[Matt A]

Hi,

I'm a new user and hope I can get some help here.

I had attempted to get help from Webroot, but to no avail. I will copy the information I provided to them which explains how the issue came about and what I experienced.

At the present moment, I have Webroot SecureAnywhere, Malwarebytes, Windows Defender and Glary Utilities. Webroot does not detect any malware; Malwarebytes reports that it stop potentially harmful websites from my PC, even though I do not have an internet session running; Windows Defender does not detect anything; Glary finds errors occasionally in the File Registry, but reports that repairs were carried out successfully.

I was detecting Mal/TDSSConf-A and Troj/TdlMbr-C, but I have somehow managed to remove these (I hope) but the issue that remains is when I browse the internet, I am redirected to different websites I did not request.

I received various pieces of advice from Webroot, but their 'fixes' would not execute as they had hoped.

Here is the information provided to Webroot:

- Question: When did the symptoms begin, and do you recall what event might have triggered the symptoms?
- Answer: The symptoms started on 26/10/2011 at about 1:30pm GMT+8. I was searching on Yahoo! and opened various tabs to peruse. I received an Adobe Flash installer plus another installer asking me to install MRT.exe. I installed both thinking they were legitimate.

- Question: Are you receiving pop-ups? What exactly do the pop-ups say? When does the pop-up open, and through your actions, can you make the pop-up
go away?
- Answer: I did receive popups indicating that there were corrupt files in the \system32\... folder. I clicked cancel to make these go away, but they reappeared at regular intervals (10 minutes approx.), there was about 20 popups at a time. These appear to have disappeared for now and may be related to a fake System Restore program that was running. This seems to have changed many, many files to ‘hidden’, which resulted in all desktop icons disappearing, plus I was not able to open Task Manager. There was no way of making this System Restore program close until I changed all files to ‘Unhidden’ which seemed to allow me to access Task Manager. I closed the System Restore program through Task Manager.

- Question: Do you see suspicious activity? What exactly are you seeing? What program(s) are you using at the time when this occurs?
- Answer: I have noticed that whilst using any internet browser search engine, I am directed to a different website from the one I requested. This
happens occasionally. When the fake System Restore program was running, it purported to do various scans of my system and report RAM and HDD issues. Sometimes, all applications were shut down and the system restarted automatically. I was prompted to buy the full version of this System Restore program – of course, I did not do that.

- Question: Has your Windows Desktop background been changed, and if so what text is being displayed?
- Answer: Yes – initially the background picture disappeared on
the desktop, along with all the desktop icons. All the notification icons and shortcuts disappeared of the task bar at the bottom and similarly, so did all items from the Start menu.

- Question: Have you noticed a suspicious program? What is the program’s name, and if you launched it what did it do or what does it display?
- Answer: Yes – it is called System Restore. It is a fake and cannot be closed easily. It appears to be legitimate by displaying options to scan the system for errors. It launched automatically and minimised to the tray if you did manage to close it.

- Question: Are your Web searches or clicked links being redirected to sites you are not expecting to be at?
- Answer: Yes.

- Question: Where are the visible symptoms of the infection coming from? The Task Bar, System Tray, Desktop? What do they say?
- Answer: Task Bar – icons and shortcuts disappeared; System Tray – notification icons disappeared; Desktop – all icons disappeared; Start Menu – everything disappeared; Windows Explorer – many files were ‘hidden’.

- Question: Can you trigger the symptoms, and if so how? Or must you wait for it to show itself?
- Answer: The symptoms triggered upon installation of the Abode Flash and/or MRT.exe applications. I have recovered most items, such as the Task Bar icons, notification area icons, most Start menu options, but many of the folders for applications in the Start menu are empty. I still receive notifications saying that WAVSS has quarantined two items – Mal/TDSSConf-A and Troj/TdlMbr-C.

- Question: Provide the name of any repeated detection that is being identified by the Webroot software on every Scan, or the name being provided to you by other legitimate security software which is also installed on your system, and is identifying but not removing the infection.
- Answer: Mal/TDSSConf-A and Troj/TdlMbr-C.

- Question: If you boot the computer into Windows Safe Mode with Networking (accomplished by pressing the F8 key as the computer
boots up but before Windows starts to launch, and selecting the Safe Mode with Networking option), do the symptoms remain?
- Answer:

- Question: Did the "wlogs" log file you collected in Step 3 (#4) successfully upload to Webroot’s secure server?
- Answer: No - the file is close to 8Mb. I tried multiple times, but an error appeared advised that the file could not upload. I will attempt to send these via reply e-mail.

- Question: Did you run “wlogs” while logged into the Windows profile
(user account or login) that is experiencing the problem?

NOTE: If you ran wlogs while logged into a Windows profile (user account or login) that is NOT experiencing the symptoms of the malware infection, we will not able to see files or registry keys/hives that are responsible for the malware symptoms and thus, will not be able to help you remove the infection.

- Answer: Yes

I hope this is a detailed description to analyse. I look forward to some responses.

Many thanks,
Matt

[Advertisements]

Yep so lets get to work

First there will be two runs with RogueKiller using its different functions

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 2 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Run Two

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 6 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  C:\Windows\assembly\tmp\U\*.* /s
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[Essexboy]

Yep so lets get to work

First there will be two runs with RogueKiller using its different functions

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 2 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Run Two

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 6 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  C:\Windows\assembly\tmp\U\*.* /s
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[Matt A]

Hi Essexboy,

Thanks for the fast reply.

I ran the two programs as requested. The logs are attached - however, only one log file was generated from OTL. I searched my PC for the extras.txt file, but could not locate one.

Look forward to your response.

Regards,
Matt

OTL logfile created on: 12/11/2011 10:45:50 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Matthew Abrahamson\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.63% Memory free
7.99 Gb Paging File | 6.38 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 849.22 Gb Free Space | 91.18% Space Free | Partition Type: NTFS
Drive E: | 149.01 Gb Total Space | 117.22 Gb Free Space | 78.66% Space Free | Partition Type: FAT32

Computer Name: HOME | User Name: Matthew Abrahamson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/11/11 21:18:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew Abrahamson\Desktop\OTL.exe
PRC - [2011/11/01 11:53:03 | 000,605,272 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/18 16:56:08 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/05/26 08:59:16 | 000,173,056 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/27 09:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/08/24 16:17:12 | 000,327,168 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe
PRC - [2009/08/24 16:14:58 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/07/21 17:25:42 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
PRC - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/06/05 00:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/04/30 11:05:20 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/28 22:50:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/12/09 09:32:06 | 000,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe
PRC - [2008/10/17 19:32:02 | 000,681,256 | ---- | M] (CyberLink Corporation.) -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
PRC - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/27 22:22:31 | 000,766,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\d938c625a49016a9d8f605cd749766c0\System.Data.SqlServerCe.ni.dll
MOD - [2011/10/12 17:44:17 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
MOD - [2011/10/12 17:44:16 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/10/12 17:44:16 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MOD - [2011/10/12 17:43:53 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 17:43:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 17:43:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 17:43:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 17:43:26 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 17:43:21 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/17 11:46:04 | 008,626,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011/06/17 11:46:02 | 002,408,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2011/06/17 11:46:02 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/11/05 09:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/27 11:41:40 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\VistaAdapter.esx
MOD - [2010/01/27 11:39:52 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\ESCom.dll
MOD - [2010/01/27 11:33:26 | 011,503,616 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\ESSkin.esx
MOD - [2010/01/27 11:01:00 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\VistaPrintOnline.esx
MOD - [2010/01/27 10:54:48 | 000,171,520 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\Pcd.esx
MOD - [2010/01/27 10:51:52 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\VistaCDBackup.esx
MOD - [2010/01/27 10:50:28 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\ESEmail.esx
MOD - [2010/01/27 10:39:28 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\VPrintOnline.dll
MOD - [2010/01/27 10:28:22 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\DXRawFormatHandler.esx
MOD - [2010/01/27 10:22:34 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\ESCliWicMDRW.esx
MOD - [2010/01/27 10:19:40 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\VistaControls.esx
MOD - [2010/01/27 10:18:06 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\KPCDInterface.dll
MOD - [2010/01/27 10:17:02 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\VPrintOnlineHelper40.dll
MOD - [2010/01/27 10:10:22 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\KFx.dll
MOD - [2010/01/27 10:05:14 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\keml40.dll
MOD - [2010/01/27 10:01:38 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\AppCore.dll
MOD - [2010/01/27 09:58:38 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\Atlas.dll
MOD - [2010/01/27 09:57:54 | 000,129,536 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\kpries40.dll
MOD - [2010/01/27 09:57:32 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SpiffyExt.dll
MOD - [2010/01/27 09:53:46 | 000,152,576 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\IStorageMediaStore.esx
MOD - [2010/01/27 09:51:52 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\LocCamBack.dll
MOD - [2010/01/27 09:51:04 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\LocAcqMod.dll
MOD - [2010/01/27 09:50:08 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\UpdateChecker.esx
MOD - [2010/01/27 09:43:32 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\DibLibIP.dll
MOD - [2010/01/27 08:21:30 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\LocUpdateCheck.dll
MOD - [2009/09/28 21:21:50 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxCommonV.dll
MOD - [2009/09/28 21:21:18 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxProcV.dll
MOD - [2009/09/28 21:21:02 | 000,847,872 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxXML2V.dll
MOD - [2009/09/28 21:20:44 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxFFV.dll
MOD - [2009/09/28 21:20:34 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxCmpV.dll
MOD - [2009/09/28 21:19:48 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxImV.dll
MOD - [2009/09/28 21:19:32 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxZipV.dll
MOD - [2009/09/28 21:19:28 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxBaseV.dll
MOD - [2009/08/24 16:15:00 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2009/08/24 16:14:38 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2009/07/30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/06/11 05:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/04/30 11:08:26 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/04/30 11:05:08 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2007/04/10 15:01:02 | 008,357,424 | ---- | M] () -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\Res.dll
MOD - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007/02/09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2006/03/07 10:05:24 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\areaifdll.dll
MOD - [2004/09/09 17:13:00 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\pxl_m17n_tool.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/01 11:53:03 | 000,605,272 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:64bit: - [2010/11/20 21:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/10/27 02:51:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/20 20:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/08/24 16:14:58 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/01 11:53:06 | 000,107,336 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/05/18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/05/18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/05/18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 18:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/10/27 04:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/27 02:14:24 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/27 11:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/20 19:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 19:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/07 18:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 18:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/08/22 04:24:02 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/15 13:43:30 | 000,020,592 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 09:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/10/14 11:40:16 | 000,371,696 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF)
DRV:64bit: - [2008/10/14 11:40:16 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011/01/09 10:30:06 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010/03/12 05:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/04/15 23:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/10/27 23:17:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2005/01/07 17:34:54 | 000,486,766 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\CLBUDF.tbl -- (CLBUDF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 26 AF 92 7C 8D CB 01 [binary data]
IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 26 AF 92 7C 8D CB 01 [binary data]
IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/10/28 17:01:51 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [InstantBurn] C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" File not found
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000..\Run: [Epson Stylus Photo TX810FW(Network)] "C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRP.EXE" /FU "C:\Windows\TEMP\E_SBBFE.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE (NewSoft Technology Corporation)
O4 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE (NewSoft Technology Corporation)
O4 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GBTUpd] C:\Program Files (x86)\Gigabyte\GBTUpd\PreRun.exe (PreRun)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004..\RunOnce: [mctadmin] "C:\Windows\System32\mctadmin.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50AD716E-113F-4EA8-8FC9-51D1C0757C30}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/12 10:34:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Matthew Abrahamson\Desktop\OTL.exe
[2011/11/12 10:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/11/12 10:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/11/12 10:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/12 10:26:15 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\Desktop\RK_Quarantine
[2011/11/10 23:29:49 | 000,000,000 | R--D | C] -- C:\Users\Matthew Abrahamson\Documents\Notes
[2011/11/10 23:26:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2011/11/10 23:26:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/11/10 23:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2011/11/10 22:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/11/10 22:17:09 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Malwarebytes
[2011/11/10 22:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/10 22:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/10 22:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/10 22:00:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Sammsoft
[2011/11/10 20:04:10 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\Desktop\Backup
[2011/11/09 23:58:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/09 16:49:42 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matthew Abrahamson\Desktop\TDSSKiller.exe
[2011/11/07 22:53:27 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Sun
[2011/11/06 22:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2011/11/06 17:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/11/06 17:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/11/06 13:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects
[2011/11/06 13:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetObjects
[2011/11/06 12:53:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2011/11/06 12:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2011/11/01 11:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
[2011/11/01 11:53:06 | 000,140,760 | ---- | C] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2011/11/01 11:53:06 | 000,107,336 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2011/11/01 11:53:06 | 000,091,832 | ---- | C] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2011/11/01 11:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/11/01 11:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2011/10/30 20:54:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\20-20 Technologies
[2011/10/29 12:31:39 | 000,000,000 | ---D | C] -- C:\Windows\RegBak
[2011/10/28 17:01:10 | 000,019,576 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\SsiEfr.exe
[2011/10/28 16:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2011/10/28 16:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{5D7316EC-0EDC-4C87-A589-9244C286BC92}
[2011/10/28 16:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/10/28 14:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2011/10/28 14:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2011/10/28 12:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/10/28 12:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/10/28 12:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/10/28 12:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/10/28 11:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/10/28 11:25:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011/10/28 11:24:35 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011/10/28 11:24:35 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011/10/28 11:24:35 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011/10/28 11:24:34 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011/10/28 11:24:34 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011/10/28 11:24:31 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011/10/28 11:24:31 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011/10/28 11:24:31 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011/10/28 11:24:31 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011/10/28 11:24:31 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011/10/28 11:24:31 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011/10/28 11:24:29 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011/10/28 11:24:29 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011/10/28 11:24:27 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011/10/28 11:24:27 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011/10/28 11:24:27 | 000,338,848 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011/10/28 11:24:26 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011/10/28 11:24:25 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011/10/28 11:24:25 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011/10/28 11:24:25 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011/10/28 11:24:25 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011/10/28 11:24:25 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011/10/28 11:24:25 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011/10/28 11:24:25 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011/10/28 11:24:25 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011/10/28 11:24:25 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011/10/28 11:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeviceVM
[2011/10/27 23:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2011/10/27 23:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite
[2011/10/27 23:44:40 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2011/10/27 23:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2011/10/27 23:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axara
[2011/10/27 23:27:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Axara
[2011/10/27 23:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2011/10/27 23:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/10/27 23:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011/10/27 22:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2011/10/27 22:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2011/10/27 21:45:29 | 000,000,000 | ---D | C] -- C:\EPSON EPP 22301
[2011/10/27 21:34:39 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\Documents\EpsonNet Config V3
[2011/10/27 21:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2011/10/27 21:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2011/10/27 17:22:20 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Roaming\GlarySoft
[2011/10/27 17:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011/10/27 17:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2011/10/27 16:01:13 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Local\IsolatedStorage
[2011/10/27 15:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaMusic
[2011/10/27 11:22:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/26 19:50:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/10/26 16:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/10/26 15:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/10/20 22:08:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/17 10:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/17 10:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/17 10:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/17 10:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/17 10:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/17 10:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/15 09:01:24 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Local\{814137EA-F12D-4DF2-B908-74603BF4E6B6}
[2011/10/15 09:01:12 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Local\{180F2329-511F-4013-9965-1CD9FB62285C}
[2011/10/13 16:16:55 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Local\{7B899048-31E7-47E4-9F88-69EE246E15B8}
[2011/10/13 16:16:43 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Local\{0029E5B6-C0A1-4A53-818D-97509574CB04}
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/12 10:39:48 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/12 10:39:48 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/12 10:32:39 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/11/12 10:32:38 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/12 10:32:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/12 10:32:21 | 3218,202,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/12 10:27:04 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/12 10:25:28 | 000,744,960 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\RogueKiller.exe
[2011/11/11 21:18:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew Abrahamson\Desktop\OTL.exe
[2011/11/10 22:16:54 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 22:07:03 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/09 21:11:27 | 000,421,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 16:49:42 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matthew Abrahamson\Desktop\TDSSKiller.exe
[2011/11/06 21:31:07 | 000,688,128 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Database1.accdb
[2011/11/06 20:52:04 | 000,589,824 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\WAACC.accdb
[2011/11/06 13:32:20 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\NetObjects Fusion Essentials.lnk
[2011/11/06 12:53:33 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2011/11/06 12:50:43 | 000,001,291 | ---- | M] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/06 00:59:20 | 000,001,103 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Glary Utilities.lnk
[2011/11/05 23:15:35 | 546,430,879 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/05 16:30:38 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2011/11/05 12:40:51 | 005,129,328 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs_Vista_05-11-2011-12.31PM.zip
[2011/11/05 12:40:39 | 000,000,600 | ---- | M] () -- C:\Users\Matthew Abrahamson\AppData\Local\PUTTY.RND
[2011/11/05 12:28:35 | 002,595,600 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs.exe
[2011/11/04 22:28:08 | 000,746,928 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/04 22:28:08 | 000,644,676 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/04 22:28:08 | 000,117,004 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/04 22:27:49 | 000,002,669 | ---- | M] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Music Player.lnk
[2011/11/04 22:27:49 | 000,002,657 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Music Player.lnk
[2011/11/04 22:23:38 | 000,738,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/04 20:26:19 | 001,945,600 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Issues Web Database.accdb
[2011/11/02 19:59:53 | 004,930,394 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs_Vista_02-11-2011-07.50PM.zip
[2011/11/01 12:23:44 | 000,000,802 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Webroot Secure Anywhere.lnk
[2011/11/01 11:53:06 | 000,140,760 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2011/11/01 11:53:06 | 000,107,336 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2011/11/01 11:53:06 | 000,091,832 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2011/11/01 11:07:37 | 000,000,060 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\RegOpt.ini
[2011/10/31 19:23:55 | 000,377,066 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Circular.pdf
[2011/10/29 12:30:20 | 000,313,708 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\regbak.zip
[2011/10/28 14:18:26 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2011/10/28 14:14:29 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk
[2011/10/28 14:06:21 | 000,002,356 | ---- | M] () -- C:\Users\Public\Desktop\Epson Stylus Photo TX810FW Manual.lnk
[2011/10/28 14:05:47 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/10/28 13:41:50 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/10/28 13:41:50 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/10/28 13:34:32 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/10/28 13:34:07 | 000,002,515 | ---- | M] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/28 13:34:07 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/28 12:51:17 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/28 12:34:32 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/28 12:22:36 | 000,001,168 | ---- | M] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/10/28 11:40:32 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\ET6.lnk
[2011/10/28 11:31:52 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2011/10/27 23:58:47 | 000,002,226 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Level Editor.lnk
[2011/10/27 23:58:47 | 000,002,212 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Mario Forever.lnk
[2011/10/27 23:58:47 | 000,002,176 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Softendo Games World.lnk
[2011/10/27 23:52:49 | 000,002,165 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2011/10/27 23:52:49 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Kodak EasyShare.lnk
[2011/10/27 23:44:51 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2011/10/27 23:27:15 | 000,001,222 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Axara Video Converter.lnk
[2011/10/27 23:19:56 | 000,001,092 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Sweet Home 3D.lnk
[2011/10/27 23:18:08 | 000,001,149 | ---- | M] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Ogg Converter.lnk
[2011/10/27 23:17:18 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\AMR Player.lnk
[2011/10/27 23:09:30 | 000,001,874 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/10/27 23:09:30 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/10/27 22:23:02 | 000,002,507 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0.lnk
[2011/10/27 22:21:59 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 5.0.lnk
[2011/10/27 22:17:11 | 000,001,111 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\EVGA Precision.lnk
[2011/10/27 21:51:30 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Acer eDisplay Management.lnk
[2011/10/27 21:42:11 | 000,000,179 | ---- | M] () -- C:\Users\Public\Desktop\PIXELA Product Registration.url
[2011/10/27 21:42:11 | 000,000,176 | ---- | M] () -- C:\Users\Public\Desktop\Everio Media Browser Homepage.url
[2011/10/27 21:41:55 | 000,001,244 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk
[2011/10/27 21:41:55 | 000,001,211 | ---- | M] () -- C:\Users\Public\Desktop\Everio Media Browser HD Edition.lnk
[2011/10/27 21:41:55 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\Everio Media Browser Player.lnk
[2011/10/27 21:16:45 | 000,002,240 | ---- | M] () -- C:\Users\Public\Desktop\Presto! Page Manager.lnk
[2011/10/27 21:16:21 | 000,000,264 | ---- | M] () -- C:\Windows\setup.iss
[2011/10/27 13:28:31 | 008,210,991 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs_Vista_27-10-2011-01.10PM.zip
[2011/10/27 11:47:51 | 000,000,712 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/26 13:11:49 | 000,000,718 | ---- | M] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/19 11:22:52 | 000,030,424 | ---- | M] () -- C:\Windows\SysWow64\wrLZMA.dll
[2011/10/19 11:22:34 | 000,019,576 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\SsiEfr.exe
[2011/10/16 18:28:48 | 000,077,049 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Timesheet 3.PDF
[2011/10/16 18:28:14 | 000,077,064 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Timesheet 2.PDF
[2011/10/16 18:25:53 | 001,297,167 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Specimen.pdf
[2011/10/16 18:25:41 | 000,077,061 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Timesheet 1.PDF
[2011/10/16 15:18:09 | 000,020,214 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\test.xps
[2011/10/15 09:08:05 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/12 10:25:30 | 000,744,960 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\RogueKiller.exe
[2011/11/10 22:16:54 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 22:07:03 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/07 23:07:51 | 000,014,646 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu
[2011/11/06 20:51:02 | 000,688,128 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Database1.accdb
[2011/11/06 13:32:20 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\NetObjects Fusion Essentials.lnk
[2011/11/06 12:53:33 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2011/11/05 20:05:29 | 000,589,824 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\WAACC.accdb
[2011/11/05 12:39:28 | 005,129,328 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs_Vista_05-11-2011-12.31PM.zip
[2011/11/05 12:29:55 | 002,595,600 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs.exe
[2011/11/04 22:27:49 | 000,002,669 | ---- | C] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Music Player.lnk
[2011/11/04 22:27:49 | 000,002,657 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Music Player.lnk
[2011/11/04 20:20:57 | 001,945,600 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Issues Web Database.accdb
[2011/11/02 19:58:38 | 004,930,394 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs_Vista_02-11-2011-07.50PM.zip
[2011/11/01 12:23:44 | 000,000,802 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\Webroot Secure Anywhere.lnk
[2011/10/31 19:23:55 | 000,377,066 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Circular.pdf
[2011/10/29 19:29:03 | 000,000,060 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\RegOpt.ini
[2011/10/29 12:30:17 | 000,313,708 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\regbak.zip
[2011/10/28 14:18:54 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2011/10/28 14:18:26 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2011/10/28 14:14:29 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk
[2011/10/28 14:06:21 | 000,002,356 | ---- | C] () -- C:\Users\Public\Desktop\Epson Stylus Photo TX810FW Manual.lnk
[2011/10/28 13:55:58 | 546,430,879 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/28 13:40:55 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/10/28 13:40:55 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/10/28 13:34:47 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/28 13:34:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/10/28 13:34:32 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/10/28 13:34:07 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/10/28 13:34:07 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/28 12:51:17 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/28 12:34:32 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/28 11:40:32 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\ET6.lnk
[2011/10/27 23:52:49 | 000,002,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2011/10/27 23:52:49 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\Kodak EasyShare.lnk
[2011/10/27 23:44:51 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2011/10/27 23:27:15 | 000,001,222 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\Axara Video Converter.lnk
[2011/10/27 23:17:18 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\AMR Player.lnk
[2011/10/27 23:10:51 | 000,486,766 | ---- | C] () -- C:\Windows\CLBUDF.tbl
[2011/10/27 23:09:30 | 000,001,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/10/27 23:09:30 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/10/27 22:23:02 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0.lnk
[2011/10/27 22:21:59 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 5.0.lnk
[2011/10/27 21:51:30 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Acer eDisplay Management.lnk
[2011/10/27 21:42:11 | 000,000,179 | ---- | C] () -- C:\Users\Public\Desktop\PIXELA Product Registration.url
[2011/10/27 21:42:11 | 000,000,176 | ---- | C] () -- C:\Users\Public\Desktop\Everio Media Browser Homepage.url
[2011/10/27 21:41:55 | 000,001,244 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk
[2011/10/27 21:41:55 | 000,001,211 | ---- | C] () -- C:\Users\Public\Desktop\Everio Media Browser HD Edition.lnk
[2011/10/27 21:41:55 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\Everio Media Browser Player.lnk
[2011/10/27 21:28:57 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/10/27 21:16:45 | 000,002,240 | ---- | C] () -- C:\Users\Public\Desktop\Presto! Page Manager.lnk
[2011/10/27 17:16:16 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/10/27 17:16:12 | 000,001,103 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\Glary Utilities.lnk
[2011/10/27 15:59:06 | 000,746,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/27 13:28:18 | 000,000,600 | ---- | C] () -- C:\Users\Matthew Abrahamson\AppData\Local\PUTTY.RND
[2011/10/27 13:26:37 | 008,210,991 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs_Vista_27-10-2011-01.10PM.zip
[2011/10/27 11:47:40 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/26 13:11:49 | 000,000,718 | ---- | C] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/16 18:28:48 | 000,077,049 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Timesheet 3.PDF
[2011/10/16 18:28:13 | 000,077,064 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Timesheet 2.PDF
[2011/10/16 18:25:51 | 001,297,167 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Specimen.pdf
[2011/10/16 18:25:40 | 000,077,061 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Timesheet 1.PDF
[2011/10/16 15:18:08 | 000,020,214 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\test.xps
[2010/12/09 11:40:57 | 000,010,752 | ---- | C] () -- C:\Users\Matthew Abrahamson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/03 20:01:34 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010/11/27 09:22:40 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/27 09:22:40 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/11/26 23:51:32 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/11/26 23:21:17 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/11/26 23:21:17 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/11/26 23:21:17 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/11/26 23:21:17 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/11/26 23:21:17 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/11/26 23:21:17 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/11/26 23:21:17 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/11/26 23:21:17 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/11/26 23:21:17 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/11/26 23:21:17 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/11/26 23:21:17 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/11/26 23:21:17 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/11/26 23:21:17 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/11/26 23:21:17 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/11/26 23:21:17 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/11/26 23:21:17 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/11/26 23:21:17 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/11/26 23:21:17 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/11/26 23:21:17 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/11/26 21:35:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/26 21:30:29 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/11/26 21:27:39 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2010/09/17 18:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/08/27 15:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2004/05/19 11:33:44 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe

========== LOP Check ==========

[2010/11/27 01:04:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DisplayTune
[2010/11/27 01:04:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Epson
[2010/12/04 09:23:46 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Skinux
[2011/11/12 10:33:16 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\.oit
[2010/11/27 09:23:13 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Axara
[2010/11/26 21:29:40 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\DisplayTune
[2011/11/10 20:49:31 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Epson
[2010/12/18 11:17:12 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2011/11/10 21:09:23 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\GetRightToGo
[2011/11/10 20:49:32 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\GlarySoft
[2011/11/10 21:05:56 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\ICAClient
[2010/12/18 09:56:01 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\iMesh
[2010/12/09 13:32:02 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Imesh MP3 Downloader
[2011/01/25 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\NewSoft
[2011/10/27 16:00:39 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Nokia
[2010/12/01 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\PC Suite
[2011/11/10 23:31:43 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Sammsoft
[2010/11/27 09:11:21 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Skinux
[2011/11/12 09:39:59 | 000,000,000 | ---D | M] -- C:\Users\Michelle MacPherson\AppData\Roaming\.oit
[2010/11/27 01:03:16 | 000,000,000 | ---D | M] -- C:\Users\Michelle MacPherson\AppData\Roaming\DisplayTune
[2011/11/10 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\Michelle MacPherson\AppData\Roaming\Epson
[2011/11/10 21:06:30 | 000,000,000 | ---D | M] -- C:\Users\Michelle MacPherson\AppData\Roaming\ICAClient
[2010/11/30 20:53:11 | 000,000,000 | ---D | M] -- C:\Users\Michelle MacPherson\AppData\Roaming\NewSoft
[2010/12/05 14:34:03 | 000,000,000 | ---D | M] -- C:\Users\Michelle MacPherson\AppData\Roaming\PC Suite
[2010/11/28 20:05:35 | 000,000,000 | ---D | M] -- C:\Users\Michelle MacPherson\AppData\Roaming\Skinux
[2011/10/15 09:08:05 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2011/11/05 16:30:38 | 000,000,278 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2011/11/12 10:32:39 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/10/27 21:58:15 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 14:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 13:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 14:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 14:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 14:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 13:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 21:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 14:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 09:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 14:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 14:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 14:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 09:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 21:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 21:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 21:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 21:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 09:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 15:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 14:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Attached Files

•  OTL.Txt   174.19KB   93 downloads
•  RKreport1.txt   601bytes   98 downloads
•  RKreport2.txt   1.1KB   106 downloads

[Essexboy]

On completion of this I would like to check the MBR - also could you let me know the current state of play with regards to files and folders

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
  O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
  O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
  O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
  O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
  O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
  O7 - HKU\S-1-5-21-60792880-3868017976-3651886852-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[Matt A]

Thanks for that.

All done as requested. Logs are provided herewith.

In relation to the situation with files and folders - I managed to change settings for all files to unhide them. This helped recover most things, but in the Start Menu, a number of folders have not been restored to what they used to be - i.e. shortcuts are missings. I do not know if the programs themselves are there or not - I don't even know what isn't there I just know things are missing!

I hope this provides an idea of what is going on.

Regards,
Matt

OTL logfile created on: 12/11/2011 10:15:14 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Matthew Abrahamson\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 59.92% Memory free
7.99 Gb Paging File | 6.28 Gb Available in Paging File | 78.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 850.08 Gb Free Space | 91.27% Space Free | Partition Type: NTFS
Drive E: | 149.01 Gb Total Space | 119.03 Gb Free Space | 79.88% Space Free | Partition Type: FAT32

Computer Name: HOME | User Name: Matthew Abrahamson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/11/11 21:18:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew Abrahamson\Desktop\OTL.exe
PRC - [2011/11/01 11:53:03 | 000,605,272 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/18 16:56:08 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/05/26 08:59:16 | 000,173,056 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/27 09:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/08/24 16:17:12 | 000,327,168 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe
PRC - [2009/08/24 16:14:58 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/07/21 17:25:42 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
PRC - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/06/05 00:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/04/30 11:05:20 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/28 22:50:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/04/15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/12/09 09:32:06 | 000,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe
PRC - [2008/10/17 19:32:02 | 000,681,256 | ---- | M] (CyberLink Corporation.) -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
PRC - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/27 22:22:31 | 000,766,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\d938c625a49016a9d8f605cd749766c0\System.Data.SqlServerCe.ni.dll
MOD - [2011/10/12 17:44:17 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
MOD - [2011/10/12 17:44:16 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/10/12 17:44:16 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MOD - [2011/10/12 17:43:53 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 17:43:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 17:43:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 17:43:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 17:43:26 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 17:43:21 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/17 11:46:04 | 008,626,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011/06/17 11:46:02 | 002,408,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2011/06/17 11:46:02 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/05 09:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/27 11:41:40 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\VistaAdapter.esx
MOD - [2010/01/27 11:39:52 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\ESCom.dll
MOD - [2010/01/27 11:33:26 | 011,503,616 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\ESSkin.esx
MOD - [2010/01/27 11:01:00 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\VistaPrintOnline.esx
MOD - [2010/01/27 10:54:48 | 000,171,520 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\Pcd.esx
MOD - [2010/01/27 10:51:52 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\VistaCDBackup.esx
MOD - [2010/01/27 10:50:28 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\ESEmail.esx
MOD - [2010/01/27 10:39:28 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\VPrintOnline.dll
MOD - [2010/01/27 10:28:22 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\DXRawFormatHandler.esx
MOD - [2010/01/27 10:22:34 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\ESCliWicMDRW.esx
MOD - [2010/01/27 10:19:40 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\VistaControls.esx
MOD - [2010/01/27 10:18:06 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\KPCDInterface.dll
MOD - [2010/01/27 10:17:02 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\VPrintOnlineHelper40.dll
MOD - [2010/01/27 10:10:22 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\KFx.dll
MOD - [2010/01/27 10:05:14 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\keml40.dll
MOD - [2010/01/27 10:01:38 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\AppCore.dll
MOD - [2010/01/27 09:58:38 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\Atlas.dll
MOD - [2010/01/27 09:57:54 | 000,129,536 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\kpries40.dll
MOD - [2010/01/27 09:57:32 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SpiffyExt.dll
MOD - [2010/01/27 09:53:46 | 000,152,576 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\IStorageMediaStore.esx
MOD - [2010/01/27 09:51:52 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\LocCamBack.dll
MOD - [2010/01/27 09:51:04 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\LocAcqMod.dll
MOD - [2010/01/27 09:50:08 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\UpdateChecker.esx
MOD - [2010/01/27 09:43:32 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\DibLibIP.dll
MOD - [2010/01/27 08:21:30 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\LocUpdateCheck.dll
MOD - [2009/09/28 21:21:50 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxCommonV.dll
MOD - [2009/09/28 21:21:18 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxProcV.dll
MOD - [2009/09/28 21:21:02 | 000,847,872 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxXML2V.dll
MOD - [2009/09/28 21:20:44 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxFFV.dll
MOD - [2009/09/28 21:20:34 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxCmpV.dll
MOD - [2009/09/28 21:19:48 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxImV.dll
MOD - [2009/09/28 21:19:32 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxZipV.dll
MOD - [2009/09/28 21:19:28 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\SkinuxBaseV.dll
MOD - [2009/08/24 16:15:00 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2009/08/24 16:14:38 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2009/07/30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/07/14 09:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/11 05:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/04/30 11:08:26 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/04/30 11:05:08 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2007/04/10 15:01:02 | 008,357,424 | ---- | M] () -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\Res.dll
MOD - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007/02/09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2006/03/07 10:05:24 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare Software\bin\areaifdll.dll
MOD - [2004/09/09 17:13:00 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\pxl_m17n_tool.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/01 11:53:03 | 000,605,272 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:64bit: - [2010/11/20 21:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/10/27 02:51:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/20 20:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/08/24 16:14:58 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/01 11:53:06 | 000,107,336 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/05/18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/05/18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/05/18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 18:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/10/27 04:00:16 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/27 02:14:24 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/27 11:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/20 19:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 19:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/07 18:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 18:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/08/22 04:24:02 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/15 13:43:30 | 000,020,592 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 09:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/10/14 11:40:16 | 000,371,696 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF)
DRV:64bit: - [2008/10/14 11:40:16 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011/01/09 10:30:06 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010/03/12 05:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/04/15 23:28:08 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/10/27 23:17:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2005/01/07 17:34:54 | 000,486,766 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\CLBUDF.tbl -- (CLBUDF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 26 AF 92 7C 8D CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/11/12 22:09:09 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [InstantBurn] C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" File not found
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKCU..\Run: [Epson Stylus Photo TX810FW(Network)] "C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRP.EXE" /FU "C:\Windows\TEMP\E_SBBFE.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE (NewSoft Technology Corporation)
O4 - HKLM..\RunOnce: [GBTUpd] C:\Program Files (x86)\Gigabyte\GBTUpd\PreRun.exe (PreRun)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50AD716E-113F-4EA8-8FC9-51D1C0757C30}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/12 22:09:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/12 10:34:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Matthew Abrahamson\Desktop\OTL.exe
[2011/11/12 10:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/11/12 10:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/11/12 10:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/11/12 10:26:15 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\Desktop\RK_Quarantine
[2011/11/10 23:29:49 | 000,000,000 | R--D | C] -- C:\Users\Matthew Abrahamson\Documents\Notes
[2011/11/10 23:26:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2011/11/10 23:26:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/11/10 23:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2011/11/10 22:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/11/10 22:17:09 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Malwarebytes
[2011/11/10 22:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/10 22:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/10 22:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/10 22:00:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Sammsoft
[2011/11/10 20:04:10 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\Desktop\Backup
[2011/11/09 23:58:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/09 16:49:42 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matthew Abrahamson\Desktop\TDSSKiller.exe
[2011/11/07 22:53:27 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Sun
[2011/11/06 22:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2011/11/06 17:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/11/06 17:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/11/06 13:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects
[2011/11/06 13:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetObjects
[2011/11/06 12:53:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2011/11/06 12:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2011/11/01 11:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
[2011/11/01 11:53:06 | 000,140,760 | ---- | C] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2011/11/01 11:53:06 | 000,107,336 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2011/11/01 11:53:06 | 000,091,832 | ---- | C] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2011/11/01 11:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/11/01 11:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2011/10/30 20:54:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\20-20 Technologies
[2011/10/29 12:31:39 | 000,000,000 | ---D | C] -- C:\Windows\RegBak
[2011/10/28 17:01:10 | 000,019,576 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\SsiEfr.exe
[2011/10/28 16:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2011/10/28 16:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{5D7316EC-0EDC-4C87-A589-9244C286BC92}
[2011/10/28 16:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/10/28 14:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2011/10/28 14:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2011/10/28 12:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/10/28 12:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/10/28 12:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/10/28 12:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/10/28 11:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/10/28 11:25:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011/10/28 11:24:35 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011/10/28 11:24:35 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011/10/28 11:24:35 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011/10/28 11:24:34 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011/10/28 11:24:34 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011/10/28 11:24:31 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011/10/28 11:24:31 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011/10/28 11:24:31 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011/10/28 11:24:31 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011/10/28 11:24:31 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011/10/28 11:24:31 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011/10/28 11:24:29 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011/10/28 11:24:29 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011/10/28 11:24:27 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011/10/28 11:24:27 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011/10/28 11:24:27 | 000,338,848 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011/10/28 11:24:26 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011/10/28 11:24:25 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011/10/28 11:24:25 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011/10/28 11:24:25 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011/10/28 11:24:25 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011/10/28 11:24:25 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011/10/28 11:24:25 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011/10/28 11:24:25 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011/10/28 11:24:25 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011/10/28 11:24:25 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011/10/28 11:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeviceVM
[2011/10/27 23:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2011/10/27 23:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite
[2011/10/27 23:44:40 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2011/10/27 23:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2011/10/27 23:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axara
[2011/10/27 23:27:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Axara
[2011/10/27 23:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2011/10/27 23:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/10/27 23:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011/10/27 22:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2011/10/27 22:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2011/10/27 21:45:29 | 000,000,000 | ---D | C] -- C:\EPSON EPP 22301
[2011/10/27 21:34:39 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\Documents\EpsonNet Config V3
[2011/10/27 21:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2011/10/27 21:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2011/10/27 17:22:20 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Roaming\GlarySoft
[2011/10/27 17:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011/10/27 17:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2011/10/27 16:01:13 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Local\IsolatedStorage
[2011/10/27 15:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaMusic
[2011/10/27 11:22:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/26 19:50:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/10/26 16:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/10/26 15:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/10/20 22:08:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/17 10:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/17 10:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/17 10:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/17 10:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/17 10:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/17 10:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/15 09:01:24 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Local\{814137EA-F12D-4DF2-B908-74603BF4E6B6}
[2011/10/15 09:01:12 | 000,000,000 | ---D | C] -- C:\Users\Matthew Abrahamson\AppData\Local\{180F2329-511F-4013-9965-1CD9FB62285C}
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/12 22:18:07 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/12 22:18:07 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/12 22:11:07 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/11/12 22:11:06 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/12 22:10:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/12 22:10:44 | 3218,202,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/12 22:09:09 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/11/12 21:27:04 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/12 14:18:02 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2011/11/12 10:25:28 | 000,744,960 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\RogueKiller.exe
[2011/11/11 21:18:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew Abrahamson\Desktop\OTL.exe
[2011/11/10 22:16:54 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 22:07:03 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/09 21:11:27 | 000,421,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 16:49:42 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matthew Abrahamson\Desktop\TDSSKiller.exe
[2011/11/06 21:31:07 | 000,688,128 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Database1.accdb
[2011/11/06 20:52:04 | 000,589,824 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\WAACC.accdb
[2011/11/06 13:32:20 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\NetObjects Fusion Essentials.lnk
[2011/11/06 12:53:33 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2011/11/06 12:50:43 | 000,001,291 | ---- | M] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/06 00:59:20 | 000,001,103 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Glary Utilities.lnk
[2011/11/05 23:15:35 | 546,430,879 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/05 12:40:51 | 005,129,328 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs_Vista_05-11-2011-12.31PM.zip
[2011/11/05 12:40:39 | 000,000,600 | ---- | M] () -- C:\Users\Matthew Abrahamson\AppData\Local\PUTTY.RND
[2011/11/05 12:28:35 | 002,595,600 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs.exe
[2011/11/04 22:28:08 | 000,746,928 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/04 22:28:08 | 000,644,676 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/04 22:28:08 | 000,117,004 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/04 22:27:49 | 000,002,669 | ---- | M] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Music Player.lnk
[2011/11/04 22:27:49 | 000,002,657 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Music Player.lnk
[2011/11/04 22:23:38 | 000,738,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/04 20:26:19 | 001,945,600 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Issues Web Database.accdb
[2011/11/02 19:59:53 | 004,930,394 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs_Vista_02-11-2011-07.50PM.zip
[2011/11/01 12:23:44 | 000,000,802 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Webroot Secure Anywhere.lnk
[2011/11/01 11:53:06 | 000,140,760 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2011/11/01 11:53:06 | 000,107,336 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2011/11/01 11:53:06 | 000,091,832 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2011/11/01 11:07:37 | 000,000,060 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\RegOpt.ini
[2011/10/31 19:23:55 | 000,377,066 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Circular.pdf
[2011/10/29 12:30:20 | 000,313,708 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\regbak.zip
[2011/10/28 14:18:26 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2011/10/28 14:14:29 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk
[2011/10/28 14:06:21 | 000,002,356 | ---- | M] () -- C:\Users\Public\Desktop\Epson Stylus Photo TX810FW Manual.lnk
[2011/10/28 14:05:47 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/10/28 13:41:50 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/10/28 13:41:50 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/10/28 13:34:32 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/10/28 13:34:07 | 000,002,515 | ---- | M] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/28 13:34:07 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/28 12:51:17 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/28 12:34:32 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/28 12:22:36 | 000,001,168 | ---- | M] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/10/28 11:40:32 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\ET6.lnk
[2011/10/28 11:31:52 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2011/10/27 23:58:47 | 000,002,226 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Level Editor.lnk
[2011/10/27 23:58:47 | 000,002,212 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Mario Forever.lnk
[2011/10/27 23:58:47 | 000,002,176 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Softendo Games World.lnk
[2011/10/27 23:52:49 | 000,002,165 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2011/10/27 23:52:49 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Kodak EasyShare.lnk
[2011/10/27 23:44:51 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2011/10/27 23:27:15 | 000,001,222 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Axara Video Converter.lnk
[2011/10/27 23:19:56 | 000,001,092 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\Sweet Home 3D.lnk
[2011/10/27 23:18:08 | 000,001,149 | ---- | M] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Ogg Converter.lnk
[2011/10/27 23:17:18 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\AMR Player.lnk
[2011/10/27 23:09:30 | 000,001,874 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/10/27 23:09:30 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/10/27 22:23:02 | 000,002,507 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0.lnk
[2011/10/27 22:21:59 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 5.0.lnk
[2011/10/27 22:17:11 | 000,001,111 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\EVGA Precision.lnk
[2011/10/27 21:51:30 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Acer eDisplay Management.lnk
[2011/10/27 21:42:11 | 000,000,179 | ---- | M] () -- C:\Users\Public\Desktop\PIXELA Product Registration.url
[2011/10/27 21:42:11 | 000,000,176 | ---- | M] () -- C:\Users\Public\Desktop\Everio Media Browser Homepage.url
[2011/10/27 21:41:55 | 000,001,244 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk
[2011/10/27 21:41:55 | 000,001,211 | ---- | M] () -- C:\Users\Public\Desktop\Everio Media Browser HD Edition.lnk
[2011/10/27 21:41:55 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\Everio Media Browser Player.lnk
[2011/10/27 21:16:45 | 000,002,240 | ---- | M] () -- C:\Users\Public\Desktop\Presto! Page Manager.lnk
[2011/10/27 21:16:21 | 000,000,264 | ---- | M] () -- C:\Windows\setup.iss
[2011/10/27 13:28:31 | 008,210,991 | ---- | M] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs_Vista_27-10-2011-01.10PM.zip
[2011/10/27 11:47:51 | 000,000,712 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/26 13:11:49 | 000,000,718 | ---- | M] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/19 11:22:52 | 000,030,424 | ---- | M] () -- C:\Windows\SysWow64\wrLZMA.dll
[2011/10/19 11:22:34 | 000,019,576 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\SsiEfr.exe
[2011/10/16 18:28:48 | 000,077,049 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Timesheet 3.PDF
[2011/10/16 18:28:14 | 000,077,064 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Timesheet 2.PDF
[2011/10/16 18:25:53 | 001,297,167 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Specimen.pdf
[2011/10/16 18:25:41 | 000,077,061 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\Timesheet 1.PDF
[2011/10/16 15:18:09 | 000,020,214 | ---- | M] () -- C:\Users\Matthew Abrahamson\Documents\test.xps
[2011/10/15 09:08:05 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/12 10:25:30 | 000,744,960 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\RogueKiller.exe
[2011/11/10 22:16:54 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 22:07:03 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/07 23:07:51 | 000,014,646 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu
[2011/11/06 20:51:02 | 000,688,128 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Database1.accdb
[2011/11/06 13:32:20 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\NetObjects Fusion Essentials.lnk
[2011/11/06 12:53:33 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2011/11/05 20:05:29 | 000,589,824 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\WAACC.accdb
[2011/11/05 12:39:28 | 005,129,328 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs_Vista_05-11-2011-12.31PM.zip
[2011/11/05 12:29:55 | 002,595,600 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs.exe
[2011/11/04 22:27:49 | 000,002,669 | ---- | C] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Music Player.lnk
[2011/11/04 22:27:49 | 000,002,657 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Music Player.lnk
[2011/11/04 20:20:57 | 001,945,600 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Issues Web Database.accdb
[2011/11/02 19:58:38 | 004,930,394 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs_Vista_02-11-2011-07.50PM.zip
[2011/11/01 12:23:44 | 000,000,802 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\Webroot Secure Anywhere.lnk
[2011/10/31 19:23:55 | 000,377,066 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Circular.pdf
[2011/10/29 19:29:03 | 000,000,060 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\RegOpt.ini
[2011/10/29 12:30:17 | 000,313,708 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\regbak.zip
[2011/10/28 14:18:54 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2011/10/28 14:18:26 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2011/10/28 14:14:29 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk
[2011/10/28 14:06:21 | 000,002,356 | ---- | C] () -- C:\Users\Public\Desktop\Epson Stylus Photo TX810FW Manual.lnk
[2011/10/28 13:55:58 | 546,430,879 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/28 13:40:55 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/10/28 13:40:55 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/10/28 13:34:47 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/28 13:34:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/10/28 13:34:32 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/10/28 13:34:07 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/10/28 13:34:07 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/28 12:51:17 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/28 12:34:32 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/28 11:40:32 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\ET6.lnk
[2011/10/27 23:52:49 | 000,002,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2011/10/27 23:52:49 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\Kodak EasyShare.lnk
[2011/10/27 23:44:51 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2011/10/27 23:27:15 | 000,001,222 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\Axara Video Converter.lnk
[2011/10/27 23:17:18 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\AMR Player.lnk
[2011/10/27 23:10:51 | 000,486,766 | ---- | C] () -- C:\Windows\CLBUDF.tbl
[2011/10/27 23:09:30 | 000,001,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/10/27 23:09:30 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/10/27 22:23:02 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0.lnk
[2011/10/27 22:21:59 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 5.0.lnk
[2011/10/27 21:51:30 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Acer eDisplay Management.lnk
[2011/10/27 21:42:11 | 000,000,179 | ---- | C] () -- C:\Users\Public\Desktop\PIXELA Product Registration.url
[2011/10/27 21:42:11 | 000,000,176 | ---- | C] () -- C:\Users\Public\Desktop\Everio Media Browser Homepage.url
[2011/10/27 21:41:55 | 000,001,244 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk
[2011/10/27 21:41:55 | 000,001,211 | ---- | C] () -- C:\Users\Public\Desktop\Everio Media Browser HD Edition.lnk
[2011/10/27 21:41:55 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\Everio Media Browser Player.lnk
[2011/10/27 21:28:57 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/10/27 21:16:45 | 000,002,240 | ---- | C] () -- C:\Users\Public\Desktop\Presto! Page Manager.lnk
[2011/10/27 17:16:16 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/10/27 17:16:12 | 000,001,103 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\Glary Utilities.lnk
[2011/10/27 15:59:06 | 000,746,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/27 13:28:18 | 000,000,600 | ---- | C] () -- C:\Users\Matthew Abrahamson\AppData\Local\PUTTY.RND
[2011/10/27 13:26:37 | 008,210,991 | ---- | C] () -- C:\Users\Matthew Abrahamson\Desktop\wlogs_Vista_27-10-2011-01.10PM.zip
[2011/10/27 11:47:40 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/10/26 13:11:49 | 000,000,718 | ---- | C] () -- C:\Users\Matthew Abrahamson\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/16 18:28:48 | 000,077,049 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Timesheet 3.PDF
[2011/10/16 18:28:13 | 000,077,064 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Timesheet 2.PDF
[2011/10/16 18:25:51 | 001,297,167 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Specimen.pdf
[2011/10/16 18:25:40 | 000,077,061 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\Timesheet 1.PDF
[2011/10/16 15:18:08 | 000,020,214 | ---- | C] () -- C:\Users\Matthew Abrahamson\Documents\test.xps
[2010/12/09 11:40:57 | 000,010,752 | ---- | C] () -- C:\Users\Matthew Abrahamson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/03 20:01:34 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010/11/27 09:22:40 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/27 09:22:40 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/11/26 23:51:32 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/11/26 23:21:17 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/11/26 23:21:17 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/11/26 23:21:17 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/11/26 23:21:17 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/11/26 23:21:17 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/11/26 23:21:17 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/11/26 23:21:17 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/11/26 23:21:17 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/11/26 23:21:17 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/11/26 23:21:17 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/11/26 23:21:17 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/11/26 23:21:17 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/11/26 23:21:17 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/11/26 23:21:17 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/11/26 23:21:17 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/11/26 23:21:17 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/11/26 23:21:17 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/11/26 23:21:17 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/11/26 23:21:17 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/11/26 21:35:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/26 21:30:29 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/11/26 21:27:39 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2010/09/17 18:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/08/27 15:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2004/05/19 11:33:44 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe

========== LOP Check ==========

[2011/11/12 22:11:43 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\.oit
[2010/11/27 09:23:13 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Axara
[2010/11/26 21:29:40 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\DisplayTune
[2011/11/10 20:49:31 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Epson
[2010/12/18 11:17:12 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2011/11/10 21:09:23 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\GetRightToGo
[2011/11/10 20:49:32 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\GlarySoft
[2011/11/10 21:05:56 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\ICAClient
[2010/12/18 09:56:01 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\iMesh
[2010/12/09 13:32:02 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Imesh MP3 Downloader
[2011/01/25 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\NewSoft
[2011/10/27 16:00:39 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Nokia
[2010/12/01 19:17:22 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\PC Suite
[2011/11/10 23:31:43 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Sammsoft
[2010/11/27 09:11:21 | 000,000,000 | ---D | M] -- C:\Users\Matthew Abrahamson\AppData\Roaming\Skinux
[2011/10/15 09:08:05 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2011/11/12 14:18:02 | 000,000,278 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2011/11/12 22:11:07 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011/10/27 21:58:15 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Attached Files

•  OTL.Txt   138.88KB   82 downloads
•  aswMBR.txt   2.05KB   84 downloads

Edited by Essexboy, 12 November 2011 - 11:17 AM.

[Essexboy]

You have a TDL4 rootkit - I would like to find out which variant it is though, then we will revisit the files/folders

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
• Click the Start Scan button.
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[Matt A]

Thanks for that.

I had previously downloaded the TDSSKiller program. When I follow your instructions, it does not detect any items.

I have though, included all logs from running the TDSSKiller, incase something was picked up in previous runs. I have to attach these over two posts, so please bear with me on that.

I hope this hopes.

Thanks.

Attached Files

•  TDSSKiller.2.6.15.0_05.11.2011_23.30.15_log.txt   76.27KB   91 downloads
•  TDSSKiller.2.6.15.0_06.11.2011_00.52.33_log.txt   76.27KB   102 downloads
•  TDSSKiller.2.6.15.0_06.11.2011_12.45.16_log.txt   76.27KB   109 downloads
•  TDSSKiller.2.6.15.0_06.11.2011_16.48.04_log.txt   76.27KB   94 downloads
•  TDSSKiller.2.6.15.0_06.11.2011_18.50.16_log.txt   76.27KB   105 downloads
•  TDSSKiller.2.6.15.0_06.11.2011_20.24.52_log.txt   76.27KB   105 downloads
•  TDSSKiller.2.6.15.0_07.11.2011_22.24.37_log.txt   348bytes   102 downloads
•  TDSSKiller.2.6.15.0_07.11.2011_22.26.06_log.txt   1.87KB   98 downloads
•  TDSSKiller.2.6.16.0_07.11.2011_22.25.06_log.txt   76.27KB   92 downloads
•  TDSSKiller.2.6.16.0_07.11.2011_22.26.38_log.txt   76.27KB   103 downloads
•  TDSSKiller.2.6.16.0_07.11.2011_23.34.09_log.txt   76.27KB   105 downloads
•  TDSSKiller.2.6.16.0_08.11.2011_20.42.02_log.txt   76.27KB   106 downloads
•  TDSSKiller.2.6.16.0_09.11.2011_00.14.34_log.txt   76.27KB   90 downloads
•  TDSSKiller.2.6.16.0_09.11.2011_21.15.43_log.txt   76.27KB   101 downloads

Edited by Matt A, 12 November 2011 - 07:56 PM.

[Matt A]

Here are the second lot of logs...

Attached Files

•  TDSSKiller.2.6.16.0_10.11.2011_21.20.50_log.txt   348bytes   101 downloads
•  TDSSKiller.2.6.17.0_10.11.2011_21.21.44_log.txt   76.27KB   116 downloads
•  TDSSKiller.2.6.17.0_10.11.2011_23.45.06_log.txt   76.55KB   102 downloads
•  TDSSKiller.2.6.17.0_11.11.2011_19.42.02_log.txt   1.87KB   101 downloads
•  TDSSKiller.2.6.17.0_11.11.2011_19.42.56_log.txt   76.55KB   96 downloads
•  TDSSKiller.2.6.17.0_11.11.2011_23.15.07_log.txt   76.34KB   101 downloads
•  TDSSKiller.2.6.17.0_13.11.2011_09.43.39_log.txt   348bytes   105 downloads
•  TDSSKiller.2.6.18.0_13.11.2011_09.46.27_log.txt   76.63KB   109 downloads

[Essexboy]

That confirms the variant as aswMBR found it as a hidden element and therefore TDSSKiller could not find it. This can only be repaired via the recovery disc

22:29:40.863 Disk 0 MBR:Alureon-I [Rtk]
22:29:40.873 Disk 0 TDL4@MBR code has been found
22:29:40.883 Disk 0 Windows 7 default MBR code found via API
22:29:40.893 Disk 0 MBR hidden
22:29:40.893 Disk 0 MBR [TDL4] **ROOTKIT**
22:29:40.893 Disk 0 trace - called modules:

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

• Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:
  
  

  recdisc.exe

• Allow the UAC(User Account Control) prompt via selecting Yes.
• You should now see a menu like the below:-

• Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
• Note: If a AutoPlay window pops up, just close it.
• When the SRD has been created you will see the below:-

• Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
• You now have a Windows 7 System Repair Disc.

When you reboot you will see this although yours will say windows 7. Click repair my computer


Select your operating system


Select Command prompt


At the command prompt type the following

• Bootrec.exe /FixMbr
  
• Once finished type Exit

Reboot to normal windows and run MBRcheck again please

[Matt A]

Hello Essexboy,

Thanks for your response. It looks like we are getting there!

I followed your instructions to the point where I created the SRD. I close the dialogue windows and restart my system. The first time, it went through to the login screen. So I rebooted and pressed F8 - the same menu where I can select Safe Mode etc. I had an option that said repair computer, but did not see any option to open the command prompt. I tried again, this time by selecting F12 on boot up. This allowed me to boot from the CD. I selected repair computer, but again, no command prompt.

Windows did actually detect and repair something, but I could kick myself as I did not write it down.

Any advice?

[Essexboy]

Re-run aswMBR form normal mode

When you ran the disc did you get these screens


When you reboot you will see this although yours will say windows 7. Click repair my computer


Select your operating system


Select Command prompt

[Matt A]

Hi Essexboy,

Thanks for that. I worked it out - I had a screen that required me to select language. Once I did that, I got to the right screen.

I carried out the instructions as indicated and re-ran the aswMBR again. THe log is attached.

Thanks

Attached Files

•  aswMBR1.txt   2.05KB   82 downloads

[Essexboy]

Hmm it is still reporting it - are you still getting redirects ?

[Matt A]

Hi Essexboy,

Yes - still getting the redirects...

Should I re-try the SDR process again?

Thanks

[Essexboy]

Yes please - there is another command that we could use there but I need to confirm the validity