Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

All search results redirect to junk search sites


  • Please log in to reply

#16
RJLC

RJLC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL Step 1:

All processes killed
========== PROCESSES ==========
========== FILES ==========
File\Folder c:\windows\SysWOW64\user32.dll|c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rob Lutz
->Temp folder emptied: 2423455 bytes
->Temporary Internet Files folder emptied: 540582353 bytes
->Java cache emptied: 23410 bytes
->Flash cache emptied: 58790 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1017856 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120040068 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 633.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08212012_114438

Files\Folders moved on Reboot...
C:\Users\Rob Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Rob Lutz\AppData\Local\Temp\~DF05CEC6281064C7AB.TMP not found!
File\Folder C:\Users\Rob Lutz\AppData\Local\Temp\~DF7619E545076311A2.TMP not found!
File\Folder C:\Users\Rob Lutz\AppData\Local\Temp\~DFB482A45914F72CE9.TMP not found!
File\Folder C:\Users\Rob Lutz\AppData\Local\Temp\~DFBAC5104F322C162B.TMP not found!
File\Folder C:\Users\Rob Lutz\AppData\Local\Temp\~DFEEA676C6F8F4368E.TMP not found!
File\Folder C:\Users\Rob Lutz\AppData\Local\Temp\~DFF020A75A22847F0E.TMP not found!
C:\Users\Rob Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Rob Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D70044BF-0A05-46B0-8C64-7C4A535D9E5A}.tmp not found!
C:\Users\Rob Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTPRDBMT\fastbutton[1].htm moved successfully.
C:\Users\Rob Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3YALQSL\page__pid__2194955[1].htm moved successfully.
C:\Users\Rob Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QI3J60F\usagovrssfeed[1].rss moved successfully.

PendingFileRenameOperations files...
File C:\Users\Rob Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Rob Lutz\AppData\Local\Temp\~DF05CEC6281064C7AB.TMP not found!
File C:\Users\Rob Lutz\AppData\Local\Temp\~DF7619E545076311A2.TMP not found!
File C:\Users\Rob Lutz\AppData\Local\Temp\~DFB482A45914F72CE9.TMP not found!
File C:\Users\Rob Lutz\AppData\Local\Temp\~DFBAC5104F322C162B.TMP not found!
File C:\Users\Rob Lutz\AppData\Local\Temp\~DFEEA676C6F8F4368E.TMP not found!
File C:\Users\Rob Lutz\AppData\Local\Temp\~DFF020A75A22847F0E.TMP not found!
File C:\Users\Rob Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Rob Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D70044BF-0A05-46B0-8C64-7C4A535D9E5A}.tmp not found!
File C:\Users\Rob Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTPRDBMT\fastbutton[1].htm not found!
File C:\Users\Rob Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3YALQSL\page__pid__2194955[1].htm not found!
File C:\Users\Rob Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QI3J60F\usagovrssfeed[1].rss not found!

Registry entries deleted on Reboot...


OTL Step 2:

OTL logfile created on: 8/21/2012 11:52:21 AM - Run 3
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Rob Lutz\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 53.54% Memory free
8.00 Gb Paging File | 5.93 Gb Available in Paging File | 74.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 821.21 Gb Free Space | 88.17% Space Free | Partition Type: NTFS
Drive P: | 465.66 Gb Total Space | 379.00 Gb Free Space | 81.39% Space Free | Partition Type: NTFS
Drive Q: | 465.66 Gb Total Space | 379.00 Gb Free Space | 81.39% Space Free | Partition Type: NTFS
Drive U: | 465.66 Gb Total Space | 379.00 Gb Free Space | 81.39% Space Free | Partition Type: NTFS

Computer Name: RJL8 | User Name: Rob Lutz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rob Lutz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Rob Lutz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Blue Iris\blueiris.exe (Perspective Software)
PRC - C:\Program Files (x86)\LogMeIn Backup\LogmeInBackupService.exe (LogMeIn, Inc.)
PRC - C:\Program Files (x86)\LogMeIn Backup\BackupSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files (x86)\LogMeIn Backup\BackupMaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Blue Iris\BlueIrisService.exe ()
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
PRC - C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\LogMeIn Backup\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBMAPILibrary.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBCompressor.DLL ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\mbpopup.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\BackupLib.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\NativeUtils.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LogMeInBackupService.exe) -- C:\Program Files (x86)\LogMeIn Backup\LogmeInBackupService.exe (LogMeIn, Inc.)
SRV - (LMIBackupVSSService.exe) -- C:\Program Files (x86)\LogMeIn Backup\lmibackupvssserviceX64.exe (LogMeIn, Inc.)
SRV - (BackupMaint) -- C:\Program Files (x86)\LogMeIn Backup\BackupMaint.exe (LogMeIn, Inc.)
SRV - (QBVSS) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (QuickBooksDB22) -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe (Intuit, Inc.)
SRV - (BlueIris) -- C:\Program Files (x86)\Blue Iris\BlueIrisService.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FlipShare Service) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C3 4A 9C 7B FE 7B CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{19E81170-BEB0-4f39-85B5-A54536EE6989}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{81CE5430-D21E-4cc4-AC5E-054611FE9B1B}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{FB737EB6-3A3E-4e1b-B76B-4311552E3765}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/25 10:17:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/08/20 13:41:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HP LaserJet M1522 MFP Series Fax] C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Backup GUI] C:\Program Files (x86)\LogMeIn Backup\BackupSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - Startup: C:\Users\Rob Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Blue Iris.lnk = C:\Program Files (x86)\Blue Iris\blueiris.exe (Perspective Software)
O4 - Startup: C:\Users\Rob Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rob Lutz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webi...6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} http://98.235.110.16...00/JpegInst.cab (pmjpegaudio Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...5.4.logging.cab (DLM Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qb.webex.com...ra/ieatgpc1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} http://98.235.63.116:1100/MpegInst.cab (pmpeg4cam Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{799DB236-0B3B-40B9-AF2C-E90BB876816C}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACCEC188-9853-406C-8461-E90D246B5915}: DhcpNameServer = 10.1.10.1
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/21 11:44:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/21 07:19:17 | 000,000,000 | ---D | C] -- C:\Users\Rob Lutz\AppData\Roaming\QuickScan
[2012/08/20 18:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/20 13:48:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/20 13:41:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/20 10:05:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/20 10:05:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/20 10:05:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/20 10:05:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/20 10:04:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/17 10:34:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Rob Lutz\Desktop\OTL.exe
[2012/08/17 10:23:07 | 000,000,000 | ---D | C] -- C:\Users\Rob Lutz\AppData\Roaming\Malwarebytes
[2012/08/17 10:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/17 10:20:34 | 000,000,000 | ---D | C] -- C:\Users\Rob Lutz\Desktop\Malware
[2012/08/16 03:03:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/16 03:03:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/16 03:03:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/16 03:03:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/16 03:03:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/16 03:03:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/16 03:03:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/16 03:03:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/16 03:03:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/16 03:03:19 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/16 03:03:19 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/16 03:03:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/16 03:03:18 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 21:36:41 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 21:31:03 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 21:31:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 21:31:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 21:30:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 21:30:40 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 21:30:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 21:30:39 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 16:16:18 | 000,000,000 | R--D | C] -- C:\Users\Rob Lutz\Dropbox
[2012/08/15 16:14:30 | 000,000,000 | ---D | C] -- C:\Users\Rob Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/08/15 16:10:01 | 000,000,000 | ---D | C] -- C:\Users\Rob Lutz\AppData\Roaming\Dropbox
[2012/08/13 13:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/08/13 12:59:43 | 000,000,000 | ---D | C] -- C:\Users\Rob Lutz\AppData\Local\Google
[2012/08/13 12:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/28 00:09:20 | 005,538,984 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2012/07/28 00:07:44 | 010,278,912 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2012/07/27 23:43:12 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_8.982.dll
[2012/07/27 23:19:34 | 024,935,424 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2012/07/27 22:50:10 | 020,546,560 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2012/07/27 22:15:50 | 000,163,840 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2012/07/27 22:15:42 | 000,931,328 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2012/07/27 22:10:40 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2012/07/27 22:10:34 | 000,534,528 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/07/27 22:09:44 | 000,239,616 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/07/27 22:08:20 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/07/27 22:08:04 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/07/27 22:07:58 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2012/07/27 22:07:52 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2012/07/27 22:07:10 | 006,430,208 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2012/07/27 21:41:32 | 004,266,496 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2012/07/27 21:35:10 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2012/07/27 21:35:08 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2012/07/27 21:35:02 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2012/07/27 21:35:00 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2012/07/27 21:34:48 | 016,034,304 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2012/07/27 21:32:32 | 004,751,872 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2012/07/27 21:30:10 | 013,605,888 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2012/07/27 21:25:52 | 006,676,480 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2012/07/27 21:15:32 | 000,540,160 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2012/07/27 21:15:22 | 000,368,640 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2012/07/27 21:15:12 | 000,017,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2012/07/27 21:15:08 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2012/07/27 21:15:08 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2012/07/27 21:15:04 | 000,041,984 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2012/07/27 21:14:56 | 000,033,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2012/07/27 21:14:46 | 000,368,640 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2012/07/27 21:13:48 | 000,109,568 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2012/07/27 21:13:40 | 000,103,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2012/07/27 21:12:54 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2012/07/27 21:08:42 | 000,056,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2012/07/27 21:08:42 | 000,056,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2012/07/27 21:08:36 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2012/07/27 21:08:36 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/21 11:56:39 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 11:56:39 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 11:48:44 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/21 11:48:00 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/08/21 11:47:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/21 11:47:32 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/21 11:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/21 11:14:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/20 17:17:26 | 000,802,816 | ---- | M] () -- C:\Users\Rob Lutz\Desktop\Fleet Maintenance.accdb
[2012/08/20 15:54:33 | 001,069,056 | ---- | M] () -- C:\Users\Rob Lutz\Documents\Vehicle maintenance.accdb
[2012/08/20 15:53:46 | 001,015,808 | ---- | M] () -- C:\Users\Rob Lutz\Documents\Desktop Vehicle maintenance.accdb
[2012/08/20 13:41:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/17 10:34:46 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rob Lutz\Desktop\OTL.exe
[2012/08/16 03:24:25 | 005,107,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 16:16:18 | 000,001,038 | ---- | M] () -- C:\Users\Rob Lutz\Desktop\Dropbox.lnk
[2012/08/15 16:14:56 | 000,001,048 | ---- | M] () -- C:\Users\Rob Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/15 12:18:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 12:18:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/14 12:58:05 | 000,201,934 | ---- | M] () -- C:\Users\Rob Lutz\Desktop\4394 Chambers Hill Rd, Harrisburg, PA 17111 - Bing Maps.mht
[2012/08/13 16:00:26 | 000,083,874 | ---- | M] () -- C:\Users\Rob Lutz\Desktop\Josh Kramer.jpg
[2012/08/13 13:00:33 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/28 00:09:20 | 005,538,984 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2012/07/28 00:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2012/07/27 23:43:12 | 000,070,144 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_8.982.dll
[2012/07/27 23:19:34 | 024,935,424 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2012/07/27 22:50:10 | 020,546,560 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2012/07/27 22:17:00 | 000,268,728 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/07/27 22:17:00 | 000,268,728 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/07/27 22:15:50 | 000,163,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2012/07/27 22:15:42 | 000,931,328 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2012/07/27 22:13:56 | 001,100,288 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2012/07/27 22:10:40 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2012/07/27 22:10:34 | 000,534,528 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/07/27 22:09:44 | 000,239,616 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/07/27 22:08:20 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/07/27 22:08:04 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/07/27 22:07:58 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2012/07/27 22:07:52 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2012/07/27 22:07:10 | 006,430,208 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2012/07/27 21:51:12 | 007,052,288 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2012/07/27 21:41:32 | 004,266,496 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2012/07/27 21:39:50 | 003,150,560 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/07/27 21:35:10 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2012/07/27 21:35:08 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2012/07/27 21:35:02 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2012/07/27 21:35:00 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2012/07/27 21:34:48 | 016,034,304 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2012/07/27 21:32:32 | 004,751,872 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2012/07/27 21:30:54 | 003,187,136 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/07/27 21:30:10 | 013,605,888 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2012/07/27 21:25:52 | 006,676,480 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2012/07/27 21:15:32 | 000,540,160 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2012/07/27 21:15:22 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2012/07/27 21:15:12 | 000,017,920 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2012/07/27 21:15:08 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2012/07/27 21:15:08 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2012/07/27 21:15:04 | 000,041,984 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2012/07/27 21:14:56 | 000,033,280 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2012/07/27 21:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2012/07/27 21:13:54 | 000,129,536 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2012/07/27 21:13:48 | 000,109,568 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2012/07/27 21:13:40 | 000,103,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2012/07/27 21:13:32 | 000,083,456 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2012/07/27 21:12:54 | 000,053,248 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2012/07/27 21:08:42 | 000,056,320 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2012/07/27 21:08:42 | 000,056,320 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2012/07/27 21:08:36 | 000,056,832 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2012/07/27 21:08:36 | 000,056,832 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/20 10:05:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/20 10:05:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/20 10:05:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/20 10:05:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/20 10:05:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/15 16:16:18 | 000,001,038 | ---- | C] () -- C:\Users\Rob Lutz\Desktop\Dropbox.lnk
[2012/08/15 16:14:56 | 000,001,048 | ---- | C] () -- C:\Users\Rob Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/14 12:58:04 | 000,201,934 | ---- | C] () -- C:\Users\Rob Lutz\Desktop\4394 Chambers Hill Rd, Harrisburg, PA 17111 - Bing Maps.mht
[2012/08/13 16:02:44 | 000,083,874 | ---- | C] () -- C:\Users\Rob Lutz\Desktop\Josh Kramer.jpg
[2012/08/13 13:00:33 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/08/13 12:59:50 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/13 12:59:49 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 10:28:32 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2012/07/27 22:17:00 | 000,268,728 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/07/27 22:17:00 | 000,268,728 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/07/27 21:39:50 | 003,150,560 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/07/27 21:30:54 | 003,187,136 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/19 21:26:28 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
[2011/08/19 21:26:28 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2011/08/19 21:26:28 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\Gsw32.exe.config
[2011/03/25 11:11:07 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
[2010/10/28 13:35:43 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/10/09 16:27:00 | 000,800,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/26 13:58:19 | 000,003,584 | ---- | C] () -- C:\Users\Rob Lutz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< MD5 for: USER32.DLL >
[2010/11/20 08:08:57 | 000,857,600 | ---- | M] (Microsoft Corporation) MD5=57300E71DFBB58D8ED0D7B9813E55795 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< End of report >

Idle Process Step 3:

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 77.66 0 K 24 K
MsMpEng.exe 908 13.35 77,056 K 67,620 K Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
blueiris.exe 4532 6.76 56,652 K 55,840 K Blue Iris Video Security and WebCam Software Perspective Software (Verified) Perspective Software
procexp64.exe 2024 3.47 29,656 K 50,940 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts n/a 0.95 0 K 0 K Hardware Interrupts and DPCs
System 4 0.85 176 K 1,648 K
WmiPrvSE.exe 4064 0.54 7,120 K 12,176 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 1852 0.52 42,240 K 50,768 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
hamachi-2-ui.exe 2252 0.22 3,048 K 8,596 K Hamachi Client Application LogMeIn Inc. (Verified) LogMeIn, Inc.
csrss.exe 520 0.17 12,228 K 16,180 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 708 0.13 40,296 K 56,984 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 364 0.12 63,588 K 60,380 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
hamachi-2.exe 2132 0.10 4,460 K 10,268 K Hamachi Client Tunneling Engine LogMeIn Inc. (Verified) LogMeIn, Inc.
QBCFMonitorService.exe 1800 0.08 17,052 K 13,612 K QuickBooks Company File Monitoring Service Intuit (Unable to verify) Intuit
SearchIndexer.exe 2736 0.07 41,948 K 31,200 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 324 0.07 133,620 K 137,196 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 640 0.04 4,468 K 11,496 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
essvr.exe 2028 0.04 1,672 K 4,428 K (Verified) Giga-Byte Technology
svchost.exe 1204 0.04 16,568 K 17,432 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mdm.exe 2852 0.02 2,484 K 5,668 K Machine Debug Manager Microsoft Corporation (Unable to verify) Microsoft Corporation
Dropbox.exe 4604 0.02 49,128 K 55,580 K Dropbox Dropbox, Inc. (Verified) Dropbox
BlueIrisService.exe 4212 0.02 1,720 K 6,216 K (Unable to verify) (null)
svchost.exe 740 0.02 6,060 K 11,784 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 1460 0.02 14,964 K 24,216 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
LogMeInSystray.exe 3716 0.01 4,840 K 12,292 K LogMeIn Desktop Application LogMeIn, Inc. (Verified) LogMeIn, Inc.
taskhost.exe 340 0.01 3,656 K 8,016 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
BackupSystray.exe 4308 0.01 3,760 K 8,948 K LogMeIn Backup Desktop Application LogMeIn, Inc. (Verified) LogMeIn, Inc.
nusb3mon.exe 1784 0.01 1,824 K 5,404 K USB 3.0 Monitor NEC Electronics Corporation (Unable to verify) NEC Electronics Corporation
KHALMNPR.exe 4912 0.01 6,356 K 12,708 K Logitech KHAL Main Process Logitech, Inc. (Verified) Logitech
LogMeIn.exe 4672 0.01 18,968 K 20,576 K LogMeIn LogMeIn, Inc. (Verified) LogMeIn, Inc.
HPLaserJetService.exe 2176 0.01 26,752 K 3,172 K HP LaserJet Service HP (Unable to verify) HP
iexplore.exe 5640 < 0.01 69,476 K 70,488 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1084 < 0.01 13,252 K 19,740 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 4620 < 0.01 27,544 K 37,740 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 552 < 0.01 1,132 K 2,988 K Console Window Host Microsoft Corporation (Verified) Microsoft Windows
BCUService.exe 1980 < 0.01 1,216 K 4,032 K Browser Configuration Utility Auto-recovery Service DeviceVM, Inc. (Verified) DeviceVM Inc.
csrss.exe 440 < 0.01 2,392 K 5,044 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 128 < 0.01 20,060 K 21,108 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
LogmeInBackupService.exe 2804 < 0.01 8,956 K 14,652 K LogMeIn Backup Service LogMeIn, Inc. (Verified) LogMeIn, Inc.
HPTLBXFX.exe 1144 < 0.01 34,360 K 8,652 K HPTLBXFX Hewlett-Packard Company (Verified) Hewlett-Packard Company
LMIGuardianSvc.exe 2644 < 0.01 5,660 K 9,292 K LMIGuardianSvc LogMeIn, Inc. (Verified) LogMeIn, Inc.
LMIGuardian.exe 4380 < 0.01 1,204 K 3,948 K LMIGuardian LogMeIn, Inc. (Verified) LogMeIn, Inc.
LMIGuardian.exe 2920 < 0.01 1,308 K 4,140 K LMIGuardian LogMeIn, Inc. (Verified) LogMeIn, Inc.
FlipShareService.exe 1280 < 0.01 3,092 K 9,232 K FlipShare Service (Verified) Cisco-Linksys LLC
XSrvSetup.exe 2496 2,156 K 5,860 K (Unable to verify) (null)
wmpnetwk.exe 5088 4,572 K 2,408 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 5160 2,616 K 6,204 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 584 3,888 K 8,948 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 528 1,696 K 4,652 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 3604 1,832 K 5,064 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 5504 7,336 K 13,860 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 816 6,080 K 11,060 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1104 7,468 K 58,232 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1512 17,760 K 18,768 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2376 6,744 K 6,748 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2524 4,928 K 8,976 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3816 2,568 K 5,992 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2888 1,364 K 3,768 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3052 1,352 K 3,704 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 292 524 K 1,168 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SetPoint.exe 2388 8,220 K 18,148 K Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. (Verified) Logitech
services.exe 632 6,188 K 10,388 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RAVCpl64.exe 3712 8,816 K 11,056 K Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
ramaint.exe 2684 3,716 K 5,876 K LogMeIn Maintenance Service LogMeIn, Inc. (Verified) LogMeIn, Inc.
QBW32.EXE 4280 25,820 K 59,820 K QuickBooks Intuit Inc. (Verified) Intuit, Inc.
qbupdate.exe 3992 8,984 K 17,180 K QuickBooks Automatic Update Intuit Inc. (Verified) Intuit, Inc.
QBIDPService.exe 2908 12,408 K 13,272 K QBIDPService Intuit Inc. (Unable to verify) Intuit Inc.
procexp.exe 4720 2,268 K 7,220 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PMBVolumeWatcher.exe 4100 5,872 K 11,532 K Media Check Tool Sony Corporation (Verified) Sony Corporation
PMBDeviceInfoProvider.exe 3004 2,164 K 5,816 K Device Information Provider Sony Corporation (Verified) Sony Corporation
OSPPSVC.EXE 5704 4,236 K 11,580 K Microsoft Office Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Corporation
msseces.exe 3988 6,600 K 14,696 K Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
MpCmdRun.exe 3232 3,088 K 7,580 K Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
MpCmdRun.exe 5372 2,388 K 5,128 K Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Corporation
lsm.exe 648 2,668 K 4,400 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lmibackupvssserviceX64.exe 2548 4,080 K 8,004 K LogMeIn Backup VSS Service LogMeIn, Inc. (Verified) LogMeIn, Inc.
jusched.exe 4344 1,268 K 4,504 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Sun Microsystems, Inc.
hpwuschd2.exe 2800 1,112 K 3,856 K hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
hppfaxprintersrv.exe 928 2,528 K 6,776 K hppfaxprintersrv Hewlett-Packard Company (Verified) Hewlett-Packard Company
BCU.exe 808 2,000 K 5,836 K Browser Configuration Utility DeviceVM, Inc. (Verified) DeviceVM Inc.
BackupMaint.exe 1920 3,144 K 5,896 K LogMeIn Backup Maintenance Service LogMeIn, Inc. (Verified) LogMeIn, Inc.
atiesrxx.exe 980 1,708 K 4,456 K AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 1420 2,740 K 6,812 K AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe 1772 1,480 K 4,580 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
AdobeARM.exe 3032 4,048 K 12,508 K Adobe Reader and Acrobat Manager Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
acrotray.exe 4500 1,400 K 4,820 K AcroTray Adobe Systems Inc. (Verified) Adobe Systems, Incorporated
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
I see what I did wrong that time. Left off the /replace at the end. Let's try it again.

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:files
c:\windows\SysWOW64\user32.dll|c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll /replace

:Commands
[EMPTYTEMP]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.


Copy the text in the code box:

/md5start
user32.dll
/md5stop



Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes


Click on Run Scan.

You should get one log. Please copy and paste it.

Ron
  • 0

#18
RJLC

RJLC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Got this, should I still do step 2?

All processes killed
========== PROCESSES ==========
========== FILES ==========
Unable to replace file: c:\windows\SysWOW64\user32.dll with c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll without a reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rob Lutz
->Temp folder emptied: 1057125 bytes
->Temporary Internet Files folder emptied: 30458342 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 717 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119070100 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 144.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08212012_131040

Files\Folders moved on Reboot...
C:\Users\Rob Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Rob Lutz\AppData\Local\Temp\~DF0A82B545C929376B.TMP not found!
File\Folder C:\Users\Rob Lutz\AppData\Local\Temp\~DF2E7A75070407E808.TMP not found!
File\Folder C:\Users\Rob Lutz\AppData\Local\Temp\~DF37F91C14B879DBDF.TMP not found!
File\Folder C:\Users\Rob Lutz\AppData\Local\Temp\~DF82BBB7385F675A39.TMP not found!
File\Folder C:\Users\Rob Lutz\AppData\Local\Temp\~DFCF985894A990EE72.TMP not found!
File\Folder C:\Users\Rob Lutz\AppData\Local\Temp\~DFFB44E37D526DB40F.TMP not found!
C:\Users\Rob Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Rob Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WINY239Q\page__pid__2194979__st__15[1].htm moved successfully.
C:\Users\Rob Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3VNJ5SG\fastbutton[1].htm moved successfully.

PendingFileRenameOperations files...
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) c:\windows\SysWOW64\user32.dll : MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3

Registry entries deleted on Reboot...
  • 0

#19
RJLC

RJLC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Never mind, here is the 2nd log. Thanks again for all your help trying to fix this.....

OTL logfile created on: 8/21/2012 1:19:00 PM - Run 4
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Rob Lutz\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 54.40% Memory free
8.00 Gb Paging File | 5.96 Gb Available in Paging File | 74.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 821.19 Gb Free Space | 88.17% Space Free | Partition Type: NTFS
Drive P: | 465.66 Gb Total Space | 379.00 Gb Free Space | 81.39% Space Free | Partition Type: NTFS
Drive Q: | 465.66 Gb Total Space | 379.00 Gb Free Space | 81.39% Space Free | Partition Type: NTFS
Drive U: | 465.66 Gb Total Space | 379.00 Gb Free Space | 81.39% Space Free | Partition Type: NTFS

Computer Name: RJL8 | User Name: Rob Lutz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rob Lutz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Rob Lutz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Blue Iris\blueiris.exe (Perspective Software)
PRC - C:\Program Files (x86)\LogMeIn Backup\LogmeInBackupService.exe (LogMeIn, Inc.)
PRC - C:\Program Files (x86)\LogMeIn Backup\BackupSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files (x86)\LogMeIn Backup\BackupMaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Blue Iris\BlueIrisService.exe ()
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
PRC - C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\LogMeIn Backup\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBMAPILibrary.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBCompressor.DLL ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\mbpopup.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\BackupLib.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks 2012\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\NativeUtils.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LogMeInBackupService.exe) -- C:\Program Files (x86)\LogMeIn Backup\LogmeInBackupService.exe (LogMeIn, Inc.)
SRV - (LMIBackupVSSService.exe) -- C:\Program Files (x86)\LogMeIn Backup\lmibackupvssserviceX64.exe (LogMeIn, Inc.)
SRV - (BackupMaint) -- C:\Program Files (x86)\LogMeIn Backup\BackupMaint.exe (LogMeIn, Inc.)
SRV - (QBVSS) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (QuickBooksDB22) -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgrN.exe (Intuit, Inc.)
SRV - (BlueIris) -- C:\Program Files (x86)\Blue Iris\BlueIrisService.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FlipShare Service) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C3 4A 9C 7B FE 7B CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{19E81170-BEB0-4f39-85B5-A54536EE6989}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{81CE5430-D21E-4cc4-AC5E-054611FE9B1B}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{FB737EB6-3A3E-4e1b-B76B-4311552E3765}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/06/25 10:17:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/08/20 13:41:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HP LaserJet M1522 MFP Series Fax] C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Backup GUI] C:\Program Files (x86)\LogMeIn Backup\BackupSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - Startup: C:\Users\Rob Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Blue Iris.lnk = C:\Program Files (x86)\Blue Iris\blueiris.exe (Perspective Software)
O4 - Startup: C:\Users\Rob Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rob Lutz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webi...6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} http://98.235.110.16...00/JpegInst.cab (pmjpegaudio Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...5.4.logging.cab (DLM Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qb.webex.com...ra/ieatgpc1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} http://98.235.63.116:1100/MpegInst.cab (pmpeg4cam Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{799DB236-0B3B-40B9-AF2C-E90BB876816C}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACCEC188-9853-406C-8461-E90D246B5915}: DhcpNameServer = 10.1.10.1
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/21 11:44:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/21 07:19:17 | 000,000,000 | ---D | C] -- C:\Users\Rob Lutz\AppData\Roaming\QuickScan
[2012/08/20 18:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/20 13:48:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/20 13:41:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/20 10:05:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/20 10:05:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/20 10:05:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/20 10:05:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/20 10:04:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/17 10:34:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Rob Lutz\Desktop\OTL.exe
[2012/08/17 10:23:07 | 000,000,000 | ---D | C] -- C:\Users\Rob Lutz\AppData\Roaming\Malwarebytes
[2012/08/17 10:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/17 10:20:34 | 000,000,000 | ---D | C] -- C:\Users\Rob Lutz\Desktop\Malware
[2012/08/16 03:03:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/16 03:03:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/16 03:03:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/16 03:03:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/16 03:03:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/16 03:03:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/16 03:03:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/16 03:03:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/16 03:03:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/16 03:03:19 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/16 03:03:19 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/16 03:03:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/16 03:03:18 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 21:36:41 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 21:31:03 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 21:31:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 21:31:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 21:30:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 21:30:40 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 21:30:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 21:30:39 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 16:16:18 | 000,000,000 | R--D | C] -- C:\Users\Rob Lutz\Dropbox
[2012/08/15 16:14:30 | 000,000,000 | ---D | C] -- C:\Users\Rob Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/08/15 16:10:01 | 000,000,000 | ---D | C] -- C:\Users\Rob Lutz\AppData\Roaming\Dropbox
[2012/08/13 13:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/08/13 12:59:43 | 000,000,000 | ---D | C] -- C:\Users\Rob Lutz\AppData\Local\Google
[2012/08/13 12:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/28 00:09:20 | 005,538,984 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2012/07/28 00:07:44 | 010,278,912 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2012/07/27 23:43:12 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_8.982.dll
[2012/07/27 23:19:34 | 024,935,424 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2012/07/27 22:50:10 | 020,546,560 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2012/07/27 22:15:50 | 000,163,840 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2012/07/27 22:15:42 | 000,931,328 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2012/07/27 22:10:40 | 000,442,368 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2012/07/27 22:10:34 | 000,534,528 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/07/27 22:09:44 | 000,239,616 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/07/27 22:08:20 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/07/27 22:08:04 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/07/27 22:07:58 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2012/07/27 22:07:52 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2012/07/27 22:07:10 | 006,430,208 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2012/07/27 21:41:32 | 004,266,496 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2012/07/27 21:35:10 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2012/07/27 21:35:08 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2012/07/27 21:35:02 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2012/07/27 21:35:00 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2012/07/27 21:34:48 | 016,034,304 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2012/07/27 21:32:32 | 004,751,872 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2012/07/27 21:30:10 | 013,605,888 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2012/07/27 21:25:52 | 006,676,480 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2012/07/27 21:15:32 | 000,540,160 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2012/07/27 21:15:22 | 000,368,640 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2012/07/27 21:15:12 | 000,017,920 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2012/07/27 21:15:08 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2012/07/27 21:15:08 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2012/07/27 21:15:04 | 000,041,984 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2012/07/27 21:14:56 | 000,033,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2012/07/27 21:14:46 | 000,368,640 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2012/07/27 21:13:48 | 000,109,568 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2012/07/27 21:13:40 | 000,103,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2012/07/27 21:12:54 | 000,053,248 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2012/07/27 21:08:42 | 000,056,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2012/07/27 21:08:42 | 000,056,320 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2012/07/27 21:08:36 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2012/07/27 21:08:36 | 000,056,832 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/21 13:21:21 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 13:21:21 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 13:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/21 13:14:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/21 13:14:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/21 13:13:03 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/08/21 13:12:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/21 13:12:30 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/20 17:17:26 | 000,802,816 | ---- | M] () -- C:\Users\Rob Lutz\Desktop\Fleet Maintenance.accdb
[2012/08/20 15:54:33 | 001,069,056 | ---- | M] () -- C:\Users\Rob Lutz\Documents\Vehicle maintenance.accdb
[2012/08/20 15:53:46 | 001,015,808 | ---- | M] () -- C:\Users\Rob Lutz\Documents\Desktop Vehicle maintenance.accdb
[2012/08/20 13:41:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/17 10:34:46 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rob Lutz\Desktop\OTL.exe
[2012/08/16 03:24:25 | 005,107,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 16:16:18 | 000,001,038 | ---- | M] () -- C:\Users\Rob Lutz\Desktop\Dropbox.lnk
[2012/08/15 16:14:56 | 000,001,048 | ---- | M] () -- C:\Users\Rob Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/15 12:18:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 12:18:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/14 12:58:05 | 000,201,934 | ---- | M] () -- C:\Users\Rob Lutz\Desktop\4394 Chambers Hill Rd, Harrisburg, PA 17111 - Bing Maps.mht
[2012/08/13 16:00:26 | 000,083,874 | ---- | M] () -- C:\Users\Rob Lutz\Desktop\Josh Kramer.jpg
[2012/08/13 13:00:33 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/28 00:09:20 | 005,538,984 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2012/07/28 00:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2012/07/27 23:43:12 | 000,070,144 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_8.982.dll
[2012/07/27 23:19:34 | 024,935,424 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2012/07/27 22:50:10 | 020,546,560 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2012/07/27 22:17:00 | 000,268,728 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/07/27 22:17:00 | 000,268,728 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/07/27 22:15:50 | 000,163,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2012/07/27 22:15:42 | 000,931,328 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2012/07/27 22:13:56 | 001,100,288 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2012/07/27 22:10:40 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2012/07/27 22:10:34 | 000,534,528 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012/07/27 22:09:44 | 000,239,616 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012/07/27 22:08:20 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012/07/27 22:08:04 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012/07/27 22:07:58 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2012/07/27 22:07:52 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2012/07/27 22:07:10 | 006,430,208 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2012/07/27 21:51:12 | 007,052,288 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2012/07/27 21:41:32 | 004,266,496 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2012/07/27 21:39:50 | 003,150,560 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/07/27 21:35:10 | 000,051,200 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2012/07/27 21:35:08 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2012/07/27 21:35:02 | 000,044,544 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2012/07/27 21:35:00 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2012/07/27 21:34:48 | 016,034,304 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2012/07/27 21:32:32 | 004,751,872 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2012/07/27 21:30:54 | 003,187,136 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/07/27 21:30:10 | 013,605,888 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2012/07/27 21:25:52 | 006,676,480 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2012/07/27 21:15:32 | 000,540,160 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2012/07/27 21:15:22 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2012/07/27 21:15:12 | 000,017,920 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2012/07/27 21:15:08 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2012/07/27 21:15:08 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll
[2012/07/27 21:15:04 | 000,041,984 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2012/07/27 21:14:56 | 000,033,280 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2012/07/27 21:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2012/07/27 21:13:54 | 000,129,536 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2012/07/27 21:13:48 | 000,109,568 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2012/07/27 21:13:40 | 000,103,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2012/07/27 21:13:32 | 000,083,456 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2012/07/27 21:12:54 | 000,053,248 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2012/07/27 21:08:42 | 000,056,320 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2012/07/27 21:08:42 | 000,056,320 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2012/07/27 21:08:36 | 000,056,832 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2012/07/27 21:08:36 | 000,056,832 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/20 10:05:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/20 10:05:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/20 10:05:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/20 10:05:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/20 10:05:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/15 16:16:18 | 000,001,038 | ---- | C] () -- C:\Users\Rob Lutz\Desktop\Dropbox.lnk
[2012/08/15 16:14:56 | 000,001,048 | ---- | C] () -- C:\Users\Rob Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/14 12:58:04 | 000,201,934 | ---- | C] () -- C:\Users\Rob Lutz\Desktop\4394 Chambers Hill Rd, Harrisburg, PA 17111 - Bing Maps.mht
[2012/08/13 16:02:44 | 000,083,874 | ---- | C] () -- C:\Users\Rob Lutz\Desktop\Josh Kramer.jpg
[2012/08/13 13:00:33 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/08/13 12:59:50 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/13 12:59:49 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 10:28:32 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2012/07/27 22:17:00 | 000,268,728 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012/07/27 22:17:00 | 000,268,728 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012/07/27 21:39:50 | 003,150,560 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012/07/27 21:30:54 | 003,187,136 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/19 21:26:28 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
[2011/08/19 21:26:28 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2011/08/19 21:26:28 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\Gsw32.exe.config
[2011/03/25 11:11:07 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
[2010/10/28 13:35:43 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/10/09 16:27:00 | 000,800,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/26 13:58:19 | 000,003,584 | ---- | C] () -- C:\Users\Rob Lutz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< MD5 for: USER32.DLL >
[2010/11/20 08:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 09:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< End of report >
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Submit C:\Windows\SysWOW64\user32.dll to http://www.virustotal.com and let's see what they say. Unless you get 0/42 or so copy and paste the report. That may give us a clue about this beast.

I get the feeling that the bug is removing the replacement command before the reboot and now it appears to have eaten the replacement file as well since
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
is no longer with us. First time I've seen it do that.

We could probably do a manual replacement or use a boot cd and use the remaining copy
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
but it's pretty old. We are looking at the 32 bit version so we might be able to use the one on my 32 bit Win 7 but it would be safer to get one from a 64 bit system. Let me see if I can get one from CompCav. I know he has a 64 bit system.

Do you have a blank CD or a USB drive we could use to boot from?
  • 0

#21
RJLC

RJLC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Yes I have USB and or a blank CD. I got an 0/42 so I had it scanned again, here is the url: https://www.virustot...sis/1345573842/ .
It came up ok again as far as I can see.

I have another computer that is running 64, plus is it something that can be pulled off the win 7 install cd?
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Can you run the OTL scan on the good one?

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Copy the text in the code box:

/md5start
user32.dll
/md5stop



Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes


Click on Run Scan.

You should get one log. Please copy and paste it.

That will tell us if we are barking up the wrong tree and if not it will tell us where we can get a good file from.
  • 0

#23
RJLC

RJLC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Don't no if it means anything but when I went looking for the user32.dll on this machine it has a picture of a lock on it. See attached. I will go to my other 64 and do what you said and post back in a few mins.

Attached Files


  • 0

#24
RJLC

RJLC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the OTL log from the other computer:

OTL logfile created on: 8/21/2012 2:55:20 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.73 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 49.37% Memory free
3.46 Gb Paging File | 2.10 Gb Available in Paging File | 60.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 434.27 Gb Free Space | 93.26% Space Free | Partition Type: NTFS

Computer Name: RJL5 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/21 14:54:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/03/27 14:04:55 | 000,250,528 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/25 14:53:46 | 000,145,920 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2010/10/25 14:40:08 | 000,058,936 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 03:29:33 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/06/13 03:29:26 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/13 03:28:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:28:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 03:28:50 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012/05/24 12:20:31 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/24 12:03:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/24 12:02:37 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012/05/24 12:02:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/24 12:02:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/24 12:02:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/24 12:02:08 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/24 12:02:02 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010/10/25 14:36:22 | 000,119,864 | ---- | M] () -- C:\Program Files (x86)\HP\ToolboxFX\bin\NativeUtils.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/07/28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/28 17:35:35 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/14 09:42:48 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/11 16:11:01 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/11 16:10:39 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/04/02 12:17:40 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/25 14:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/11 16:10:40 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/28 18:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 16:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/14 09:42:44 | 002,159,728 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/10 16:28:48 | 000,017,192 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011/04/21 14:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/15 14:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/15 14:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/30 23:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/04/02 12:17:40 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 0D 46 E0 43 0C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65B650C9-401D-49D8-8056-F4D2E991C422}: DhcpNameServer = 10.1.10.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{58fb74fe-7895-11e1-87a3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{58fb74fe-7895-11e1-87a3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/21 14:53:56 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/08/16 07:42:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/16 07:42:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/16 07:42:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/16 07:42:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/16 07:42:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/16 07:42:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/16 07:42:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/16 07:42:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/16 07:42:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/16 07:42:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/16 07:42:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/16 07:42:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/16 07:42:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/16 07:05:42 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/16 07:05:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/16 07:05:35 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/16 07:05:35 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/16 07:05:33 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/16 07:05:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/16 07:05:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/16 07:05:32 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

========== Files - Modified Within 30 Days ==========

[2012/08/21 14:56:49 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 14:56:49 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 14:54:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/08/20 07:16:35 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/20 07:16:35 | 000,626,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/20 07:16:35 | 000,107,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/20 07:12:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/20 07:12:06 | 1393,385,472 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/16 12:04:57 | 000,433,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/05/24 13:24:17 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/27 14:05:33 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/03/27 11:34:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/27 11:32:53 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== Custom Scans ==========

< MD5 for: USER32.DLL >
[2010/11/20 23:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 23:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 23:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 23:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< End of report >
  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
OK. I would say we are barking up the wrong tree. The user32.dll is the same for both systems. Don't know why it got flagged by Combofix. I assume both PCs use the same router so we can rule it out.

I see you have both IE and Firefox. Does it do it in both? Try running Firefox in Safe Mode and see if you get redirected:

http://support.mozil...using-safe-mode
  • 0

Advertisements


#26
RJLC

RJLC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I don't have fire fox. At least I can't find it to launch anywhere on this machine.
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
For IE without add-ons: Click Start -> All Programs -> Accessories -> System Tools, and then click Internet Explorer (No Add-ons).

I would download Firefox again since it does show on your PC and see if it has the same problem.

http://www.mozilla.o...US/firefox/new/
  • 0

#28
RJLC

RJLC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OK, now I am confused. I downloaded firefox and tried to search and all seems ok. I then went back to IE and tried, bing, yahoo, and google and they seem to be working now too??????? Any ideas?
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Are you using the regular IE or the no add ons version?
  • 0

#30
RJLC

RJLC

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Reg IE. Never tried the no add one you spoke of. I have tried several more searches with both fire fox and ie with no problems. Don't no if downloading fire fox fixed the hole search thing or not but its working now. (fingers crossed)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP