\Desktop\jZip.lnk
[2011/10/26 14:29:00 | 000,025,172 | ---- | C] () -- C:\Users\Jbradthomas\Documents\cc_20111026_152858.reg
[2011/10/26 12:34:12 | 000,004,032 | ---- | C] () -- C:\Users\Jbradthomas\Documents\cc_20111026_133401.reg
[2011/10/25 08:49:26 | 2145,574,911 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/24 07:04:23 | 000,001,102 | ---- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail.lnk
[2011/10/24 07:04:04 | 000,000,990 | ---- | C] () -- C:\Users\Jbradthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/10/23 20:27:47 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 20:02:26 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/23 19:47:04 | 000,000,732 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps64.dat
[2011/06/19 15:32:45 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2011/02/08 21:46:00 | 000,165,018 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011/02/08 21:46:00 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/01/26 14:30:24 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/13 10:38:52 | 000,023,145 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/06/10 18:33:43 | 000,077,381 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/02/04 07:19:33 | 000,000,228 | ---- | C] () -- C:\Windows\DC_Manager.ini
[2009/12/20 16:28:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/20 11:17:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/09/09 14:50:18 | 000,002,348 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Roaming\wklnhst.dat
[2009/07/16 11:55:12 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/16 11:54:50 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/07/16 11:54:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/05 12:31:17 | 000,001,356 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Local\d3d9caps.dat
[2009/04/30 15:32:00 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/30 15:32:00 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/18 06:15:37 | 000,000,079 | ---- | C] () -- C:\Windows\GSAK.INI
[2008/12/23 08:59:50 | 000,000,437 | ---- | C] () -- C:\Windows\SysWow64\gmsblist.dll
[2008/12/08 19:32:10 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/12/08 19:32:10 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/10/29 18:46:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/10/12 02:46:16 | 000,164,341 | ---- | C] () -- C:\Windows\hpoins21.dat
[2008/10/12 02:46:16 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2008/10/05 19:43:20 | 000,008,192 | ---- | C] () -- C:\Users\Jbradthomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/05 17:53:38 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2008/10/05 14:58:07 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/04/09 15:10:19 | 000,360,448 | ---- | C] () -- C:\Windows\SysWow64\HotlineClient.exe
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002/03/14 11:00:26 | 000,038,567 | ---- | C] () -- C:\Windows\SysWow64\pcpbios.exe
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\sysres.dll

========== LOP Check ==========

[2008/10/25 19:46:26 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Ashampoo
[2009/12/24 07:18:28 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Autodesk
[2011/04/19 05:06:34 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Catalina Marketing Corp
[2009/01/18 06:16:09 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\EurekaLog
[2008/12/21 06:41:19 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\GARMIN
[2010/10/21 18:05:01 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\gtk-2.0
[2008/11/21 18:06:43 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\ICAClient
[2010/02/04 14:04:32 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\IMSIDesign
[2010/03/13 10:22:53 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\IrfanView
[2010/02/16 15:42:45 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\KoshyJohn.com
[2009/04/26 20:13:16 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Leadertech
[2008/12/08 12:55:46 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Masque
[2010/09/27 11:11:49 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\SampleView
[2011/09/19 16:10:18 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Teleca
[2009/09/09 14:50:20 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Template
[2010/11/01 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\Jbradthomas\AppData\Roaming\Windows Live Writer
[2011/11/08 18:57:17 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:BF98CBAF
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5F64C164
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B0832161

< End of report >

#9
BlackOxide

Posted 09 November 2011 - 02:43 PM

Trusted Helper

Malware Removal
1,976 posts

Your logs are looking good now. How is the PC behaving, do you have any outstanding problems?

#10
Brad Thomas

Posted 09 November 2011 - 03:03 PM

New Member

Topic Starter
Member
9 posts

PC seems to be doing well. Thank You.
I have noticed a few things in the OTL log that I would like some feedback on;

O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

Would it be safe to remove these. I don't use any toolbars.

Again Thank You for the help,
Brad

#11
BlackOxide

Posted 09 November 2011 - 03:33 PM

Trusted Helper

Malware Removal
1,976 posts

Hey,

Good to hear the PC is behaving properly.

I have noticed a few things in the OTL log that I would like some feedback on

Sure, no problem. As you say you don't use the toolbars, they can go, not a problem. I would leave the gopher and Protocol entries, as these are harmless and are found on some Vista/7 machines by default.

Here's the OTL script to remove the toolbars...

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No CLSID value found.
O3 - HKU\S-1-5-21-738866140-2067582595-1557706530-1004\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.

:Services

:Reg

:Files

:Commands
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done.

Let me know if the OTL fix does not go through properly. Otherwise, I think you're ready for the cleanup steps. Just let me know if you have any other queries.

Good stuff, your logs now appear clean

Please go through the Cleanup section below and have a read of the other information which will help keep your PC protected

Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.

========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove TDSSKiller from the Desktop (if present)

2)
Clear Old Restore Points

Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
```
:Commands
[CLEARALLRESTOREPOINTS]
```
Then Click Run Fix

3)
OTL Cleanup

Open OTL
Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

========== Anti Malware Protection ==========

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible. Remember to check for updates before running a scan, so click the Update tab along the top, then click Check for Updates.

Free Anti Virus Protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one Anti Virus installed at any one given time.

Paid Anti Virus Protection...
If you want a bit more than just an Anti Virus and would like extra features such as Firewall and Anti Spam, you will have to look at purchasing an Anti Virus product. A lot of people do use free AV software as these products use the same virus databases as the paid ones, but some people prefer to have the extra features and the help and support that the paid products tend to offer. If you are looking into purchasing one, my recommendations would be Kaspersky Internet Security or ESET Smart Security. There are however many different ones out there and it is wise to just download trial versions to see which ones suit you best, before actually buying.

========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC so updates are downloaded and installed automatically. Click on your version of Windows below to find out how...
Windows XP
Windows Vista
Windows 7

Java updates

Click the Start button
Click Control Panel
Double Click Java
Click the Update tab
Click Update Now
Allow any updates to be downloaded and installed

Adobe Reader updates

Open Adobe Reader
Click Help on the menu at the top
Click Check for Updates
Allow any updates to be downloaded and installed

========== Alternate Browsers ==========

Firefox - My personal choice, easy to use and has a large number of excellent addons that can be installed to help keep you away from malicious sites and reduce advertisements and popups etc. AdBlockPlus and WOT are very useful addons that are well worth having installed.

Google Chrome - Very nippy browser that's easy to use and is well worth a go if you are trying out different browsers.

Have fun and stay safe online
BlackOxide

#12
Brad Thomas

Posted 09 November 2011 - 05:33 PM

New Member

Topic Starter
Member
9 posts

The OTL :Commands [emptytemp] caused OTL to lock up. Had to close with Task Manager. I did run the rest of the Fix. Also after reboot desktop icons and some folders became hidden again

. Other than that PC seems back to normal.

Thank You,
Brad

#13
BlackOxide

Posted 09 November 2011 - 06:22 PM

Trusted Helper

Malware Removal
1,976 posts

Okey dokey, don't worry about the emptytemp hanging, we do see this from time to time. Closing with Task Manager and rebooting is fine.

With the hidden icons and folders, can you try the following program for me please, to see if this brings them back. It will create a log at the end, if you could get back to me with this and also let me know if the icons are visible afterwards please.

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 6 and press Enter on the keyboard
Please wait until this process has finished
Once it has finished, please reboot your PC
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

#14
Brad Thomas

Posted 09 November 2011 - 09:16 PM

New Member

Topic Starter
Member
9 posts

That has seem to fix everything

. Thank You Very Much BlackOxide

I will proceed with the clean up at this point.

Again Thank You,
Brad

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Jbradthomas [Admin rights]
Mode: Shortcuts HJfix -- Date : 11/09/2011 19:20:29

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 2 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 617 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 102067 / Fail 0
My documents: Success 897 / Fail 0
My favorites: Success 204 / Fail 0
My pictures: Success 1296 / Fail 0
My music: Success 540 / Fail 0
My videos: Success 1 / Fail 0
Local drives: Success 46636 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[1].txt >>
RKreport[1].txt