Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

McAfee keeps poping up with trojan detected


  • Please log in to reply

#1
sean.dbtrader

sean.dbtrader

    Member

  • Member
  • PipPip
  • 73 posts
McAfee Security Center keeps popping up with a message that malicious software was detected and removed successfully. It refers to is as ZeroAccess located in c:\windows\installer\{350deeed-aa3a-5863-6b67-8f733f03703e}\U.

However, since the message keeps popping up I'm guessing that McAfee hasn't solved the root of the problem. Can you help me find and remove the issue?

Below is the OTL Scan:

OTL logfile created on: 8/15/2012 12:16:46 PM - Run 13
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Sean\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 5.13 Gb Available Physical Memory | 64.49% Memory free
15.92 Gb Paging File | 11.73 Gb Available in Paging File | 73.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.56 Gb Total Space | 609.62 Gb Free Space | 66.15% Space Free | Partition Type: NTFS
Drive D: | 655.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 698.64 Gb Total Space | 93.45 Gb Free Space | 13.38% Space Free | Partition Type: NTFS

Computer Name: DELLXPSWIN7 | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 12:10:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/05 08:47:18 | 001,176,464 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/06/05 08:45:56 | 001,181,584 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
PRC - [2012/06/05 08:06:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/06/04 19:23:12 | 001,061,552 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2012/03/27 05:40:49 | 000,357,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2012/03/14 05:06:40 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2012/03/14 05:05:52 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBDBMgr.exe
PRC - [2012/03/14 05:05:52 | 000,050,552 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2009\dbextclr11.exe
PRC - [2012/03/14 05:01:04 | 000,705,824 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
PRC - [2012/02/15 15:38:52 | 001,894,800 | ---- | M] (TradeStation Technologies, Inc.) -- C:\Program Files (x86)\TradeStation 9.0\Program\TSDev.exe
PRC - [2012/02/15 15:08:52 | 000,457,728 | ---- | M] (TradeStation Technologies, Inc.) -- C:\Program Files (x86)\TradeStation 9.0\Program\WHServer.exe
PRC - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/11/07 17:16:12 | 014,767,976 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
PRC - [2011/04/08 05:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010/07/15 06:53:02 | 000,546,200 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
PRC - [2010/04/02 03:33:22 | 001,359,872 | ---- | M] (Emerald Editor Community) -- C:\Program Files (x86)\Emerald Editor Community\Crimson Editor SVN286\cedt.exe
PRC - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 11:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/02/27 19:02:30 | 001,159,168 | R--- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2007/02/16 21:08:14 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\AstSrv.exe
PRC - [2005/09/23 07:01:18 | 000,464,064 | ---- | M] (Microsoft Corporation) -- c:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\devenv.exe
PRC - [2005/09/23 07:01:16 | 000,112,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\mspdbsrv.exe
PRC - [2003/07/29 21:49:34 | 000,024,576 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Quicken\qw.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/08 00:39:09 | 000,133,008 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\LP_FeaturesBridge.DLL
MOD - [2012/06/05 08:47:10 | 000,110,480 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\Webification.DLL
MOD - [2012/06/05 08:47:02 | 000,121,232 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\ReportBridge.DLL
MOD - [2012/06/05 08:46:50 | 000,138,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBMAPILibrary.dll
MOD - [2012/06/05 08:46:44 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBCompressor.DLL
MOD - [2012/06/05 08:46:40 | 000,070,032 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QB2WPFBridge.dll
MOD - [2012/06/05 08:46:30 | 000,042,384 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\mbpopup.dll
MOD - [2012/06/05 08:46:28 | 000,093,072 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\IPDWidgetInterop.dll
MOD - [2012/06/05 08:46:28 | 000,082,832 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\IPDWidgetBridge.DLL
MOD - [2012/06/05 08:46:24 | 000,057,744 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\htmlhelper.dll
MOD - [2012/06/05 08:46:20 | 000,399,248 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\FeaturesBridge.DLL
MOD - [2012/06/05 08:46:06 | 000,176,528 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2012/06/05 08:46:04 | 000,268,688 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\boost_regex-vc90-mt-p-1_33.dll
MOD - [2012/06/05 08:46:02 | 000,380,304 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\BackupLib.dll
MOD - [2012/06/01 16:02:38 | 000,596,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5f87ce37969e43d352f29d2064b68b3e\Microsoft.VisualStudio.Shell.Design.ni.dll
MOD - [2012/06/01 16:02:06 | 001,124,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a827629e57abafdbeb4fd8768621a2f8\Microsoft.VisualStudio.Design.ni.dll
MOD - [2012/06/01 16:02:01 | 000,666,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7a91d649678375057bb1fc7cfef0a379\Microsoft.VisualStudio.ni.dll
MOD - [2012/06/01 15:58:01 | 000,022,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5288ab86c56e7e057a09ecd5b94f3754\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
MOD - [2012/06/01 15:57:59 | 000,838,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\79ff3493d51e8240e154cfeda854c5cc\Microsoft.VisualStudio.Shell.ni.dll
MOD - [2012/06/01 15:57:59 | 000,577,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bcfaa65924b82c1e6fcadfa0e942e71b\Microsoft.VisualStudio.Shell.Interop.ni.dll
MOD - [2012/06/01 15:57:59 | 000,373,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b109dd43c9480dca0225b5b7dc399e86\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
MOD - [2012/06/01 15:57:59 | 000,306,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9ba0792a761f8d0113086ea6c2cbb6d4\Microsoft.VisualStudio.OLE.Interop.ni.dll
MOD - [2012/06/01 15:57:42 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\5b8667c6746bd6dff357a27fe2d5aa3a\EnvDTE.ni.dll
MOD - [2012/06/01 14:55:50 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\4fe5471456fef11742180706a67d6d7f\System.Design.ni.dll
MOD - [2012/06/01 14:55:50 | 000,208,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\00eb13ee45b1b1d9e1286b12b629732f\System.Drawing.Design.ni.dll
MOD - [2012/06/01 14:55:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/06/01 14:55:18 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\79b487ba3d893f59ce7e697d06721dd0\System.Windows.Forms.ni.dll
MOD - [2012/06/01 14:55:13 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1dce8ad4aa93ed395af726c0e510846e\System.Drawing.ni.dll
MOD - [2012/06/01 14:55:11 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/06/01 14:55:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/06/01 14:54:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/01 14:54:55 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/01 14:54:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/06/01 14:54:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/06/01 12:15:54 | 006,307,160 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\PrintEng.dll
MOD - [2012/04/22 12:46:18 | 013,325,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\8e3c1cec16dfb531846f357a17e3a77a\System.Data.Entity.ni.dll
MOD - [2012/04/22 12:44:25 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\6f4a1ba24dffa86dd2a2ab8127e0b16d\UIAutomationProvider.ni.dll
MOD - [2012/04/22 12:44:21 | 001,189,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\22e03bf9d011ac30fd9dd559902d392b\System.Data.OracleClient.ni.dll
MOD - [2012/04/22 12:44:16 | 011,993,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\2c306c4d9e8432414a751bee248b79ed\System.Web.ni.dll
MOD - [2012/04/22 12:44:09 | 000,786,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.ni.dll
MOD - [2012/04/22 12:44:09 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.Wrapper.dll
MOD - [2012/04/22 12:44:08 | 000,646,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\344c1e000e4158cc37a5e9068e095d40\System.Transactions.ni.dll
MOD - [2012/04/22 12:44:05 | 002,637,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d04876810fa42d76546c5f1239f82943\System.Runtime.Serialization.ni.dll
MOD - [2012/04/22 12:44:04 | 000,391,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\1faca3f09472860e010689b67c68a327\System.Xml.Linq.ni.dll
MOD - [2012/04/22 12:44:03 | 001,781,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4185130eda1d7a5e0e0474e72343570b\System.Xaml.ni.dll
MOD - [2012/04/22 12:23:51 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c04dcef499114715d2a222c01ea6b227\System.Drawing.ni.dll
MOD - [2012/04/22 12:23:42 | 006,798,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\494945003f729a5d6ec21324dff8c7b9\System.Data.ni.dll
MOD - [2012/04/22 12:23:34 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d2ad394c477fc1c71c900c892d7fce0b\PresentationFramework.Aero.ni.dll
MOD - [2012/04/22 12:23:33 | 017,671,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63d537bacaab5416d09a2a3cdf6a3667\PresentationFramework.ni.dll
MOD - [2012/04/22 12:23:24 | 011,106,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\75f3656725581b2c90785755775bdf48\PresentationCore.ni.dll
MOD - [2012/04/22 12:23:17 | 003,798,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6e1c62ce679c8157560c7593c066cd85\WindowsBase.ni.dll
MOD - [2012/04/22 12:23:14 | 000,729,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\c12a8284683ba6b400a4562da310ce59\System.Security.ni.dll
MOD - [2012/04/22 12:23:14 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\d038332bf07a163f855200919ee678cc\System.Numerics.ni.dll
MOD - [2012/04/22 12:23:12 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a401952384c24581989cdc85270f3d9d\System.Xml.ni.dll
MOD - [2012/04/22 12:23:09 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb7cfe8f0e8532f6381c22bf719a95dc\System.Configuration.ni.dll
MOD - [2012/04/22 12:23:07 | 007,054,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\52598abacb89081ab248f435d9dabdf4\System.Core.ni.dll
MOD - [2012/04/22 12:23:02 | 009,085,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\af709611f9ffff0544b1d750303c4afa\System.ni.dll
MOD - [2012/04/22 12:22:58 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2012/03/14 05:06:28 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\zlib1.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2010/09/13 13:12:17 | 000,761,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommonIDE.dll
MOD - [2009/02/27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2009/01/18 15:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2007/06/26 20:27:18 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2006/10/12 15:14:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll
MOD - [2003/07/29 21:51:02 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Quicken\xmlparse_tok.dll
MOD - [2003/07/29 21:51:02 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Quicken\xmlparse.dll
MOD - [2003/07/29 21:51:00 | 000,484,864 | ---- | M] () -- C:\Program Files (x86)\Quicken\alrtint8.dll
MOD - [2003/07/29 21:51:00 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Quicken\qcomutil.dll
MOD - [2003/03/26 18:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/04 19:15:02 | 006,724,272 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/12/10 15:15:04 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Windows\SysNative\svchost.exe -- (SharedAccess)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2005/09/23 03:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
SRV - [2012/08/14 15:04:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/16 07:37:24 | 002,677,160 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/05 08:06:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/04/20 18:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/14 05:06:40 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/03/14 05:06:32 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/05/21 05:29:52 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/21 05:18:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/26 09:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009/02/25 19:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/16 21:08:14 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Windows\SysWow64\\AstSrv.exe -- (Ast Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2009/12/10 17:40:28 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/12/10 17:40:28 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/10/16 04:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/10/02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/30 23:34:00 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/26 08:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/09/06 21:53:00 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 08:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A24E3311-6099-4742-B8EF-15239EF478D3}
IE:64bit: - HKLM\..\SearchScopes\{A24E3311-6099-4742-B8EF-15239EF478D3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {BBDB58D9-ED7F-4BB7-9EF6-C3962031490A}
IE - HKLM\..\SearchScopes\{BBDB58D9-ED7F-4BB7-9EF6-C3962031490A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.ipl...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{BBDB58D9-ED7F-4BB7-9EF6-C3962031490A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sean\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sean\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/23 09:23:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/27 18:54:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/27 18:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions
[2012/05/02 10:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xc5oz44y.default\extensions
[2012/04/27 18:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/23 16:58:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120623061227.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120623061227.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~2\Zend\ZENDST~1.2\toolbars\ZENDIE~1.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] T.EXE" File not found
O4:64bit: - HKLM..\Run: [itype] TELLITYPE PRO\ITYPE.EXE" File not found
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] 64 File not found
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] TRY THXCFG64 File not found
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] DOWSMOBILE\WMDC.EXE File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [obtwtqvv] "C:\Users\Sean\AppData\Roaming\Microsoft\Oxvpml\oxvpml.exe" File not found
O4 - HKCU..\Run: [SearchEngineProtection] "C:\Users\Sean\AppData\Roaming\Microsoft\Oxvpml\oxvpml.exe" /c C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D490E2E-9AE1-4F1F-83A3-C7FC20351125}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A407679-27E4-4AEF-A01C-8BBB2D930DF9}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/20 08:53:20 | 003,895,296 | R--- | M] (Ubi Soft Entertainment) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/04/27 08:29:08 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/15 12:10:05 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2012/08/14 20:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/08/09 09:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2012/08/08 08:00:21 | 003,431,902 | ---- | C] (TradeTheMarkets.com ) -- C:\Users\Sean\Desktop\TTM Squeeze MC Setup 64.exe
[2012/08/07 10:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\TradeTheMarkets
[2012/08/06 14:48:40 | 000,106,496 | ---- | C] (TradeTheMarkets) -- C:\Windows\SysWow64\DBTCustomerCheck.dll
[2012/08/06 09:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rob Hoffman
[2012/08/06 09:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RobHoffman
[2012/08/06 09:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RobHoffman
[2012/08/06 07:22:56 | 000,098,304 | ---- | C] (TradeTheMarkets) -- C:\Windows\SysWow64\HoffmanCustomerCheck.dll
[2012/07/30 15:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\TS Support
[2012/07/30 15:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiCharts64
[2012/07/30 15:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiCharts
[2012/07/26 10:18:53 | 000,000,000 | ---D | C] -- C:\Test
[1 C:\Users\Sean\Desktop\*.tmp files -> C:\Users\Sean\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\
[2012/08/15 12:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3366800603-694017702-1191280905-1001UA.job
[2012/08/15 12:19:01 | 000,000,337 | ---- | M] () -- C:\Windows\cedt.INI
[2012/08/15 12:10:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2012/08/15 12:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/15 06:14:35 | 000,000,590 | ---- | M] () -- C:\Windows\tasks\TradeStation Backup - Daily.job
[2012/08/14 20:24:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3366800603-694017702-1191280905-1001Core.job
[2012/08/14 15:04:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 15:04:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/13 19:26:22 | 000,001,365 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2012/08/13 11:07:49 | 000,000,043 | ---- | M] () -- C:\Windows\WALLSTRT.INI
[2012/08/08 09:02:17 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7 Host.lnk
[2012/08/08 08:01:03 | 003,431,902 | ---- | M] (TradeTheMarkets.com ) -- C:\Users\Sean\Desktop\TTM Squeeze MC Setup 64.exe
[2012/08/07 08:05:33 | 000,257,024 | ---- | M] () -- C:\Windows\SysNative\TTMMCCheck64.dll
[2012/08/06 14:48:40 | 001,379,328 | ---- | M] () -- C:\Windows\SysWow64\DBTCustomerCheck.pdb
[2012/08/06 14:48:40 | 000,106,496 | ---- | M] (TradeTheMarkets) -- C:\Windows\SysWow64\DBTCustomerCheck.dll
[2012/08/06 14:48:39 | 000,001,968 | ---- | M] () -- C:\Windows\SysWow64\DBTCustomerCheck.lib
[2012/08/06 14:48:39 | 000,000,764 | ---- | M] () -- C:\Windows\SysWow64\DBTCustomerCheck.exp
[2012/08/06 07:22:56 | 001,215,488 | ---- | M] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.pdb
[2012/08/06 07:22:56 | 000,098,304 | ---- | M] (TradeTheMarkets) -- C:\Windows\SysWow64\HoffmanCustomerCheck.dll
[2012/08/06 07:22:56 | 000,001,968 | ---- | M] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.lib
[2012/08/06 07:22:56 | 000,000,775 | ---- | M] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.exp
[2012/08/04 20:31:20 | 000,849,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/04 20:31:20 | 000,710,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/04 20:31:20 | 000,139,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/03 14:25:36 | 009,899,008 | ---- | M] () -- C:\Windows\SysWow64\SmarterStops.pdb
[2012/08/03 14:25:36 | 004,838,392 | ---- | M] () -- C:\Windows\SysWow64\SmarterStops.ilk
[2012/08/03 14:25:36 | 002,269,184 | ---- | M] () -- C:\Windows\SysWow64\SmarterStops.dll
[2012/08/03 04:46:56 | 059,884,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/07/31 07:44:08 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 07:44:08 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 15:53:51 | 000,001,131 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 3D Optimization Charts.lnk
[2012/07/30 15:53:51 | 000,001,126 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64.lnk
[2012/07/30 15:53:51 | 000,001,121 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 QuoteManager.lnk
[2012/07/30 15:53:51 | 000,001,116 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 Portfolio Backtester.lnk
[2012/07/30 15:53:51 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64 3D Optimization Charts.lnk
[2012/07/30 15:53:51 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64.lnk
[2012/07/30 15:53:51 | 000,001,101 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 PowerLanguage Editor.lnk
[2012/07/30 15:53:51 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64 QuoteManager.lnk
[2012/07/30 15:53:51 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64 Portfolio Backtester.lnk
[2012/07/30 15:53:51 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64 PowerLanguage Editor.lnk
[2012/07/30 15:21:34 | 000,001,159 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts 3D Optimization Charts.lnk
[2012/07/30 15:21:34 | 000,001,149 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts QuoteManager.lnk
[2012/07/30 15:21:34 | 000,001,144 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts.lnk
[2012/07/30 15:21:34 | 000,001,144 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts Portfolio Backtester.lnk
[2012/07/30 15:21:34 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts 3D Optimization Charts.lnk
[2012/07/30 15:21:34 | 000,001,129 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts PowerLanguage Editor.lnk
[2012/07/30 15:21:34 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts QuoteManager.lnk
[2012/07/30 15:21:34 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts.lnk
[2012/07/30 15:21:34 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts Portfolio Backtester.lnk
[2012/07/30 15:21:34 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts PowerLanguage Editor.lnk
[2012/07/26 10:17:51 | 000,000,000 | ---- | M] () -- C:\ESM12.csv
[2012/07/26 08:54:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/26 08:54:49 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/20 10:54:24 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Users\Sean\Desktop\*.tmp files -> C:\Users\Sean\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\
[2012/08/08 09:02:17 | 000,001,176 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7 Host.lnk
[2012/08/08 09:02:17 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7 Host.lnk
[2012/08/07 08:11:43 | 000,257,024 | ---- | C] () -- C:\Windows\SysNative\TTMMCCheck64.dll
[2012/08/06 07:22:56 | 001,215,488 | ---- | C] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.pdb
[2012/08/06 07:22:56 | 000,001,968 | ---- | C] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.lib
[2012/08/06 07:22:56 | 000,000,775 | ---- | C] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.exp
[2012/07/30 15:53:51 | 000,001,131 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 3D Optimization Charts.lnk
[2012/07/30 15:53:51 | 000,001,126 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64.lnk
[2012/07/30 15:53:51 | 000,001,121 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 QuoteManager.lnk
[2012/07/30 15:53:51 | 000,001,116 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 Portfolio Backtester.lnk
[2012/07/30 15:53:51 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64 3D Optimization Charts.lnk
[2012/07/30 15:53:51 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64.lnk
[2012/07/30 15:53:51 | 000,001,101 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 PowerLanguage Editor.lnk
[2012/07/30 15:53:51 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64 QuoteManager.lnk
[2012/07/30 15:53:51 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64 Portfolio Backtester.lnk
[2012/07/30 15:53:51 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64 PowerLanguage Editor.lnk
[2012/07/30 15:21:34 | 000,001,159 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts 3D Optimization Charts.lnk
[2012/07/30 15:21:34 | 000,001,149 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts QuoteManager.lnk
[2012/07/30 15:21:34 | 000,001,144 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts.lnk
[2012/07/30 15:21:34 | 000,001,144 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts Portfolio Backtester.lnk
[2012/07/30 15:21:34 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts 3D Optimization Charts.lnk
[2012/07/30 15:21:34 | 000,001,129 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts PowerLanguage Editor.lnk
[2012/07/30 15:21:34 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts QuoteManager.lnk
[2012/07/30 15:21:34 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts.lnk
[2012/07/30 15:21:34 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts Portfolio Backtester.lnk
[2012/07/30 15:21:34 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts PowerLanguage Editor.lnk
[2012/07/26 10:17:51 | 000,000,000 | ---- | C] () -- C:\ESM12.csv
[2012/07/19 10:18:44 | 000,000,590 | ---- | C] () -- C:\Windows\tasks\TradeStation Backup - Daily.job
[2012/06/18 10:17:19 | 000,219,648 | ---- | C] () -- C:\Windows\SysWow64\TTMMCCheck2.dll
[2012/05/31 14:40:56 | 000,199,168 | ---- | C] () -- C:\Windows\SysWow64\RoboTraderFXMT.dll
[2012/05/31 14:39:50 | 000,219,648 | ---- | C] () -- C:\Windows\SysWow64\RoboTraderFXI.dll
[2012/05/29 10:09:29 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\RTTData.dll
[2012/05/24 16:15:32 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\DBTCollections.dll
[2012/05/01 14:54:46 | 001,830,400 | ---- | C] () -- C:\Windows\SysWow64\DLLExampleWrapper.dll
[2012/04/23 15:31:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/23 15:31:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/23 15:31:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/23 15:31:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/23 15:31:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/13 15:13:03 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{350deeed-aa3a-5863-6b67-8f733f03703e}\@
[2012/04/13 15:13:03 | 000,002,048 | -HS- | C] () -- C:\Users\Sean\AppData\Local\{350deeed-aa3a-5863-6b67-8f733f03703e}\@
[2012/04/05 19:10:37 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\cid2.dll
[2012/03/19 14:17:10 | 000,000,005 | -H-- | C] () -- C:\Users\Sean\.zs
[2012/03/15 09:10:45 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\RBT1GLock32.dll
[2012/03/12 13:21:26 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/21 11:07:30 | 000,254,464 | ---- | C] () -- C:\Windows\SysWow64\RTTMCCheck64.dll
[2012/02/20 15:06:20 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\RTTMCCheck.dll
[2012/01/29 16:47:12 | 000,000,110 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\EA Installrecents.ini
[2012/01/06 10:39:37 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\FastFileAppend.dll
[2011/10/29 14:26:46 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\DBTSQLLoaderMC.dll
[2011/10/29 09:31:35 | 007,479,296 | ---- | C] () -- C:\Windows\SysWow64\TTM.GlobalVariable.dll
[2011/10/23 17:17:45 | 001,865,728 | ---- | C] () -- C:\Windows\SysWow64\TTMMCCheck.dll
[2011/10/06 07:11:22 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\RTTMCCheck2.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/14 13:57:29 | 003,387,392 | ---- | C] () -- C:\Windows\SysWow64\RTTDataMC.dll
[2011/08/09 19:13:56 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\DBTSQLLoader.dll
[2011/08/09 19:13:40 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\DBTSQLLoaderR.dll
[2011/07/23 07:53:27 | 007,479,296 | ---- | C] () -- C:\Windows\SysWow64\DBGV.dll
[2011/07/20 17:19:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SqlLoaderNetMC.dll
[2011/07/17 16:22:12 | 000,024,576 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.PLKit.dll
[2011/06/29 15:07:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\FTOVIWrap.dll
[2011/06/20 16:14:18 | 028,664,832 | ---- | C] () -- C:\Windows\SysWow64\PosDataVal.dll
[2011/06/02 18:57:56 | 000,000,218 | ---- | C] () -- C:\Users\Sean\.recently-used.xbel
[2011/05/24 07:29:47 | 000,000,011 | ---- | C] () -- C:\Windows\SysWow64\$StiLocal.dat
[2011/05/24 07:29:47 | 000,000,011 | ---- | C] () -- C:\Windows\SysWow64\$StiDesk.dat
[2011/05/24 07:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\$StiTrigger.dat
[2011/05/24 07:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\$StiSymInfo.dat
[2011/05/24 07:29:13 | 000,000,274 | ---- | C] () -- C:\Windows\SysWow64\$StiFees.dat
[2011/05/24 07:29:13 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\$StiListExchInfo.dat
[2011/05/24 07:29:12 | 000,000,270 | ---- | C] () -- C:\Windows\SysWow64\$StiLast.ini
[2011/05/24 07:29:12 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\$StiValues.ini
[2011/05/07 15:02:58 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\RTT1Lock32.dll
[2011/05/07 15:02:58 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\RTT1LockPW32.exe
[2011/04/27 09:32:42 | 001,868,800 | ---- | C] () -- C:\Windows\SysWow64\TTMCustomerCheck.dll
[2011/04/03 15:09:11 | 000,027,419 | ---- | C] () -- C:\Windows\WinSig.ini
[2011/04/03 15:09:11 | 000,002,980 | ---- | C] () -- C:\Windows\WinRos.ini
[2011/03/26 09:01:15 | 000,000,008 | RH-- | C] () -- C:\Users\Sean\hwid
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/10 11:25:01 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\PositionMonitor.dll
[2011/02/06 10:18:21 | 000,000,000 | ---- | C] () -- C:\Windows\regset.INI
[2011/02/06 10:17:57 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\patchw32.dll
[2011/02/06 10:17:56 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\LFCMP61N.DLL
[2011/02/06 10:17:56 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\Lfpng61n.dll
[2011/02/06 10:17:56 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\LTFIL61N.DLL
[2011/02/06 10:17:56 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\MSWTHK32.DLL
[2011/02/06 10:17:56 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\IMPLODE.DLL
[2011/02/06 10:17:56 | 000,003,360 | ---- | C] () -- C:\Windows\SysWow64\MSWTHK16.DLL
[2011/01/24 16:07:18 | 025,627,648 | ---- | C] () -- C:\Windows\SysWow64\FundDataVal.dll
[2011/01/14 16:12:27 | 000,325,845 | ---- | C] () -- C:\Users\Sean\AppData\Local\debuggee.mdmp
[2010/11/03 14:38:16 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\DTACollections.dll
[2010/10/07 09:15:19 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\Test2005.dll
[2010/09/29 16:09:56 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
[2010/09/28 15:20:52 | 002,269,184 | ---- | C] () -- C:\Windows\SysWow64\SmarterStops2.dll
[2010/08/17 19:43:49 | 005,128,192 | ---- | C] () -- C:\Windows\SysWow64\DBTGlobalVariable.dll
[2010/06/30 10:35:56 | 000,007,599 | ---- | C] () -- C:\Users\Sean\AppData\Local\Resmon.ResmonCfg
[2010/06/06 13:08:29 | 000,038,421 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/06/03 07:17:45 | 000,000,320 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\SEC398299.trad
[2010/05/28 19:47:45 | 000,000,576 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\wklnhst.dat
[2010/05/28 08:40:53 | 000,000,320 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\SEC429288.trad

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:322EAACD
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello sean.dbtrader and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.


  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [obtwtqvv] "C:\Users\Sean\AppData\Roaming\Microsoft\Oxvpml\oxvpml.exe" File not found
    O4 - HKCU..\Run: [SearchEngineProtection] "C:\Users\Sean\AppData\Roaming\Microsoft\Oxvpml\oxvpml.exe" /c C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe File not found
    
    :Files
    C:\Windows\Installer\{350deeed-aa3a-5863-6b67-8f733f03703e}\
    C:\Users\Sean\AppData\Local\{350deeed-aa3a-5863-6b67-8f733f03703e}\
    
    :Commands
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

THEN

  • Run OTL
  • Select All Users
  • Now on the Box Extra Registry, click in Use safe list
  • Copy the lines under the Code.
    /md5start
    services.exe
    /md5stop
    
  • Back to the program and paste the text in red in the text box "Custom Scan / Fixes"
  • Click on Quick Scan button
  • The examination takes a while, be patient.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

FINALLY

Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

LOGS I WANT TO SEE IN YOUR NEXT REPLY:
  • OTL Fix log.
  • OTL.txt
  • Extras.txt
  • FSS.txt

  • 0

#4
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Thank you for your help. Below are the logs. No extras log was created.

OTL Fix Log:

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\obtwtqvv deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchEngineProtection deleted successfully.
========== FILES ==========
C:\Windows\Installer\{350deeed-aa3a-5863-6b67-8f733f03703e}\U folder moved successfully.
C:\Windows\Installer\{350deeed-aa3a-5863-6b67-8f733f03703e}\L folder moved successfully.
C:\Windows\Installer\{350deeed-aa3a-5863-6b67-8f733f03703e} folder moved successfully.
C:\Users\Sean\AppData\Local\{350deeed-aa3a-5863-6b67-8f733f03703e}\U folder moved successfully.
C:\Users\Sean\AppData\Local\{350deeed-aa3a-5863-6b67-8f733f03703e}\L folder moved successfully.
C:\Users\Sean\AppData\Local\{350deeed-aa3a-5863-6b67-8f733f03703e} folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.57.0 log created on 08152012_221950


OTL Log:

OTL logfile created on: 8/16/2012 4:00:05 AM - Run 14
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Sean\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 79.28% Memory free
15.92 Gb Paging File | 13.61 Gb Available in Paging File | 85.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.56 Gb Total Space | 609.59 Gb Free Space | 66.15% Space Free | Partition Type: NTFS
Drive D: | 655.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 698.64 Gb Total Space | 93.24 Gb Free Space | 13.35% Space Free | Partition Type: NTFS

Computer Name: DELLXPSWIN7 | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 12:10:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
PRC - [2012/07/16 07:37:24 | 006,849,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/16 07:37:24 | 002,677,160 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/16 07:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/05 08:47:18 | 001,176,464 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/06/05 08:45:56 | 001,181,584 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32.EXE
PRC - [2012/06/05 08:06:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/06/04 19:23:12 | 001,061,552 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2012/03/14 05:06:40 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/04/08 05:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 11:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/02/27 19:02:30 | 001,159,168 | R--- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2007/02/16 21:08:14 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\AstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/05 08:46:50 | 000,138,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBMAPILibrary.dll
MOD - [2012/06/05 08:46:44 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBCompressor.DLL
MOD - [2012/06/05 08:46:30 | 000,042,384 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\mbpopup.dll
MOD - [2012/06/05 08:46:06 | 000,176,528 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2012/06/05 08:46:04 | 000,268,688 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\boost_regex-vc90-mt-p-1_33.dll
MOD - [2012/06/05 08:46:02 | 000,380,304 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\BackupLib.dll
MOD - [2012/06/01 14:55:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/06/01 14:55:18 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\79b487ba3d893f59ce7e697d06721dd0\System.Windows.Forms.ni.dll
MOD - [2012/06/01 14:55:13 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1dce8ad4aa93ed395af726c0e510846e\System.Drawing.ni.dll
MOD - [2012/06/01 14:55:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/06/01 14:54:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/01 14:54:55 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/01 14:54:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/06/01 14:54:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/03/14 05:06:28 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2009\zlib1.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2008/10/26 05:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007/06/26 20:27:18 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2006/10/27 15:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2006/10/12 15:14:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll
MOD - [2003/03/26 18:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/04 19:15:02 | 006,724,272 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/12/10 15:15:04 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2005/09/23 03:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
SRV - [2012/08/14 15:04:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/16 07:37:24 | 002,677,160 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/05 08:06:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/04/20 18:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/14 05:06:40 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/03/14 05:06:32 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/05/21 05:29:52 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/21 05:18:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/26 09:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009/02/25 19:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/16 21:08:14 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Windows\SysWow64\\AstSrv.exe -- (Ast Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2009/12/10 17:40:28 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/12/10 17:40:28 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/10/16 04:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/10/02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/30 23:34:00 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/26 08:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/09/06 21:53:00 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 08:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A24E3311-6099-4742-B8EF-15239EF478D3}
IE:64bit: - HKLM\..\SearchScopes\{A24E3311-6099-4742-B8EF-15239EF478D3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {BBDB58D9-ED7F-4BB7-9EF6-C3962031490A}
IE - HKLM\..\SearchScopes\{BBDB58D9-ED7F-4BB7-9EF6-C3962031490A}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3366800603-694017702-1191280905-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3366800603-694017702-1191280905-1001\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKU\S-1-5-21-3366800603-694017702-1191280905-1001\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.ipl...q={searchTerms}
IE - HKU\S-1-5-21-3366800603-694017702-1191280905-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-3366800603-694017702-1191280905-1001\..\SearchScopes\{BBDB58D9-ED7F-4BB7-9EF6-C3962031490A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3366800603-694017702-1191280905-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sean\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sean\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/23 09:23:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/27 18:54:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/27 18:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions
[2012/05/02 10:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xc5oz44y.default\extensions
[2012/04/27 18:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/23 16:58:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120623061227.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120623061227.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~2\Zend\ZENDST~1.2\toolbars\ZENDIE~1.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] T.EXE" File not found
O4:64bit: - HKLM..\Run: [itype] TELLITYPE PRO\ITYPE.EXE" File not found
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] 64 File not found
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] TRY THXCFG64 File not found
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] DOWSMOBILE\WMDC.EXE File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3366800603-694017702-1191280905-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3366800603-694017702-1191280905-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-3366800603-694017702-1191280905-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3366800603-694017702-1191280905-1001\..Trusted Domains: localhost ([]* in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D490E2E-9AE1-4F1F-83A3-C7FC20351125}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A407679-27E4-4AEF-A01C-8BBB2D930DF9}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/20 08:53:20 | 003,895,296 | R--- | M] (Ubi Soft Entertainment) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/04/27 08:29:08 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/15 22:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/08/15 12:10:05 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2012/08/09 09:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2012/08/08 08:00:21 | 003,431,902 | ---- | C] (TradeTheMarkets.com ) -- C:\Users\Sean\Desktop\TTM Squeeze MC Setup 64.exe
[2012/08/07 10:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\TradeTheMarkets
[2012/08/06 14:48:40 | 000,106,496 | ---- | C] (TradeTheMarkets) -- C:\Windows\SysWow64\DBTCustomerCheck.dll
[2012/08/06 09:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rob Hoffman
[2012/08/06 09:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RobHoffman
[2012/08/06 09:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RobHoffman
[2012/08/06 07:22:56 | 000,098,304 | ---- | C] (TradeTheMarkets) -- C:\Windows\SysWow64\HoffmanCustomerCheck.dll
[2012/07/30 15:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\TS Support
[2012/07/30 15:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiCharts64
[2012/07/30 15:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiCharts
[2012/07/26 10:18:53 | 000,000,000 | ---D | C] -- C:\Test
[1 C:\Users\Sean\Desktop\*.tmp files -> C:\Users\Sean\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 04:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 03:55:19 | 000,000,590 | ---- | M] () -- C:\Windows\tasks\TradeStation Backup - Daily.job
[2012/08/16 03:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3366800603-694017702-1191280905-1001UA.job
[2012/08/15 22:31:59 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 22:31:59 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 22:24:27 | 000,486,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 22:24:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/15 22:23:48 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/15 22:18:44 | 000,000,480 | ---- | M] () -- C:\Windows\cedt.INI
[2012/08/15 20:24:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3366800603-694017702-1191280905-1001Core.job
[2012/08/15 17:00:17 | 000,000,043 | ---- | M] () -- C:\Windows\WALLSTRT.INI
[2012/08/15 12:10:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2012/08/13 19:26:22 | 000,001,365 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2012/08/08 09:02:17 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7 Host.lnk
[2012/08/08 08:01:03 | 003,431,902 | ---- | M] (TradeTheMarkets.com ) -- C:\Users\Sean\Desktop\TTM Squeeze MC Setup 64.exe
[2012/08/07 08:05:33 | 000,257,024 | ---- | M] () -- C:\Windows\SysNative\TTMMCCheck64.dll
[2012/08/06 14:48:40 | 001,379,328 | ---- | M] () -- C:\Windows\SysWow64\DBTCustomerCheck.pdb
[2012/08/06 14:48:40 | 000,106,496 | ---- | M] (TradeTheMarkets) -- C:\Windows\SysWow64\DBTCustomerCheck.dll
[2012/08/06 14:48:39 | 000,001,968 | ---- | M] () -- C:\Windows\SysWow64\DBTCustomerCheck.lib
[2012/08/06 14:48:39 | 000,000,764 | ---- | M] () -- C:\Windows\SysWow64\DBTCustomerCheck.exp
[2012/08/06 07:22:56 | 001,215,488 | ---- | M] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.pdb
[2012/08/06 07:22:56 | 000,098,304 | ---- | M] (TradeTheMarkets) -- C:\Windows\SysWow64\HoffmanCustomerCheck.dll
[2012/08/06 07:22:56 | 000,001,968 | ---- | M] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.lib
[2012/08/06 07:22:56 | 000,000,775 | ---- | M] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.exp
[2012/08/04 20:31:20 | 000,849,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/04 20:31:20 | 000,710,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/04 20:31:20 | 000,139,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/03 14:25:36 | 009,899,008 | ---- | M] () -- C:\Windows\SysWow64\SmarterStops.pdb
[2012/08/03 14:25:36 | 004,838,392 | ---- | M] () -- C:\Windows\SysWow64\SmarterStops.ilk
[2012/08/03 14:25:36 | 002,269,184 | ---- | M] () -- C:\Windows\SysWow64\SmarterStops.dll
[2012/07/30 15:53:51 | 000,001,131 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 3D Optimization Charts.lnk
[2012/07/30 15:53:51 | 000,001,126 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64.lnk
[2012/07/30 15:53:51 | 000,001,121 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 QuoteManager.lnk
[2012/07/30 15:53:51 | 000,001,116 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 Portfolio Backtester.lnk
[2012/07/30 15:53:51 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64 3D Optimization Charts.lnk
[2012/07/30 15:53:51 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64.lnk
[2012/07/30 15:53:51 | 000,001,101 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 PowerLanguage Editor.lnk
[2012/07/30 15:53:51 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64 QuoteManager.lnk
[2012/07/30 15:53:51 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64 Portfolio Backtester.lnk
[2012/07/30 15:53:51 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64 PowerLanguage Editor.lnk
[2012/07/30 15:21:34 | 000,001,159 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts 3D Optimization Charts.lnk
[2012/07/30 15:21:34 | 000,001,149 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts QuoteManager.lnk
[2012/07/30 15:21:34 | 000,001,144 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts.lnk
[2012/07/30 15:21:34 | 000,001,144 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts Portfolio Backtester.lnk
[2012/07/30 15:21:34 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts 3D Optimization Charts.lnk
[2012/07/30 15:21:34 | 000,001,129 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts PowerLanguage Editor.lnk
[2012/07/30 15:21:34 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts QuoteManager.lnk
[2012/07/30 15:21:34 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts.lnk
[2012/07/30 15:21:34 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts Portfolio Backtester.lnk
[2012/07/30 15:21:34 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts PowerLanguage Editor.lnk
[2012/07/26 10:17:51 | 000,000,000 | ---- | M] () -- C:\ESM12.csv
[2012/07/20 10:54:24 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Users\Sean\Desktop\*.tmp files -> C:\Users\Sean\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/08 09:02:17 | 000,001,176 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7 Host.lnk
[2012/08/08 09:02:17 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7 Host.lnk
[2012/08/07 08:11:43 | 000,257,024 | ---- | C] () -- C:\Windows\SysNative\TTMMCCheck64.dll
[2012/08/06 07:22:56 | 001,215,488 | ---- | C] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.pdb
[2012/08/06 07:22:56 | 000,001,968 | ---- | C] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.lib
[2012/08/06 07:22:56 | 000,000,775 | ---- | C] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.exp
[2012/07/30 15:53:51 | 000,001,131 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 3D Optimization Charts.lnk
[2012/07/30 15:53:51 | 000,001,126 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64.lnk
[2012/07/30 15:53:51 | 000,001,121 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 QuoteManager.lnk
[2012/07/30 15:53:51 | 000,001,116 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 Portfolio Backtester.lnk
[2012/07/30 15:53:51 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64 3D Optimization Charts.lnk
[2012/07/30 15:53:51 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64.lnk
[2012/07/30 15:53:51 | 000,001,101 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 PowerLanguage Editor.lnk
[2012/07/30 15:53:51 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64 QuoteManager.lnk
[2012/07/30 15:53:51 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64 Portfolio Backtester.lnk
[2012/07/30 15:53:51 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64 PowerLanguage Editor.lnk
[2012/07/30 15:21:34 | 000,001,159 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts 3D Optimization Charts.lnk
[2012/07/30 15:21:34 | 000,001,149 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts QuoteManager.lnk
[2012/07/30 15:21:34 | 000,001,144 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts.lnk
[2012/07/30 15:21:34 | 000,001,144 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts Portfolio Backtester.lnk
[2012/07/30 15:21:34 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts 3D Optimization Charts.lnk
[2012/07/30 15:21:34 | 000,001,129 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts PowerLanguage Editor.lnk
[2012/07/30 15:21:34 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts QuoteManager.lnk
[2012/07/30 15:21:34 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts.lnk
[2012/07/30 15:21:34 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts Portfolio Backtester.lnk
[2012/07/30 15:21:34 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts PowerLanguage Editor.lnk
[2012/07/26 10:17:51 | 000,000,000 | ---- | C] () -- C:\ESM12.csv
[2012/07/19 10:18:44 | 000,000,590 | ---- | C] () -- C:\Windows\tasks\TradeStation Backup - Daily.job
[2012/06/18 10:17:19 | 000,219,648 | ---- | C] () -- C:\Windows\SysWow64\TTMMCCheck2.dll
[2012/05/31 14:40:56 | 000,199,168 | ---- | C] () -- C:\Windows\SysWow64\RoboTraderFXMT.dll
[2012/05/31 14:39:50 | 000,219,648 | ---- | C] () -- C:\Windows\SysWow64\RoboTraderFXI.dll
[2012/05/29 10:09:29 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\RTTData.dll
[2012/05/24 16:15:32 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\DBTCollections.dll
[2012/05/01 14:54:46 | 001,830,400 | ---- | C] () -- C:\Windows\SysWow64\DLLExampleWrapper.dll
[2012/04/23 15:31:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/23 15:31:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/23 15:31:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/23 15:31:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/23 15:31:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/05 19:10:37 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\cid2.dll
[2012/03/19 14:17:10 | 000,000,005 | -H-- | C] () -- C:\Users\Sean\.zs
[2012/03/15 09:10:45 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\RBT1GLock32.dll
[2012/03/12 13:21:26 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/21 11:07:30 | 000,254,464 | ---- | C] () -- C:\Windows\SysWow64\RTTMCCheck64.dll
[2012/02/20 15:06:20 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\RTTMCCheck.dll
[2012/01/29 16:47:12 | 000,000,110 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\EA Installrecents.ini
[2012/01/06 10:39:37 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\FastFileAppend.dll
[2011/10/29 14:26:46 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\DBTSQLLoaderMC.dll
[2011/10/29 09:31:35 | 007,479,296 | ---- | C] () -- C:\Windows\SysWow64\TTM.GlobalVariable.dll
[2011/10/23 17:17:45 | 001,865,728 | ---- | C] () -- C:\Windows\SysWow64\TTMMCCheck.dll
[2011/10/06 07:11:22 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\RTTMCCheck2.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/14 13:57:29 | 003,387,392 | ---- | C] () -- C:\Windows\SysWow64\RTTDataMC.dll
[2011/08/09 19:13:56 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\DBTSQLLoader.dll
[2011/08/09 19:13:40 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\DBTSQLLoaderR.dll
[2011/07/23 07:53:27 | 007,479,296 | ---- | C] () -- C:\Windows\SysWow64\DBGV.dll
[2011/07/20 17:19:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SqlLoaderNetMC.dll
[2011/07/17 16:22:12 | 000,024,576 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.PLKit.dll
[2011/06/29 15:07:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\FTOVIWrap.dll
[2011/06/20 16:14:18 | 028,664,832 | ---- | C] () -- C:\Windows\SysWow64\PosDataVal.dll
[2011/06/02 18:57:56 | 000,000,218 | ---- | C] () -- C:\Users\Sean\.recently-used.xbel
[2011/05/24 07:29:47 | 000,000,011 | ---- | C] () -- C:\Windows\SysWow64\$StiLocal.dat
[2011/05/24 07:29:47 | 000,000,011 | ---- | C] () -- C:\Windows\SysWow64\$StiDesk.dat
[2011/05/24 07:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\$StiTrigger.dat
[2011/05/24 07:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\$StiSymInfo.dat
[2011/05/24 07:29:13 | 000,000,274 | ---- | C] () -- C:\Windows\SysWow64\$StiFees.dat
[2011/05/24 07:29:13 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\$StiListExchInfo.dat
[2011/05/24 07:29:12 | 000,000,270 | ---- | C] () -- C:\Windows\SysWow64\$StiLast.ini
[2011/05/24 07:29:12 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\$StiValues.ini
[2011/05/07 15:02:58 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\RTT1Lock32.dll
[2011/05/07 15:02:58 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\RTT1LockPW32.exe
[2011/04/27 09:32:42 | 001,868,800 | ---- | C] () -- C:\Windows\SysWow64\TTMCustomerCheck.dll
[2011/04/03 15:09:11 | 000,027,419 | ---- | C] () -- C:\Windows\WinSig.ini
[2011/04/03 15:09:11 | 000,002,980 | ---- | C] () -- C:\Windows\WinRos.ini
[2011/03/26 09:01:15 | 000,000,008 | RH-- | C] () -- C:\Users\Sean\hwid
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/10 11:25:01 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\PositionMonitor.dll
[2011/02/06 10:18:21 | 000,000,000 | ---- | C] () -- C:\Windows\regset.INI
[2011/02/06 10:17:57 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\patchw32.dll
[2011/02/06 10:17:56 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\LFCMP61N.DLL
[2011/02/06 10:17:56 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\Lfpng61n.dll
[2011/02/06 10:17:56 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\LTFIL61N.DLL
[2011/02/06 10:17:56 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\MSWTHK32.DLL
[2011/02/06 10:17:56 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\IMPLODE.DLL
[2011/02/06 10:17:56 | 000,003,360 | ---- | C] () -- C:\Windows\SysWow64\MSWTHK16.DLL
[2011/01/24 16:07:18 | 025,627,648 | ---- | C] () -- C:\Windows\SysWow64\FundDataVal.dll
[2011/01/14 16:12:27 | 000,325,845 | ---- | C] () -- C:\Users\Sean\AppData\Local\debuggee.mdmp
[2010/11/03 14:38:16 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\DTACollections.dll
[2010/10/07 09:15:19 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\Test2005.dll
[2010/09/29 16:09:56 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
[2010/09/28 15:20:52 | 002,269,184 | ---- | C] () -- C:\Windows\SysWow64\SmarterStops2.dll
[2010/08/17 19:43:49 | 005,128,192 | ---- | C] () -- C:\Windows\SysWow64\DBTGlobalVariable.dll
[2010/06/30 10:35:56 | 000,007,599 | ---- | C] () -- C:\Users\Sean\AppData\Local\Resmon.ResmonCfg
[2010/06/06 13:08:29 | 000,038,421 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/06/03 07:17:45 | 000,000,320 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\SEC398299.trad
[2010/05/28 19:47:45 | 000,000,576 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\wklnhst.dat
[2010/05/28 08:40:53 | 000,000,320 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\SEC429288.trad

========== LOP Check ==========

[2010/11/20 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\calibre
[2011/04/03 15:09:42 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\counters
[2012/04/11 04:41:42 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\DDS
[2012/01/29 16:37:40 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\EA Install
[2012/02/29 16:45:40 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\ECSoftware
[2011/04/04 06:38:00 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\eSignal
[2012/01/05 07:34:07 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Garmin
[2010/05/28 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Leadertech
[2012/05/27 13:19:15 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\MetaQuotes
[2010/09/13 08:42:04 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Oberon Media
[2010/06/17 13:40:06 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\PFGBEST.com
[2010/05/28 20:43:23 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\PFU
[2011/05/13 07:32:35 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\RINA Technologies
[2012/08/13 13:37:44 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\TeamViewer
[2010/05/28 19:47:46 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Template
[2012/04/12 12:55:19 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\TestApp
[2010/05/27 20:01:37 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\TradeStation Technologies
[2012/02/14 09:49:29 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\TS Support
[2012/04/13 09:15:50 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\uTorrent
[2011/06/15 17:28:17 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Windows Live Writer
[2009/07/13 22:08:49 | 000,023,412 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/16 03:55:19 | 000,000,590 | ---- | M] () -- C:\Windows\Tasks\TradeStation Backup - Daily.job

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:322EAACD
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


FSS Log:

Farbar Service Scanner Version: 06-08-2012
Ran by Sean (administrator) on 16-08-2012 at 05:40:57
Running from "C:\Users\Sean\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#5
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Do you have the Windows 7 DVD?

I need to know if you have the Recovery Console in your computer. To see this, follow these steps:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • See if the option Repair your computer exist:
    Posted Image

  • 0

#6
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
I have all of the DVDs that came with the Dell computer, but I don't believe the Windows 7 DVD was one of them. If it did come with the computer I can't find it.

I checked and the repair option is available.
  • 0

#7
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Also, there is another symptom to report. The McAfee Firewall is Off and if I try to turn it On it immediately shuts back off again. I'm no longer getting any popup messages from McAfee any more.
  • 0

#8
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#9
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
When I go through these steps and get to the point where I run FRST.exe the computer can't find the flash drive. There seems to be no other drive than c:\ when I'm in the repair mode.
  • 0

#10
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
This computer has just gotten much worse. Now I can't run anything on the computer. It boots into Windows, but none of the programs run. Everything locks up and I can see in TaskManager that there are 2 processes with oxvpml.exe running. What can I do?
  • 0

Advertisements


#11
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Some programs are running now. I was able to get OTL and Chrome to work. I've pasted the latest OTL log. Hopefully that can help you identify what has happened to the computer.

OTL logfile created on: 8/18/2012 10:24:53 AM - Run 15
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Sean\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 81.99% Memory free
15.92 Gb Paging File | 14.38 Gb Available in Paging File | 90.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.56 Gb Total Space | 609.71 Gb Free Space | 66.16% Space Free | Partition Type: NTFS
Drive D: | 655.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DELLXPSWIN7 | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 12:10:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
PRC - [2012/07/16 10:28:37 | 002,025,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/05 08:06:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/03/14 05:06:40 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/06/04 19:15:02 | 006,724,272 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2009/12/10 15:15:04 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2005/09/23 03:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
SRV - [2012/08/17 16:36:06 | 000,187,392 | ---- | M] (Orange Corporation) [Auto | Stopped] -- C:\Users\Sean\AppData\Roaming\Microsoft\Oxvpml\oxvpml.exe -- (uprhnik)
SRV - [2012/08/14 15:04:25 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/16 10:28:37 | 002,025,368 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/05 08:06:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/04/20 18:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/14 05:06:40 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/03/14 05:06:32 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/05/21 05:29:52 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/21 05:18:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/26 09:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009/02/25 19:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/16 21:08:14 | 000,057,344 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\\AstSrv.exe -- (Ast Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 09:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 09:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 09:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 09:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 09:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 09:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2009/12/10 17:40:28 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/12/10 17:40:28 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/10/16 04:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/10/02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/30 23:34:00 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/26 08:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/09/06 21:53:00 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)
DRV:64bit: - [2006/11/01 09:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 08:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A24E3311-6099-4742-B8EF-15239EF478D3}
IE:64bit: - HKLM\..\SearchScopes\{A24E3311-6099-4742-B8EF-15239EF478D3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {BBDB58D9-ED7F-4BB7-9EF6-C3962031490A}
IE - HKLM\..\SearchScopes\{BBDB58D9-ED7F-4BB7-9EF6-C3962031490A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.ipl...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{BBDB58D9-ED7F-4BB7-9EF6-C3962031490A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sean\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sean\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/17 22:07:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/27 18:54:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/27 18:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions
[2012/05/02 10:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\xc5oz44y.default\extensions
[2012/04/27 18:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Sean\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Sean\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.22 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Sean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: avast! WebRep = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

O1 HOSTS File: ([2012/04/23 16:58:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~2\Zend\ZENDST~1.2\toolbars\ZENDIE~1.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] T.EXE" File not found
O4:64bit: - HKLM..\Run: [itype] TELLITYPE PRO\ITYPE.EXE" File not found
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] 64 File not found
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] TRY THXCFG64 File not found
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] DOWSMOBILE\WMDC.EXE File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [qgmtp] C:\Users\Sean\AppData\Roaming\Microsoft\Oxvpml\oxvpml.exe (Orange Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D490E2E-9AE1-4F1F-83A3-C7FC20351125}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A407679-27E4-4AEF-A01C-8BBB2D930DF9}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/20 08:53:20 | 003,895,296 | R--- | M] (Ubi Soft Entertainment) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/04/27 08:29:08 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 22:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/17 22:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/17 22:08:27 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/17 22:08:25 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/17 22:08:20 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/17 22:08:19 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/17 22:08:18 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/17 22:08:14 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/17 22:08:13 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/17 22:07:07 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/17 22:07:05 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/17 22:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/17 22:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/17 10:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Profitunity
[2012/08/17 10:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Profitunity
[2012/08/16 07:22:23 | 000,098,304 | ---- | C] (TradeTheMarkets) -- C:\Windows\SysWow64\ProfitunityCustomerCheck.dll
[2012/08/16 05:40:10 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Sean\Desktop\FSS.exe
[2012/08/15 12:10:05 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2012/08/09 09:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2012/08/08 08:00:21 | 003,431,902 | ---- | C] (TradeTheMarkets.com ) -- C:\Users\Sean\Desktop\TTM Squeeze MC Setup 64.exe
[2012/08/07 10:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\TradeTheMarkets
[2012/08/06 14:48:40 | 000,106,496 | ---- | C] (TradeTheMarkets) -- C:\Windows\SysWow64\DBTCustomerCheck.dll
[2012/08/06 09:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rob Hoffman
[2012/08/06 09:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RobHoffman
[2012/08/06 09:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RobHoffman
[2012/08/06 07:22:56 | 000,098,304 | ---- | C] (TradeTheMarkets) -- C:\Windows\SysWow64\HoffmanCustomerCheck.dll
[2012/07/30 15:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\TS Support
[2012/07/30 15:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiCharts64
[2012/07/30 15:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiCharts
[2012/07/26 10:18:53 | 000,000,000 | ---D | C] -- C:\Test
[1 C:\Users\Sean\Desktop\*.tmp files -> C:\Users\Sean\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/18 10:29:11 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/18 10:29:11 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/18 10:24:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3366800603-694017702-1191280905-1001UA.job
[2012/08/18 10:19:44 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/18 10:19:35 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/18 10:19:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/18 10:19:13 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/18 09:18:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/18 07:46:25 | 000,000,043 | ---- | M] () -- C:\Windows\WALLSTRT.INI
[2012/08/17 22:13:06 | 000,849,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/17 22:13:06 | 000,710,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/17 22:13:06 | 000,139,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/17 22:09:51 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/17 22:09:51 | 000,002,241 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/17 22:08:29 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/17 22:08:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/17 21:57:52 | 089,340,632 | ---- | M] () -- C:\Users\Sean\Desktop\avast_free_antivirus_setup.exe
[2012/08/17 21:56:27 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/17 21:36:06 | 000,486,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/17 21:02:25 | 000,000,317 | ---- | M] () -- C:\Windows\cedt.INI
[2012/08/17 20:24:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3366800603-694017702-1191280905-1001Core.job
[2012/08/17 11:22:39 | 000,001,365 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2012/08/17 09:09:20 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2012/08/17 05:59:41 | 000,000,590 | ---- | M] () -- C:\Windows\tasks\TradeStation Backup - Daily.job
[2012/08/16 07:22:23 | 000,098,304 | ---- | M] (TradeTheMarkets) -- C:\Windows\SysWow64\ProfitunityCustomerCheck.dll
[2012/08/16 07:22:22 | 001,215,488 | ---- | M] () -- C:\Windows\SysWow64\ProfitunityCustomerCheck.pdb
[2012/08/16 07:22:22 | 000,001,968 | ---- | M] () -- C:\Windows\SysWow64\ProfitunityCustomerCheck.lib
[2012/08/16 07:22:22 | 000,000,780 | ---- | M] () -- C:\Windows\SysWow64\ProfitunityCustomerCheck.exp
[2012/08/16 05:40:13 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Sean\Desktop\FSS.exe
[2012/08/15 12:10:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2012/08/08 08:01:03 | 003,431,902 | ---- | M] (TradeTheMarkets.com ) -- C:\Users\Sean\Desktop\TTM Squeeze MC Setup 64.exe
[2012/08/07 08:05:33 | 000,257,024 | ---- | M] () -- C:\Windows\SysNative\TTMMCCheck64.dll
[2012/08/06 14:48:40 | 001,379,328 | ---- | M] () -- C:\Windows\SysWow64\DBTCustomerCheck.pdb
[2012/08/06 14:48:40 | 000,106,496 | ---- | M] (TradeTheMarkets) -- C:\Windows\SysWow64\DBTCustomerCheck.dll
[2012/08/06 14:48:39 | 000,001,968 | ---- | M] () -- C:\Windows\SysWow64\DBTCustomerCheck.lib
[2012/08/06 14:48:39 | 000,000,764 | ---- | M] () -- C:\Windows\SysWow64\DBTCustomerCheck.exp
[2012/08/06 07:22:56 | 001,215,488 | ---- | M] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.pdb
[2012/08/06 07:22:56 | 000,098,304 | ---- | M] (TradeTheMarkets) -- C:\Windows\SysWow64\HoffmanCustomerCheck.dll
[2012/08/06 07:22:56 | 000,001,968 | ---- | M] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.lib
[2012/08/06 07:22:56 | 000,000,775 | ---- | M] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.exp
[2012/08/03 14:25:36 | 009,899,008 | ---- | M] () -- C:\Windows\SysWow64\SmarterStops.pdb
[2012/08/03 14:25:36 | 004,838,392 | ---- | M] () -- C:\Windows\SysWow64\SmarterStops.ilk
[2012/08/03 14:25:36 | 002,269,184 | ---- | M] () -- C:\Windows\SysWow64\SmarterStops.dll
[2012/07/30 15:53:51 | 000,001,131 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 3D Optimization Charts.lnk
[2012/07/30 15:53:51 | 000,001,126 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64.lnk
[2012/07/30 15:53:51 | 000,001,121 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 QuoteManager.lnk
[2012/07/30 15:53:51 | 000,001,116 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 Portfolio Backtester.lnk
[2012/07/30 15:53:51 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64 3D Optimization Charts.lnk
[2012/07/30 15:53:51 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64.lnk
[2012/07/30 15:53:51 | 000,001,101 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 PowerLanguage Editor.lnk
[2012/07/30 15:53:51 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64 QuoteManager.lnk
[2012/07/30 15:53:51 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64 Portfolio Backtester.lnk
[2012/07/30 15:53:51 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts64 PowerLanguage Editor.lnk
[2012/07/30 15:21:34 | 000,001,159 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts 3D Optimization Charts.lnk
[2012/07/30 15:21:34 | 000,001,149 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts QuoteManager.lnk
[2012/07/30 15:21:34 | 000,001,144 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts.lnk
[2012/07/30 15:21:34 | 000,001,144 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts Portfolio Backtester.lnk
[2012/07/30 15:21:34 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts 3D Optimization Charts.lnk
[2012/07/30 15:21:34 | 000,001,129 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts PowerLanguage Editor.lnk
[2012/07/30 15:21:34 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts QuoteManager.lnk
[2012/07/30 15:21:34 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts.lnk
[2012/07/30 15:21:34 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts Portfolio Backtester.lnk
[2012/07/30 15:21:34 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\MultiCharts PowerLanguage Editor.lnk
[2012/07/26 10:17:51 | 000,000,000 | ---- | M] () -- C:\ESM12.csv
[2012/07/20 10:54:24 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Users\Sean\Desktop\*.tmp files -> C:\Users\Sean\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 22:09:51 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/17 22:09:51 | 000,002,241 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/17 22:08:44 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 22:08:43 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/17 22:08:29 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/17 22:08:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/17 21:57:22 | 089,340,632 | ---- | C] () -- C:\Users\Sean\Desktop\avast_free_antivirus_setup.exe
[2012/08/17 09:09:20 | 000,001,176 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 5.lnk
[2012/08/17 09:09:20 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2012/08/16 07:22:22 | 001,215,488 | ---- | C] () -- C:\Windows\SysWow64\ProfitunityCustomerCheck.pdb
[2012/08/16 07:22:22 | 000,001,968 | ---- | C] () -- C:\Windows\SysWow64\ProfitunityCustomerCheck.lib
[2012/08/16 07:22:22 | 000,000,780 | ---- | C] () -- C:\Windows\SysWow64\ProfitunityCustomerCheck.exp
[2012/08/07 08:11:43 | 000,257,024 | ---- | C] () -- C:\Windows\SysNative\TTMMCCheck64.dll
[2012/08/06 07:22:56 | 001,215,488 | ---- | C] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.pdb
[2012/08/06 07:22:56 | 000,001,968 | ---- | C] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.lib
[2012/08/06 07:22:56 | 000,000,775 | ---- | C] () -- C:\Windows\SysWow64\HoffmanCustomerCheck.exp
[2012/07/30 15:53:51 | 000,001,131 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 3D Optimization Charts.lnk
[2012/07/30 15:53:51 | 000,001,126 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64.lnk
[2012/07/30 15:53:51 | 000,001,121 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 QuoteManager.lnk
[2012/07/30 15:53:51 | 000,001,116 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 Portfolio Backtester.lnk
[2012/07/30 15:53:51 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64 3D Optimization Charts.lnk
[2012/07/30 15:53:51 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64.lnk
[2012/07/30 15:53:51 | 000,001,101 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts64 PowerLanguage Editor.lnk
[2012/07/30 15:53:51 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64 QuoteManager.lnk
[2012/07/30 15:53:51 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64 Portfolio Backtester.lnk
[2012/07/30 15:53:51 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts64 PowerLanguage Editor.lnk
[2012/07/30 15:21:34 | 000,001,159 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts 3D Optimization Charts.lnk
[2012/07/30 15:21:34 | 000,001,149 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts QuoteManager.lnk
[2012/07/30 15:21:34 | 000,001,144 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts.lnk
[2012/07/30 15:21:34 | 000,001,144 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts Portfolio Backtester.lnk
[2012/07/30 15:21:34 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts 3D Optimization Charts.lnk
[2012/07/30 15:21:34 | 000,001,129 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCharts PowerLanguage Editor.lnk
[2012/07/30 15:21:34 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts QuoteManager.lnk
[2012/07/30 15:21:34 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts.lnk
[2012/07/30 15:21:34 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts Portfolio Backtester.lnk
[2012/07/30 15:21:34 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\MultiCharts PowerLanguage Editor.lnk
[2012/07/26 10:17:51 | 000,000,000 | ---- | C] () -- C:\ESM12.csv
[2012/06/18 10:17:19 | 000,219,648 | ---- | C] () -- C:\Windows\SysWow64\TTMMCCheck2.dll
[2012/05/31 14:40:56 | 000,199,168 | ---- | C] () -- C:\Windows\SysWow64\RoboTraderFXMT.dll
[2012/05/31 14:39:50 | 000,219,648 | ---- | C] () -- C:\Windows\SysWow64\RoboTraderFXI.dll
[2012/05/29 10:09:29 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\RTTData.dll
[2012/05/24 16:15:32 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\DBTCollections.dll
[2012/05/01 14:54:46 | 001,830,400 | ---- | C] () -- C:\Windows\SysWow64\DLLExampleWrapper.dll
[2012/04/23 15:31:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/23 15:31:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/23 15:31:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/23 15:31:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/23 15:31:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/05 19:10:37 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\cid2.dll
[2012/03/19 14:17:10 | 000,000,005 | -H-- | C] () -- C:\Users\Sean\.zs
[2012/03/15 09:10:45 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\RBT1GLock32.dll
[2012/03/12 13:21:26 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/21 11:07:30 | 000,254,464 | ---- | C] () -- C:\Windows\SysWow64\RTTMCCheck64.dll
[2012/02/20 15:06:20 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\RTTMCCheck.dll
[2012/01/29 16:47:12 | 000,000,110 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\EA Installrecents.ini
[2012/01/06 10:39:37 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\FastFileAppend.dll
[2011/10/29 14:26:46 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\DBTSQLLoaderMC.dll
[2011/10/29 09:31:35 | 007,479,296 | ---- | C] () -- C:\Windows\SysWow64\TTM.GlobalVariable.dll
[2011/10/23 17:17:45 | 001,865,728 | ---- | C] () -- C:\Windows\SysWow64\TTMMCCheck.dll
[2011/10/06 07:11:22 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\RTTMCCheck2.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/14 13:57:29 | 003,387,392 | ---- | C] () -- C:\Windows\SysWow64\RTTDataMC.dll
[2011/08/09 19:13:56 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\DBTSQLLoader.dll
[2011/08/09 19:13:40 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\DBTSQLLoaderR.dll
[2011/07/23 07:53:27 | 007,479,296 | ---- | C] () -- C:\Windows\SysWow64\DBGV.dll
[2011/07/20 17:19:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SqlLoaderNetMC.dll
[2011/07/17 16:22:12 | 000,024,576 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.PLKit.dll
[2011/06/29 15:07:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\FTOVIWrap.dll
[2011/06/20 16:14:18 | 028,664,832 | ---- | C] () -- C:\Windows\SysWow64\PosDataVal.dll
[2011/06/02 18:57:56 | 000,000,218 | ---- | C] () -- C:\Users\Sean\.recently-used.xbel
[2011/05/24 07:29:47 | 000,000,011 | ---- | C] () -- C:\Windows\SysWow64\$StiLocal.dat
[2011/05/24 07:29:47 | 000,000,011 | ---- | C] () -- C:\Windows\SysWow64\$StiDesk.dat
[2011/05/24 07:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\$StiTrigger.dat
[2011/05/24 07:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\$StiSymInfo.dat
[2011/05/24 07:29:13 | 000,000,274 | ---- | C] () -- C:\Windows\SysWow64\$StiFees.dat
[2011/05/24 07:29:13 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\$StiListExchInfo.dat
[2011/05/24 07:29:12 | 000,000,270 | ---- | C] () -- C:\Windows\SysWow64\$StiLast.ini
[2011/05/24 07:29:12 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\$StiValues.ini
[2011/05/07 15:02:58 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\RTT1Lock32.dll
[2011/05/07 15:02:58 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\RTT1LockPW32.exe
[2011/04/27 09:32:42 | 001,868,800 | ---- | C] () -- C:\Windows\SysWow64\TTMCustomerCheck.dll
[2011/04/03 15:09:11 | 000,027,419 | ---- | C] () -- C:\Windows\WinSig.ini
[2011/04/03 15:09:11 | 000,002,980 | ---- | C] () -- C:\Windows\WinRos.ini
[2011/03/26 09:01:15 | 000,000,008 | RH-- | C] () -- C:\Users\Sean\hwid
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/10 11:25:01 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\PositionMonitor.dll
[2011/02/06 10:18:21 | 000,000,000 | ---- | C] () -- C:\Windows\regset.INI
[2011/02/06 10:17:57 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\patchw32.dll
[2011/02/06 10:17:56 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\LFCMP61N.DLL
[2011/02/06 10:17:56 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\Lfpng61n.dll
[2011/02/06 10:17:56 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\LTFIL61N.DLL
[2011/02/06 10:17:56 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\MSWTHK32.DLL
[2011/02/06 10:17:56 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\IMPLODE.DLL
[2011/02/06 10:17:56 | 000,003,360 | ---- | C] () -- C:\Windows\SysWow64\MSWTHK16.DLL
[2011/01/24 16:07:18 | 025,627,648 | ---- | C] () -- C:\Windows\SysWow64\FundDataVal.dll
[2011/01/14 16:12:27 | 000,325,845 | ---- | C] () -- C:\Users\Sean\AppData\Local\debuggee.mdmp
[2010/11/03 14:38:16 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\DTACollections.dll
[2010/10/07 09:15:19 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\Test2005.dll
[2010/09/29 16:09:56 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
[2010/09/28 15:20:52 | 002,269,184 | ---- | C] () -- C:\Windows\SysWow64\SmarterStops2.dll
[2010/06/30 10:35:56 | 000,007,599 | ---- | C] () -- C:\Users\Sean\AppData\Local\Resmon.ResmonCfg
[2010/06/06 13:08:29 | 000,038,421 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/06/03 07:17:45 | 000,000,320 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\SEC398299.trad
[2010/05/28 19:47:45 | 000,000,576 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\wklnhst.dat
[2010/05/28 08:40:53 | 000,000,320 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\SEC429288.trad

========== LOP Check ==========

[2010/11/20 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\calibre
[2011/04/03 15:09:42 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\counters
[2012/04/11 04:41:42 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\DDS
[2012/01/29 16:37:40 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\EA Install
[2012/02/29 16:45:40 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\ECSoftware
[2011/04/04 06:38:00 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\eSignal
[2012/01/05 07:34:07 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Garmin
[2010/05/28 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Leadertech
[2012/05/27 13:19:15 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\MetaQuotes
[2010/09/13 08:42:04 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Oberon Media
[2010/06/17 13:40:06 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\PFGBEST.com
[2010/05/28 20:43:23 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\PFU
[2011/05/13 07:32:35 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\RINA Technologies
[2012/08/16 10:14:37 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\TeamViewer
[2010/05/28 19:47:46 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Template
[2012/04/12 12:55:19 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\TestApp
[2010/05/27 20:01:37 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\TradeStation Technologies
[2012/02/14 09:49:29 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\TS Support
[2012/08/18 09:52:33 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\uTorrent
[2011/06/15 17:28:17 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Windows Live Writer
[2009/07/13 22:08:49 | 000,025,416 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/17 05:59:41 | 000,000,590 | ---- | M] () -- C:\Windows\Tasks\TradeStation Backup - Daily.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:322EAACD
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#12
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

This computer has just gotten much worse. Now I can't run anything on the computer. It boots into Windows, but none of the programs run.


You can run the browser? OTL? Or nothing works?

I only saw your OTL log after I posted. Hold on a second.
  • 0

#13
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
From your log, I saw that you have Avast installed in your computer. He works?

# Step 1 #
Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Processes
    killallprocesses
    
    :OTL
    O4 - HKCU..\Run: [qgmtp] C:\Users\Sean\AppData\Roaming\Microsoft\Oxvpml\oxvpml.exe (Orange Corporation)
    
    :Commands
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 2 #

You will need Mozilla Firefox. If you don't have, you can get a portable version here

Open Mozilla Firefox and click in the Firefox button > Select options.

Under Download, select the option Always ask me where to save files > Ok.

Posted Image

# Step 3 #

Download Combofix from any of the links below but rename it to <G2GMR> before saving it to your desktop.

Link 1
Link 2
Link 3

Double click on G2GMR & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.

# Step 4 #

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#14
sean.dbtrader

sean.dbtrader

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
OK, I'm running through ComboFix, but it looks like it is stuck on Stage 48. Should I reboot?
  • 0

#15
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
ComboFix still stuck on the same stage?

Should I reboot?

Apparently there's no other way. Restart the computer.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP