[gkkeith]

I can not run any 32 bit applications. I can not run Anti-virus software or malware removal software. I am running Windows 7 Professional. In the msconfig file under startup, I see a file that I do not recognize: xidpwooedd.exe. Another questionable file: Rundll32 SPIRunE.dll,RunDLLEntry.
I can access the internet through the 64 bit.

[Advertisements]

Do you have access to another computer and a USB ? If so we will work outside of windows initially


Download the following three programmes to your desktop :


1. WiNTBootIc
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot



Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing



It will let you know when it is done
Then copy FRST to the same USB




Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this although yours will say windows 7.
Click repair my computer


Select your operating system


Select Command prompt


At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[Essexboy]

Do you have access to another computer and a USB ? If so we will work outside of windows initially


Download the following three programmes to your desktop :


1. WiNTBootIc
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot



Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing



It will let you know when it is done
Then copy FRST to the same USB




Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this although yours will say windows 7.
Click repair my computer


Select your operating system


Select Command prompt


At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[gkkeith]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2013 02
Ran by Greg at 23-01-2013 18:20:32
Running from G:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-01-23 18:05 - 2013-01-23 13:14 - 00858112 ____A C:\Users\Greg\Desktop\WiNToBootic.exe
2013-01-22 21:32 - 2013-01-23 18:09 - 00034321 ____A C:\Windows\WindowsUpdate.log
2013-01-22 21:28 - 2013-01-23 18:18 - 00001018 ____A C:\Windows\setupact.log
2013-01-22 21:28 - 2013-01-22 21:28 - 00000000 ____A C:\Windows\setuperr.log
2013-01-22 21:02 - 2009-06-02 10:17 - 00075776 ____A C:\Windows\System32\WS2Fix.exe
2013-01-22 21:02 - 2008-12-12 00:57 - 00078336 ____A (S!Ri.URZ) C:\Windows\System32\Agent.OMZ.Fix.exe
2013-01-22 21:02 - 2008-11-29 17:58 - 00082944 ____A (S!Ri.URZ) C:\Windows\System32\IEDFix.C.exe
2013-01-22 21:02 - 2008-10-01 14:51 - 00087552 ____A (S!Ri.URZ) C:\Windows\System32\VACFix.exe
2013-01-22 21:02 - 2008-09-20 11:45 - 00080384 ____A (S!Ri.URZ) C:\Windows\System32\o4Patch.exe
2013-01-22 21:02 - 2008-08-18 11:19 - 00082432 ____A (S!Ri.URZ) C:\Windows\System32\404Fix.exe
2013-01-22 21:02 - 2008-05-18 20:40 - 00082944 ____A (S!Ri.URZ) C:\Windows\System32\IEDFix.exe
2013-01-22 21:02 - 2007-09-05 23:22 - 00289144 ____A (S!Ri) C:\Windows\System32\VCCLSID.exe
2013-01-22 21:02 - 2006-12-01 05:20 - 00079360 ____A (SteelWerX) C:\Windows\System32\swxcacls.exe
2013-01-22 21:02 - 2006-08-29 18:43 - 00135168 ____A (SteelWerX) C:\Windows\System32\swreg.exe
2013-01-22 21:02 - 2006-04-27 16:49 - 00288417 ____A (S!Ri) C:\Windows\System32\SrchSTS.exe
2013-01-22 21:02 - 2006-01-09 09:36 - 00040960 ____A C:\Windows\System32\swsc.exe
2013-01-22 21:02 - 2004-07-31 17:50 - 00051200 ____A C:\Windows\System32\dumphive.exe
2013-01-22 21:02 - 2003-06-05 20:13 - 00053248 ____A (http://www.beyondlogic.org) C:\Windows\System32\Process.exe
2013-01-22 20:49 - 2013-01-22 20:49 - 02957840 ____A (Symantec Corporation) C:\Users\Greg\Desktop\NPE.exe
2013-01-22 20:13 - 2013-01-22 21:13 - 00000000 ____D C:\Windows\pss
2013-01-22 16:13 - 2013-01-22 16:13 - 16409960 ____A (Safer Networking Limited ) C:\Users\Greg\Desktop\spybotsd162.exe
2013-01-20 21:37 - 2013-01-20 21:37 - 00031120 ____A C:\{0359807E-1B18-44B1-9FDA-2F9D757E0DFE}
2013-01-20 13:44 - 2013-01-20 13:44 - 00031120 ____A C:\{F83A5D03-6432-45A6-BBE5-939FB6F37714}
2013-01-20 01:10 - 2013-01-20 01:10 - 00031120 ____A C:\{7FE6CFCC-0756-4B28-B74C-F8967D4DAB04}
2013-01-19 13:01 - 2013-01-19 13:01 - 00031120 ____A C:\{6087B4AB-4E3C-4F76-B4A0-09199E3E652D}
2013-01-19 03:37 - 2013-01-19 03:37 - 00031120 ____A C:\{E3C01294-E365-4861-8EEE-BA42E3A16887}
2013-01-19 01:11 - 2013-01-19 01:11 - 00031288 ____A C:\{D214B67E-7770-4427-A619-EB64469C8252}
2013-01-18 10:07 - 2013-01-18 10:07 - 00031112 ____A C:\{72CECB7A-2FD8-48EF-8EB2-9B42EEAD7A96}
2013-01-18 01:16 - 2013-01-18 01:16 - 00031128 ____A C:\{E7DAF1BA-7118-41D9-892A-4DD59FC054AD}
2013-01-17 13:35 - 2013-01-17 13:35 - 00031128 ____A C:\{561FBD64-5BD6-4181-BD7E-2B6347851FC6}
2013-01-17 01:29 - 2013-01-17 01:29 - 00031288 ____A C:\{1DEEF191-5ED4-44BE-8322-75D217D57F98}
2013-01-16 13:40 - 2013-01-16 13:40 - 00031128 ____A C:\{A24B0296-8DA0-44AD-B6DC-3C028D0B1146}
2013-01-15 18:30 - 2013-01-15 18:30 - 00031288 ____A C:\{54128122-D539-4BDE-AE70-990FBF236131}
2013-01-15 13:22 - 2013-01-15 13:22 - 00031136 ____A C:\{C1045E3B-A181-48B9-8C98-179E1EAD4DC3}
2013-01-14 16:27 - 2013-01-14 16:27 - 00031128 ____A C:\{2C536ABA-C7D7-46DD-BC88-EDA09A4EF809}
2013-01-13 13:30 - 2013-01-13 13:30 - 00031152 ____A C:\{49851CB9-6D43-4A82-B655-AA515A97B38A}
2013-01-13 01:56 - 2013-01-13 01:56 - 00031136 ____A C:\{4E282032-A8D9-4975-B5CB-AE9E24617D6F}
2013-01-12 17:19 - 2013-01-12 17:19 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Awesomium
2013-01-12 17:18 - 2013-01-12 17:18 - 00031152 ____A C:\{20DA0C02-2B53-4A18-A67E-284589B5D4EB}
2013-01-12 10:03 - 2013-01-12 10:03 - 00000000 ____D C:\Users\Greg\AppData\Local\CCH_Small_Firm_Services
2013-01-12 10:00 - 2013-01-12 10:00 - 00000000 ____D C:\Users\All Users\Gibraltar
2013-01-12 09:58 - 2013-01-12 17:25 - 00002051 ____A C:\Users\Public\Desktop\STS 2012.lnk
2013-01-12 09:57 - 2013-01-12 09:57 - 00000000 ____D C:\Users\All Users\CCH Small Firm Services
2013-01-12 09:57 - 2013-01-12 09:57 - 00000000 ____D C:\Program Files (x86)\CCH Small Firm Services
2013-01-12 09:43 - 2013-01-12 09:43 - 00031144 ____A C:\{95FA9D90-E001-4153-920A-DAFCF7F0677A}
2013-01-11 13:39 - 2013-01-11 13:39 - 00031128 ____A C:\{5E9E9517-E0A2-48E0-92EE-EE9404491CE5}
2013-01-10 07:03 - 2013-01-10 07:03 - 00031296 ____A C:\{7F0FE94D-D0B9-4FE3-A812-1201CE49E442}
2013-01-10 01:45 - 2013-01-10 01:45 - 00031144 ____A C:\{AA3EF57E-F883-4CEE-8E95-6549AB5AE2FE}
2013-01-09 22:04 - 2013-01-09 22:05 - 00000000 ____D C:\Users\Greg\Desktop\Desk Top
2013-01-09 22:00 - 2013-01-09 22:02 - 00000000 ____D C:\Users\Greg\Desktop\City of Smithville
2013-01-09 21:39 - 2013-01-09 21:39 - 00000000 ____D C:\Program Files (x86)\VitalSource Bookshelf
2013-01-09 21:34 - 2013-01-09 21:34 - 00000000 ____D C:\Users\Greg\Documents\My Books
2013-01-09 21:31 - 2013-01-09 21:39 - 00002749 ____A C:\Users\Public\Desktop\VitalSource Bookshelf.lnk
2013-01-09 21:30 - 2013-01-09 21:30 - 00000000 ____D C:\Users\Public\Documents\Shared Books
2013-01-09 13:19 - 2013-01-09 13:19 - 00031128 ____A C:\{1EC36ED4-67EE-47D5-956D-8E374B2F0B4F}
2013-01-08 13:03 - 2013-01-08 13:03 - 00031144 ____A C:\{8C853E91-0924-4B5E-BD88-A34B8AE1DBD0}
2013-01-06 20:14 - 2013-01-06 20:14 - 00031144 ____A C:\{97B6794E-F84F-462A-BBEB-B6BDAE8877F5}
2013-01-06 15:34 - 2013-01-22 21:22 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-01-06 15:34 - 2013-01-22 21:22 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-01-06 15:34 - 2013-01-06 15:34 - 00002582 ____A C:\Users\Public\Desktop\Norton 360.lnk
2013-01-06 15:34 - 2013-01-06 15:34 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-01-05 20:31 - 2013-01-06 15:27 - 00000000 ___DC C:\Users\Greg\AppData\Local\MigWiz
2013-01-04 22:12 - 2013-01-04 22:12 - 00000000 ____D C:\Users\Greg\Documents\Symantec
2013-01-04 22:11 - 2013-01-22 21:22 - 00000000 ____D C:\Program Files\Symantec
2013-01-04 22:11 - 2013-01-22 21:22 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-01-04 22:10 - 2013-01-06 15:34 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-01-04 22:04 - 2013-01-21 23:04 - 00000000 ____D C:\Users\All Users\Norton
2013-01-04 22:04 - 2013-01-04 22:04 - 00000000 ____D C:\Users\Public\Downloads\Norton


==================== One Month Modified Files and Folders =======

2013-01-23 18:19 - 2013-01-23 18:19 - 00000000 ____D C:\FRST
2013-01-23 18:18 - 2013-01-22 21:28 - 00001018 ____A C:\Windows\setupact.log
2013-01-23 18:18 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-23 18:09 - 2013-01-22 21:32 - 00034321 ____A C:\Windows\WindowsUpdate.log
2013-01-23 18:05 - 2009-07-13 23:13 - 00798858 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-23 18:01 - 2012-04-09 15:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-23 13:14 - 2013-01-23 18:05 - 00858112 ____A C:\Users\Greg\Desktop\WiNToBootic.exe
2013-01-23 01:31 - 2009-07-13 22:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-23 01:31 - 2009-07-13 22:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-22 21:28 - 2013-01-22 21:28 - 00000000 ____A C:\Windows\setuperr.log
2013-01-22 21:22 - 2013-01-06 15:34 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-01-22 21:22 - 2013-01-06 15:34 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-01-22 21:22 - 2013-01-04 22:11 - 00000000 ____D C:\Program Files\Symantec
2013-01-22 21:22 - 2013-01-04 22:11 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-01-22 21:13 - 2013-01-22 20:13 - 00000000 ____D C:\Windows\pss
2013-01-22 21:11 - 2012-08-17 00:26 - 00000000 ____D C:\Windows\Minidump
2013-01-22 21:02 - 2012-10-11 18:12 - 00000456 ____A C:\rapport.txt
2013-01-22 20:49 - 2013-01-22 20:49 - 02957840 ____A (Symantec Corporation) C:\Users\Greg\Desktop\NPE.exe
2013-01-22 16:13 - 2013-01-22 16:13 - 16409960 ____A (Safer Networking Limited ) C:\Users\Greg\Desktop\spybotsd162.exe
2013-01-22 00:06 - 2012-01-29 19:03 - 00000000 ____D C:\users\Greg
2013-01-21 23:06 - 2009-07-13 22:45 - 00588880 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-21 23:05 - 2012-02-05 23:11 - 00000000 ____D C:\users\MagicJack
2013-01-21 23:05 - 2012-02-01 06:43 - 00000000 ____D C:\users\Lisa
2013-01-21 23:04 - 2013-01-04 22:04 - 00000000 ____D C:\Users\All Users\Norton
2013-01-21 23:04 - 2012-01-29 19:12 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Mozilla
2013-01-21 23:04 - 2012-01-18 13:22 - 00000000 ____D C:\Users\All Users\Trend Micro
2013-01-21 23:04 - 2012-01-18 13:21 - 00000000 ____D C:\Program Files\Trend Micro
2013-01-21 23:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF
2013-01-21 23:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\servicing
2013-01-21 23:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\security
2013-01-21 23:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-01-21 23:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-01-21 23:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2013-01-21 23:02 - 2012-10-11 22:18 - 00000000 ____D C:\Users\Greg\Desktop\SmitfraudFix
2013-01-21 23:01 - 2012-01-18 13:09 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-01-21 21:20 - 2012-01-29 19:10 - 00156128 ____A C:\Users\Greg\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-20 21:52 - 2012-12-22 22:58 - 00000000 ____D C:\Users\Greg\AppData\Local\CrashDumps
2013-01-20 21:37 - 2013-01-20 21:37 - 00031120 ____A C:\{0359807E-1B18-44B1-9FDA-2F9D757E0DFE}
2013-01-20 15:17 - 2012-01-30 00:27 - 00000000 ____D C:\Users\Greg\Documents\Outlook Files
2013-01-20 15:05 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-01-20 14:32 - 2012-01-18 13:25 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-01-20 14:32 - 2012-01-18 13:25 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-01-20 13:44 - 2013-01-20 13:44 - 00031120 ____A C:\{F83A5D03-6432-45A6-BBE5-939FB6F37714}
2013-01-20 01:10 - 2013-01-20 01:10 - 00031120 ____A C:\{7FE6CFCC-0756-4B28-B74C-F8967D4DAB04}
2013-01-19 13:01 - 2013-01-19 13:01 - 00031120 ____A C:\{6087B4AB-4E3C-4F76-B4A0-09199E3E652D}
2013-01-19 03:37 - 2013-01-19 03:37 - 00031120 ____A C:\{E3C01294-E365-4861-8EEE-BA42E3A16887}
2013-01-19 01:11 - 2013-01-19 01:11 - 00031288 ____A C:\{D214B67E-7770-4427-A619-EB64469C8252}
2013-01-18 10:07 - 2013-01-18 10:07 - 00031112 ____A C:\{72CECB7A-2FD8-48EF-8EB2-9B42EEAD7A96}
2013-01-18 01:16 - 2013-01-18 01:16 - 00031128 ____A C:\{E7DAF1BA-7118-41D9-892A-4DD59FC054AD}
2013-01-17 13:35 - 2013-01-17 13:35 - 00031128 ____A C:\{561FBD64-5BD6-4181-BD7E-2B6347851FC6}
2013-01-17 01:29 - 2013-01-17 01:29 - 00031288 ____A C:\{1DEEF191-5ED4-44BE-8322-75D217D57F98}
2013-01-16 13:40 - 2013-01-16 13:40 - 00031128 ____A C:\{A24B0296-8DA0-44AD-B6DC-3C028D0B1146}
2013-01-15 18:30 - 2013-01-15 18:30 - 00031288 ____A C:\{54128122-D539-4BDE-AE70-990FBF236131}
2013-01-15 13:22 - 2013-01-15 13:22 - 00031136 ____A C:\{C1045E3B-A181-48B9-8C98-179E1EAD4DC3}
2013-01-14 16:27 - 2013-01-14 16:27 - 00031128 ____A C:\{2C536ABA-C7D7-46DD-BC88-EDA09A4EF809}
2013-01-13 13:30 - 2013-01-13 13:30 - 00031152 ____A C:\{49851CB9-6D43-4A82-B655-AA515A97B38A}
2013-01-13 01:56 - 2013-01-13 01:56 - 00031136 ____A C:\{4E282032-A8D9-4975-B5CB-AE9E24617D6F}
2013-01-12 17:25 - 2013-01-12 09:58 - 00002051 ____A C:\Users\Public\Desktop\STS 2012.lnk
2013-01-12 17:19 - 2013-01-12 17:19 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Awesomium
2013-01-12 17:18 - 2013-01-12 17:18 - 00031152 ____A C:\{20DA0C02-2B53-4A18-A67E-284589B5D4EB}
2013-01-12 10:39 - 2012-01-29 23:48 - 00000000 ____D C:\Program Files (x86)\ATX2011
2013-01-12 10:03 - 2013-01-12 10:03 - 00000000 ____D C:\Users\Greg\AppData\Local\CCH_Small_Firm_Services
2013-01-12 10:00 - 2013-01-12 10:00 - 00000000 ____D C:\Users\All Users\Gibraltar
2013-01-12 09:58 - 2012-01-18 13:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-01-12 09:57 - 2013-01-12 09:57 - 00000000 ____D C:\Users\All Users\CCH Small Firm Services
2013-01-12 09:57 - 2013-01-12 09:57 - 00000000 ____D C:\Program Files (x86)\CCH Small Firm Services
2013-01-12 09:43 - 2013-01-12 09:43 - 00031144 ____A C:\{95FA9D90-E001-4153-920A-DAFCF7F0677A}
2013-01-11 13:39 - 2013-01-11 13:39 - 00031128 ____A C:\{5E9E9517-E0A2-48E0-92EE-EE9404491CE5}
2013-01-10 07:03 - 2013-01-10 07:03 - 00031296 ____A C:\{7F0FE94D-D0B9-4FE3-A812-1201CE49E442}
2013-01-10 01:45 - 2013-01-10 01:45 - 00031144 ____A C:\{AA3EF57E-F883-4CEE-8E95-6549AB5AE2FE}
2013-01-09 22:07 - 2012-01-30 23:27 - 00000000 ____D C:\Users\Greg\Desktop\Sentinel Tax Service LLC
2013-01-09 22:05 - 2013-01-09 22:04 - 00000000 ____D C:\Users\Greg\Desktop\Desk Top
2013-01-09 22:05 - 2012-03-09 23:39 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-01-09 22:02 - 2013-01-09 22:00 - 00000000 ____D C:\Users\Greg\Desktop\City of Smithville
2013-01-09 21:39 - 2013-01-09 21:39 - 00000000 ____D C:\Program Files (x86)\VitalSource Bookshelf
2013-01-09 21:39 - 2013-01-09 21:31 - 00002749 ____A C:\Users\Public\Desktop\VitalSource Bookshelf.lnk
2013-01-09 21:34 - 2013-01-09 21:34 - 00000000 ____D C:\Users\Greg\Documents\My Books
2013-01-09 21:30 - 2013-01-09 21:30 - 00000000 ____D C:\Users\Public\Documents\Shared Books
2013-01-09 13:19 - 2013-01-09 13:19 - 00031128 ____A C:\{1EC36ED4-67EE-47D5-956D-8E374B2F0B4F}
2013-01-09 01:36 - 2012-04-09 15:22 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-09 01:36 - 2012-01-18 12:51 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-08 13:03 - 2013-01-08 13:03 - 00031144 ____A C:\{8C853E91-0924-4B5E-BD88-A34B8AE1DBD0}
2013-01-06 20:14 - 2013-01-06 20:14 - 00031144 ____A C:\{97B6794E-F84F-462A-BBEB-B6BDAE8877F5}
2013-01-06 15:36 - 2010-11-20 21:24 - 00857600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2013-01-06 15:34 - 2013-01-06 15:34 - 00002582 ____A C:\Users\Public\Desktop\Norton 360.lnk
2013-01-06 15:34 - 2013-01-06 15:34 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-01-06 15:34 - 2013-01-04 22:10 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-01-06 15:27 - 2013-01-05 20:31 - 00000000 ___DC C:\Users\Greg\AppData\Local\MigWiz
2013-01-06 15:17 - 2012-12-05 20:41 - 00000000 ____D C:\Windows\56E884B5B9B64432B2093A3EF41C7A01.TMP
2013-01-06 15:17 - 2012-04-05 11:04 - 00000000 ____D C:\Program Files\Dell Support Center
2013-01-06 15:17 - 2012-03-09 23:39 - 00000000 ____D C:\Program Files\CCleaner
2013-01-06 15:17 - 2012-02-05 23:13 - 00000000 ____D C:\Users\MagicJack\AppData\Roaming\mjusbsp
2013-01-06 15:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-01-06 15:13 - 2012-02-05 10:00 - 00000000 ____D C:\Users\All Users\PCDr
2013-01-06 15:11 - 2012-01-30 00:07 - 00000000 __RHD C:\MSOCache
2013-01-04 22:12 - 2013-01-04 22:12 - 00000000 ____D C:\Users\Greg\Documents\Symantec
2013-01-04 22:04 - 2013-01-04 22:04 - 00000000 ____D C:\Users\Public\Downloads\Norton

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2010-11-20 21:24] - [2013-01-06 15:36] - 0857600 ____A (Microsoft Corporation) CD53010A3183D78AC98F3EEAF01AACF0

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 4078.45 MB
Available physical RAM: 3168.13 MB
Total Pagefile: 8155.08 MB
Available Pagefile: 7145.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:449.57 GB) (Free:388.75 GB) NTFS
2 Drive d: (ATX2012) (CDROM) (Total:0.16 GB) (Free:0 GB) CDFS
4 Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:1847.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (USB DISK) (Removable) (Total:28.88 GB) (Free:28.61 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 28 GB 0 B
Disk 2 Online 1863 GB 1024 KB

Partitions of Disk 0:
===============

Disk ID: C8C2A208

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 16 GB 40 MB
Partition 3 Primary 449 GB 16 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 RECOVERY NTFS Partition 16 GB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 449 GB Healthy Boot

=========================================================

Partitions of Disk 1:
===============

Disk ID: C3072E18

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 28 GB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G USB DISK FAT32 Removable 28 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Disk ID: E567A203

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 31 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F FreeAgent G NTFS Partition 1863 GB Healthy

=========================================================

Last Boot: 2013-01-14 00:50

==================== End Of Log =============================

[Essexboy]

It looks as though you run that from safe mode, it does not function properly there as it is unable to gather all data

Lets try this seeing as you are in safe mode

• Download RogueKiller and save it on your desktop.
  
  NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
• The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

[gkkeith]

FRST64 ran again when I turned computer on. This is the new file that was created:
RogueKiller would not run: Error message - The application was unable to start correctly (0xc0000005). Click OK to close the application.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2013 02
Ran by SYSTEM at 24-01-2013 18:41:29
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe" [84464 2009-07-21] ()
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-22] (Adobe Systems Inc.)
HKU\MagicJack\...\Run: [cdloader] "C:\Users\MagicJack\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2012-02-01] (magicJack L.P.)
Tcpip\Parameters: [DhcpNameServer] 24.177.176.38 71.92.29.130 24.217.201.67

==================== Services (Whitelisted) ===================

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [69632 2012-04-09] (Adobe Systems)
2 N360; "C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.0.19\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.0.19\diMaster.dll" /prefetch:1 [535416 2012-10-11] (Symantec Corporation)
2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 [x]

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [1384608 2012-11-29] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-04] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130113.001\IDSvia64.sys [513184 2013-01-04] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130114.004\ENG64.SYS [126112 2013-01-04] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130114.004\EX64.SYS [2084000 2013-01-04] (Symantec Corporation)
3 SRTSP; C:\Windows\system32\drivers\N360x64\1402000.013\SRTSP64.SYS [776864 2012-10-08] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS [37496 2012-09-06] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\1402000.013\SYMDS64.SYS [493216 2012-10-03] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\1402000.013\SYMEFA64.SYS [1133216 2012-10-03] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-01-22] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation)
1 SymNetS; C:\Windows\system32\drivers\N360x64\1402000.013\SYMNETS.SYS [432800 2012-09-06] (Symantec Corporation)
2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90896 2011-05-21] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144656 2011-05-21] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [69392 2011-05-21] (Trend Micro Inc.)
1 tmlwf; C:\Windows\System32\Drivers\tmlwf.sys [194640 2011-05-21] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2011-05-21] (Trend Micro Inc.)
2 tmwfp; C:\Windows\System32\Drivers\tmwfp.sys [339536 2011-05-21] (Trend Micro Inc.)
3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-23 16:05 - 2013-01-23 11:14 - 00858112 ____A C:\Users\Greg\Desktop\WiNToBootic.exe
2013-01-22 19:32 - 2013-01-24 16:33 - 00068934 ____A C:\Windows\WindowsUpdate.log
2013-01-22 19:28 - 2013-01-24 16:34 - 00001186 ____A C:\Windows\setupact.log
2013-01-22 19:28 - 2013-01-22 19:28 - 00000000 ____A C:\Windows\setuperr.log
2013-01-22 19:02 - 2009-06-02 08:17 - 00075776 ____A C:\Windows\System32\WS2Fix.exe
2013-01-22 19:02 - 2008-12-11 22:57 - 00078336 ____A (S!Ri.URZ) C:\Windows\System32\Agent.OMZ.Fix.exe
2013-01-22 19:02 - 2008-11-29 15:58 - 00082944 ____A (S!Ri.URZ) C:\Windows\System32\IEDFix.C.exe
2013-01-22 19:02 - 2008-10-01 12:51 - 00087552 ____A (S!Ri.URZ) C:\Windows\System32\VACFix.exe
2013-01-22 19:02 - 2008-09-20 09:45 - 00080384 ____A (S!Ri.URZ) C:\Windows\System32\o4Patch.exe
2013-01-22 19:02 - 2008-08-18 09:19 - 00082432 ____A (S!Ri.URZ) C:\Windows\System32\404Fix.exe
2013-01-22 19:02 - 2008-05-18 18:40 - 00082944 ____A (S!Ri.URZ) C:\Windows\System32\IEDFix.exe
2013-01-22 19:02 - 2007-09-05 21:22 - 00289144 ____A (S!Ri) C:\Windows\System32\VCCLSID.exe
2013-01-22 19:02 - 2006-12-01 03:20 - 00079360 ____A (SteelWerX) C:\Windows\System32\swxcacls.exe
2013-01-22 19:02 - 2006-08-29 16:43 - 00135168 ____A (SteelWerX) C:\Windows\System32\swreg.exe
2013-01-22 19:02 - 2006-04-27 14:49 - 00288417 ____A (S!Ri) C:\Windows\System32\SrchSTS.exe
2013-01-22 19:02 - 2006-01-09 07:36 - 00040960 ____A C:\Windows\System32\swsc.exe
2013-01-22 19:02 - 2004-07-31 15:50 - 00051200 ____A C:\Windows\System32\dumphive.exe
2013-01-22 19:02 - 2003-06-05 18:13 - 00053248 ____A (http://www.beyondlogic.org) C:\Windows\System32\Process.exe
2013-01-22 18:49 - 2013-01-22 18:49 - 02957840 ____A (Symantec Corporation) C:\Users\Greg\Desktop\NPE.exe
2013-01-22 18:13 - 2013-01-22 19:13 - 00000000 ____D C:\Windows\pss
2013-01-22 14:13 - 2013-01-22 14:13 - 16409960 ____A (Safer Networking Limited ) C:\Users\Greg\Desktop\spybotsd162.exe
2013-01-20 19:37 - 2013-01-20 19:37 - 00031120 ____A C:\{0359807E-1B18-44B1-9FDA-2F9D757E0DFE}
2013-01-20 11:44 - 2013-01-20 11:44 - 00031120 ____A C:\{F83A5D03-6432-45A6-BBE5-939FB6F37714}
2013-01-19 23:10 - 2013-01-19 23:10 - 00031120 ____A C:\{7FE6CFCC-0756-4B28-B74C-F8967D4DAB04}
2013-01-19 11:01 - 2013-01-19 11:01 - 00031120 ____A C:\{6087B4AB-4E3C-4F76-B4A0-09199E3E652D}
2013-01-19 01:37 - 2013-01-19 01:37 - 00031120 ____A C:\{E3C01294-E365-4861-8EEE-BA42E3A16887}
2013-01-18 23:11 - 2013-01-18 23:11 - 00031288 ____A C:\{D214B67E-7770-4427-A619-EB64469C8252}
2013-01-18 08:07 - 2013-01-18 08:07 - 00031112 ____A C:\{72CECB7A-2FD8-48EF-8EB2-9B42EEAD7A96}
2013-01-17 23:16 - 2013-01-17 23:16 - 00031128 ____A C:\{E7DAF1BA-7118-41D9-892A-4DD59FC054AD}
2013-01-17 11:35 - 2013-01-17 11:35 - 00031128 ____A C:\{561FBD64-5BD6-4181-BD7E-2B6347851FC6}
2013-01-16 23:29 - 2013-01-16 23:29 - 00031288 ____A C:\{1DEEF191-5ED4-44BE-8322-75D217D57F98}
2013-01-16 11:40 - 2013-01-16 11:40 - 00031128 ____A C:\{A24B0296-8DA0-44AD-B6DC-3C028D0B1146}
2013-01-15 16:30 - 2013-01-15 16:30 - 00031288 ____A C:\{54128122-D539-4BDE-AE70-990FBF236131}
2013-01-15 11:22 - 2013-01-15 11:22 - 00031136 ____A C:\{C1045E3B-A181-48B9-8C98-179E1EAD4DC3}
2013-01-14 14:27 - 2013-01-14 14:27 - 00031128 ____A C:\{2C536ABA-C7D7-46DD-BC88-EDA09A4EF809}
2013-01-13 11:30 - 2013-01-13 11:30 - 00031152 ____A C:\{49851CB9-6D43-4A82-B655-AA515A97B38A}
2013-01-12 23:56 - 2013-01-12 23:56 - 00031136 ____A C:\{4E282032-A8D9-4975-B5CB-AE9E24617D6F}
2013-01-12 15:19 - 2013-01-12 15:19 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Awesomium
2013-01-12 15:18 - 2013-01-12 15:18 - 00031152 ____A C:\{20DA0C02-2B53-4A18-A67E-284589B5D4EB}
2013-01-12 08:03 - 2013-01-12 08:03 - 00000000 ____D C:\Users\Greg\AppData\Local\CCH_Small_Firm_Services
2013-01-12 08:00 - 2013-01-12 08:00 - 00000000 ____D C:\Users\All Users\Gibraltar
2013-01-12 07:58 - 2013-01-12 15:25 - 00002051 ____A C:\Users\Public\Desktop\STS 2012.lnk
2013-01-12 07:57 - 2013-01-12 07:57 - 00000000 ____D C:\Users\All Users\CCH Small Firm Services
2013-01-12 07:57 - 2013-01-12 07:57 - 00000000 ____D C:\Program Files (x86)\CCH Small Firm Services
2013-01-12 07:43 - 2013-01-12 07:43 - 00031144 ____A C:\{95FA9D90-E001-4153-920A-DAFCF7F0677A}
2013-01-11 11:39 - 2013-01-11 11:39 - 00031128 ____A C:\{5E9E9517-E0A2-48E0-92EE-EE9404491CE5}
2013-01-10 05:03 - 2013-01-10 05:03 - 00031296 ____A C:\{7F0FE94D-D0B9-4FE3-A812-1201CE49E442}
2013-01-09 23:45 - 2013-01-09 23:45 - 00031144 ____A C:\{AA3EF57E-F883-4CEE-8E95-6549AB5AE2FE}
2013-01-09 20:04 - 2013-01-09 20:05 - 00000000 ____D C:\Users\Greg\Desktop\Desk Top
2013-01-09 20:00 - 2013-01-09 20:02 - 00000000 ____D C:\Users\Greg\Desktop\City of Smithville
2013-01-09 19:39 - 2013-01-09 19:39 - 00000000 ____D C:\Program Files (x86)\VitalSource Bookshelf
2013-01-09 19:34 - 2013-01-09 19:34 - 00000000 ____D C:\Users\Greg\Documents\My Books
2013-01-09 19:31 - 2013-01-09 19:39 - 00002749 ____A C:\Users\Public\Desktop\VitalSource Bookshelf.lnk
2013-01-09 19:30 - 2013-01-09 19:30 - 00000000 ____D C:\Users\Public\Documents\Shared Books
2013-01-09 11:19 - 2013-01-09 11:19 - 00031128 ____A C:\{1EC36ED4-67EE-47D5-956D-8E374B2F0B4F}
2013-01-08 11:03 - 2013-01-08 11:03 - 00031144 ____A C:\{8C853E91-0924-4B5E-BD88-A34B8AE1DBD0}
2013-01-06 18:14 - 2013-01-06 18:14 - 00031144 ____A C:\{97B6794E-F84F-462A-BBEB-B6BDAE8877F5}
2013-01-06 13:34 - 2013-01-22 19:22 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-01-06 13:34 - 2013-01-22 19:22 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-01-06 13:34 - 2013-01-06 13:34 - 00002582 ____A C:\Users\Public\Desktop\Norton 360.lnk
2013-01-06 13:34 - 2013-01-06 13:34 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-01-05 18:31 - 2013-01-06 13:27 - 00000000 ___DC C:\Users\Greg\AppData\Local\MigWiz
2013-01-04 20:12 - 2013-01-04 20:12 - 00000000 ____D C:\Users\Greg\Documents\Symantec
2013-01-04 20:11 - 2013-01-22 19:22 - 00000000 ____D C:\Program Files\Symantec
2013-01-04 20:11 - 2013-01-22 19:22 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-01-04 20:10 - 2013-01-06 13:34 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-01-04 20:04 - 2013-01-21 21:04 - 00000000 ____D C:\Users\All Users\Norton
2013-01-04 20:04 - 2013-01-04 20:04 - 00000000 ____D C:\Users\Public\Downloads\Norton


==================== One Month Modified Files and Folders =======

2013-01-24 16:34 - 2013-01-22 19:28 - 00001186 ____A C:\Windows\setupact.log
2013-01-24 16:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-24 16:33 - 2013-01-22 19:32 - 00068934 ____A C:\Windows\WindowsUpdate.log
2013-01-24 16:29 - 2012-04-09 13:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-23 20:26 - 2009-07-13 21:13 - 00798858 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-23 16:26 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-23 16:26 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-23 16:19 - 2013-01-23 16:19 - 00000000 ____D C:\FRST
2013-01-23 11:14 - 2013-01-23 16:05 - 00858112 ____A C:\Users\Greg\Desktop\WiNToBootic.exe
2013-01-22 19:28 - 2013-01-22 19:28 - 00000000 ____A C:\Windows\setuperr.log
2013-01-22 19:22 - 2013-01-06 13:34 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2013-01-22 19:22 - 2013-01-06 13:34 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2013-01-22 19:22 - 2013-01-04 20:11 - 00000000 ____D C:\Program Files\Symantec
2013-01-22 19:22 - 2013-01-04 20:11 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-01-22 19:13 - 2013-01-22 18:13 - 00000000 ____D C:\Windows\pss
2013-01-22 19:11 - 2012-08-16 22:26 - 00000000 ____D C:\Windows\Minidump
2013-01-22 19:02 - 2012-10-11 16:12 - 00000456 ____A C:\rapport.txt
2013-01-22 18:49 - 2013-01-22 18:49 - 02957840 ____A (Symantec Corporation) C:\Users\Greg\Desktop\NPE.exe
2013-01-22 14:13 - 2013-01-22 14:13 - 16409960 ____A (Safer Networking Limited ) C:\Users\Greg\Desktop\spybotsd162.exe
2013-01-21 22:06 - 2012-01-29 17:03 - 00000000 ____D C:\users\Greg
2013-01-21 21:06 - 2009-07-13 20:45 - 00588880 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-21 21:05 - 2012-02-05 21:11 - 00000000 ____D C:\users\MagicJack
2013-01-21 21:05 - 2012-02-01 04:43 - 00000000 ____D C:\users\Lisa
2013-01-21 21:04 - 2013-01-04 20:04 - 00000000 ____D C:\Users\All Users\Norton
2013-01-21 21:04 - 2012-01-29 17:12 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Mozilla
2013-01-21 21:04 - 2012-01-18 11:22 - 00000000 ____D C:\Users\All Users\Trend Micro
2013-01-21 21:04 - 2012-01-18 11:21 - 00000000 ____D C:\Program Files\Trend Micro
2013-01-21 21:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-01-21 21:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-01-21 21:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\security
2013-01-21 21:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-01-21 21:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-01-21 21:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-01-21 21:02 - 2012-10-11 20:18 - 00000000 ____D C:\Users\Greg\Desktop\SmitfraudFix
2013-01-21 21:01 - 2012-01-18 11:09 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-01-21 19:20 - 2012-01-29 17:10 - 00156128 ____A C:\Users\Greg\AppData\Local\GDIPFONTCACHEV1.DAT
2013-01-20 19:52 - 2012-12-22 20:58 - 00000000 ____D C:\Users\Greg\AppData\Local\CrashDumps
2013-01-20 19:37 - 2013-01-20 19:37 - 00031120 ____A C:\{0359807E-1B18-44B1-9FDA-2F9D757E0DFE}
2013-01-20 13:17 - 2012-01-29 22:27 - 00000000 ____D C:\Users\Greg\Documents\Outlook Files
2013-01-20 13:05 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-01-20 12:32 - 2012-01-18 11:25 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-01-20 12:32 - 2012-01-18 11:25 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-01-20 11:44 - 2013-01-20 11:44 - 00031120 ____A C:\{F83A5D03-6432-45A6-BBE5-939FB6F37714}
2013-01-19 23:10 - 2013-01-19 23:10 - 00031120 ____A C:\{7FE6CFCC-0756-4B28-B74C-F8967D4DAB04}
2013-01-19 11:01 - 2013-01-19 11:01 - 00031120 ____A C:\{6087B4AB-4E3C-4F76-B4A0-09199E3E652D}
2013-01-19 01:37 - 2013-01-19 01:37 - 00031120 ____A C:\{E3C01294-E365-4861-8EEE-BA42E3A16887}
2013-01-18 23:11 - 2013-01-18 23:11 - 00031288 ____A C:\{D214B67E-7770-4427-A619-EB64469C8252}
2013-01-18 08:07 - 2013-01-18 08:07 - 00031112 ____A C:\{72CECB7A-2FD8-48EF-8EB2-9B42EEAD7A96}
2013-01-17 23:16 - 2013-01-17 23:16 - 00031128 ____A C:\{E7DAF1BA-7118-41D9-892A-4DD59FC054AD}
2013-01-17 11:35 - 2013-01-17 11:35 - 00031128 ____A C:\{561FBD64-5BD6-4181-BD7E-2B6347851FC6}
2013-01-16 23:29 - 2013-01-16 23:29 - 00031288 ____A C:\{1DEEF191-5ED4-44BE-8322-75D217D57F98}
2013-01-16 11:40 - 2013-01-16 11:40 - 00031128 ____A C:\{A24B0296-8DA0-44AD-B6DC-3C028D0B1146}
2013-01-15 16:30 - 2013-01-15 16:30 - 00031288 ____A C:\{54128122-D539-4BDE-AE70-990FBF236131}
2013-01-15 11:22 - 2013-01-15 11:22 - 00031136 ____A C:\{C1045E3B-A181-48B9-8C98-179E1EAD4DC3}
2013-01-14 14:27 - 2013-01-14 14:27 - 00031128 ____A C:\{2C536ABA-C7D7-46DD-BC88-EDA09A4EF809}
2013-01-13 11:30 - 2013-01-13 11:30 - 00031152 ____A C:\{49851CB9-6D43-4A82-B655-AA515A97B38A}
2013-01-12 23:56 - 2013-01-12 23:56 - 00031136 ____A C:\{4E282032-A8D9-4975-B5CB-AE9E24617D6F}
2013-01-12 15:25 - 2013-01-12 07:58 - 00002051 ____A C:\Users\Public\Desktop\STS 2012.lnk
2013-01-12 15:19 - 2013-01-12 15:19 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Awesomium
2013-01-12 15:18 - 2013-01-12 15:18 - 00031152 ____A C:\{20DA0C02-2B53-4A18-A67E-284589B5D4EB}
2013-01-12 08:39 - 2012-01-29 21:48 - 00000000 ____D C:\Program Files (x86)\ATX2011
2013-01-12 08:03 - 2013-01-12 08:03 - 00000000 ____D C:\Users\Greg\AppData\Local\CCH_Small_Firm_Services
2013-01-12 08:00 - 2013-01-12 08:00 - 00000000 ____D C:\Users\All Users\Gibraltar
2013-01-12 07:58 - 2012-01-18 11:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-01-12 07:57 - 2013-01-12 07:57 - 00000000 ____D C:\Users\All Users\CCH Small Firm Services
2013-01-12 07:57 - 2013-01-12 07:57 - 00000000 ____D C:\Program Files (x86)\CCH Small Firm Services
2013-01-12 07:43 - 2013-01-12 07:43 - 00031144 ____A C:\{95FA9D90-E001-4153-920A-DAFCF7F0677A}
2013-01-11 11:39 - 2013-01-11 11:39 - 00031128 ____A C:\{5E9E9517-E0A2-48E0-92EE-EE9404491CE5}
2013-01-10 05:03 - 2013-01-10 05:03 - 00031296 ____A C:\{7F0FE94D-D0B9-4FE3-A812-1201CE49E442}
2013-01-09 23:45 - 2013-01-09 23:45 - 00031144 ____A C:\{AA3EF57E-F883-4CEE-8E95-6549AB5AE2FE}
2013-01-09 20:07 - 2012-01-30 21:27 - 00000000 ____D C:\Users\Greg\Desktop\Sentinel Tax Service LLC
2013-01-09 20:05 - 2013-01-09 20:04 - 00000000 ____D C:\Users\Greg\Desktop\Desk Top
2013-01-09 20:05 - 2012-03-09 21:39 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-01-09 20:02 - 2013-01-09 20:00 - 00000000 ____D C:\Users\Greg\Desktop\City of Smithville
2013-01-09 19:39 - 2013-01-09 19:39 - 00000000 ____D C:\Program Files (x86)\VitalSource Bookshelf
2013-01-09 19:39 - 2013-01-09 19:31 - 00002749 ____A C:\Users\Public\Desktop\VitalSource Bookshelf.lnk
2013-01-09 19:34 - 2013-01-09 19:34 - 00000000 ____D C:\Users\Greg\Documents\My Books
2013-01-09 19:30 - 2013-01-09 19:30 - 00000000 ____D C:\Users\Public\Documents\Shared Books
2013-01-09 11:19 - 2013-01-09 11:19 - 00031128 ____A C:\{1EC36ED4-67EE-47D5-956D-8E374B2F0B4F}
2013-01-08 23:36 - 2012-04-09 13:22 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-08 23:36 - 2012-01-18 10:51 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-08 11:03 - 2013-01-08 11:03 - 00031144 ____A C:\{8C853E91-0924-4B5E-BD88-A34B8AE1DBD0}
2013-01-06 18:14 - 2013-01-06 18:14 - 00031144 ____A C:\{97B6794E-F84F-462A-BBEB-B6BDAE8877F5}
2013-01-06 13:36 - 2010-11-20 19:24 - 00857600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2013-01-06 13:34 - 2013-01-06 13:34 - 00002582 ____A C:\Users\Public\Desktop\Norton 360.lnk
2013-01-06 13:34 - 2013-01-06 13:34 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-01-06 13:34 - 2013-01-04 20:10 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-01-06 13:27 - 2013-01-05 18:31 - 00000000 ___DC C:\Users\Greg\AppData\Local\MigWiz
2013-01-06 13:17 - 2012-12-05 18:41 - 00000000 ____D C:\Windows\56E884B5B9B64432B2093A3EF41C7A01.TMP
2013-01-06 13:17 - 2012-04-05 09:04 - 00000000 ____D C:\Program Files\Dell Support Center
2013-01-06 13:17 - 2012-03-09 21:39 - 00000000 ____D C:\Program Files\CCleaner
2013-01-06 13:17 - 2012-02-05 21:13 - 00000000 ____D C:\Users\MagicJack\AppData\Roaming\mjusbsp
2013-01-06 13:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-06 13:13 - 2012-02-05 08:00 - 00000000 ____D C:\Users\All Users\PCDr
2013-01-06 13:11 - 2012-01-29 22:07 - 00000000 __RHD C:\MSOCache
2013-01-04 20:12 - 2013-01-04 20:12 - 00000000 ____D C:\Users\Greg\Documents\Symantec
2013-01-04 20:04 - 2013-01-04 20:04 - 00000000 ____D C:\Users\Public\Downloads\Norton

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2010-11-20 19:24] - [2013-01-06 13:36] - 0857600 ____A (Microsoft Corporation) CD53010A3183D78AC98F3EEAF01AACF0

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-20 19:39:03
Restore point made on: 2013-01-20 20:24:54
Restore point made on: 2013-01-20 20:50:18
Restore point made on: 2013-01-20 20:57:21
Restore point made on: 2013-01-20 21:10:49
Restore point made on: 2013-01-20 21:16:36
Restore point made on: 2013-01-20 21:19:03
Restore point made on: 2013-01-20 21:19:49
Restore point made on: 2013-01-20 21:20:24
Restore point made on: 2013-01-20 21:26:00
Restore point made on: 2013-01-20 21:26:47
Restore point made on: 2013-01-20 21:27:19
Restore point made on: 2013-01-20 21:28:26
Restore point made on: 2013-01-20 21:33:58
Restore point made on: 2013-01-20 21:35:00
Restore point made on: 2013-01-20 21:35:28
Restore point made on: 2013-01-20 21:39:51
Restore point made on: 2013-01-21 19:37:07
Restore point made on: 2013-01-22 18:57:07

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4078.45 MB
Available physical RAM: 3438.91 MB
Total Pagefile: 4076.59 MB
Available Pagefile: 3417.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:449.57 GB) (Free:388.22 GB) NTFS
2 Drive e: (ATX2012) (CDROM) (Total:0.16 GB) (Free:0 GB) CDFS
4 Drive g: (USB DISK) (Removable) (Total:28.88 GB) (Free:28.61 GB) FAT32
5 Drive h: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:1847.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (RECOVERY) (Fixed) (Total:16.15 GB) (Free:8.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 28 GB 0 B
Disk 2 Online 1863 GB 1024 KB
Disk 3 No Media 0 B 0 B

Partitions of Disk 0:
===============

Disk ID: C8C2A208

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 16 GB 40 MB
Partition 3 Primary 449 GB 16 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y RECOVERY NTFS Partition 16 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 449 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: C3072E18

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 28 GB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G USB DISK FAT32 Removable 28 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Disk ID: E567A203

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 31 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FreeAgent G NTFS Partition 1863 GB Healthy

=========================================================

Last Boot: 2013-01-23 22:33

==================== End Of Log =============================

Edited by gkkeith, 24 January 2013 - 07:11 PM.

[Essexboy]

Nothing showing up under that scan

Could you restore the computer to the day before this occurred .. I would recommend this one Restore point made on: 2013-01-20 19:39:03
If it does not work then I will use FRST to restore the system

Once restored

Download OTL to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
  
  
• Select All Users
• Under the Custom Scan box paste this in
  
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  winsock.*
  /md5stop
  CREATERESTOREPOINT
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[gkkeith]

Can not run OTL. Error Message: The application was unable to start correctly (0xc0000005). Click OK to close application.

[Essexboy]

Hmm, if necessary run this from safe mode

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[gkkeith]

Can not run Combofix. Sames error message as before: The application was unable to start correctly (0xc0000005). Click OK to close application.

[Essexboy]

This may well be a memory problem


Open Memory Diagnostics Tool by clicking the Start button, and then clicking Control Panel.

1. In the search box, type Memory, and then click Diagnose your computer's memory problems.‌ Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

2. Choose when to run the tool.

[gkkeith]

Memory test found no errors

[Essexboy]

OK Go start > All Programs > Accessories
Right click Command Prompt and select Run as Administrator
In the black box type the following command and press enter

sfc /scannow

On completion reboot and try OTL again

[gkkeith]

OTL logfile created on: 01/26/13 2:32:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Greg\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

3.98 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.18% Memory free
7.96 Gb Paging File | 6.45 Gb Available in Paging File | 80.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.57 Gb Total Space | 387.58 Gb Free Space | 86.21% Space Free | Partition Type: NTFS
Drive D: | 162.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1863.01 Gb Total Space | 1847.91 Gb Free Space | 99.19% Space Free | Partition Type: NTFS
Drive I: | 3.73 Gb Total Space | 3.53 Gb Free Space | 94.40% Space Free | Partition Type: NTFS

Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/25 19:07:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
PRC - [2012/10/10 20:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.0.19\ccSvcHst.exe
PRC - [2012/06/06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/09/22 10:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/09/22 10:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/09/22 10:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/07/27 00:59:06 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/07/21 10:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
PRC - [2009/02/03 11:48:32 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.0.19\wincfi39.dll
MOD - [2012/05/09 02:28:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 02:28:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 02:28:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 02:28:23 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/22 10:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2009/07/27 00:50:12 | 000,148,992 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
MOD - [2009/07/21 10:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011/08/10 16:53:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/09 01:36:06 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/10 20:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.0.19\ccSvcHst.exe -- (N360)
SRV - [2012/01/18 13:03:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/01/18 13:03:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/12/22 06:31:08 | 000,045,056 | ---- | M] (Intuit) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/09/22 10:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/27 00:59:06 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/24 07:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 07:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/06 15:34:50 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/10/08 19:00:02 | 000,776,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/03 19:40:35 | 001,133,216 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/10/03 19:40:20 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/10/03 19:19:14 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/09/06 20:05:14 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/06 19:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/09/06 19:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/17 15:26:48 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/18 14:41:28 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2012/01/18 14:41:26 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2012/01/18 14:41:23 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2012/01/18 14:41:23 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2012/01/18 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/18 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/10 16:53:28 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/10 16:53:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/08/10 16:53:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/21 02:01:04 | 000,339,536 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2011/05/21 02:01:04 | 000,194,640 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2011/05/21 02:01:04 | 000,144,656 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011/05/21 02:01:04 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/05/21 02:01:04 | 000,090,896 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011/05/21 02:01:04 | 000,069,392 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011/05/20 11:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/21 21:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/06/08 06:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/27 00:50:06 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2013/01/16 00:41:17 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130119.024\ex64.sys -- (NAVEX15)
DRV - [2013/01/16 00:41:17 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130119.024\eng64.sys -- (NAVENG)
DRV - [2013/01/05 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/01/05 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/04 16:28:04 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130118.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/11/29 17:13:05 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130111.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-640593470-2294703735-3661521093-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-640593470-2294703735-3661521093-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-640593470-2294703735-3661521093-1001\..\SearchScopes,DefaultScope = {8F24045B-8CFB-4185-AD36-9F407ABDC6C2}
IE - HKU\S-1-5-21-640593470-2294703735-3661521093-1001\..\SearchScopes\{0A473A30-C796-4372-BFE9-52547D00242A}: "URL" = http://websearch.ask...7D-EAE659B8957D
IE - HKU\S-1-5-21-640593470-2294703735-3661521093-1001\..\SearchScopes\{8F24045B-8CFB-4185-AD36-9F407ABDC6C2}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-640593470-2294703735-3661521093-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-640593470-2294703735-3661521093-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\ [2013/01/25 07:23:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2013/01/25 07:23:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/01/26 14:32:20 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/10/11 22:20:55 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.0.19\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-640593470-2294703735-3661521093-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-640593470-2294703735-3661521093-1001..\Run: [q] "xidpwooedd.exe" File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnabledLinkedConnections = 1
O7 - HKU\S-1-5-21-640593470-2294703735-3661521093-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4A3FCC3-565E-453B-9AA1-B4E050811830}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/29 12:28:06 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010/02/14 22:53:50 | 000,000,027 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4e67d6c8-4215-11e1-a959-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4e67d6c8-4215-11e1-a959-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2012/11/05 08:08:12 | 169,935,608 | R--- | M] (CCH Small Firm Services)
O33 - MountPoints2\{5af399a5-a547-11e1-b31e-d4bed992690f}\Shell - "" = AutoRun
O33 - MountPoints2\{5af399a5-a547-11e1-b31e-d4bed992690f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9eb73fbb-4bec-11e1-b557-d4bed992690f}\Shell - "" = AutoRun
O33 - MountPoints2\{9eb73fbb-4bec-11e1-b557-d4bed992690f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{fd44020c-4d45-11e1-a269-d4bed992690f}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{fd44020c-4d45-11e1-a269-d4bed992690f}\Shell\phone\command - "" = H:\autorun.exe
O33 - MountPoints2\{fd44028a-4d45-11e1-a269-d4bed992690f}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{fd44028a-4d45-11e1-a269-d4bed992690f}\Shell\phone\command - "" = F:\autorun.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\G\Shell\phone\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/26 07:18:01 | 005,026,751 | ---- | C] (Swearware) -- C:\Users\Greg\Desktop\ComboFix.exe
[2013/01/25 19:07:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2013/01/23 18:19:36 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/22 20:13:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/01/12 17:19:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Awesomium
[2013/01/12 10:03:27 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\CCH_Small_Firm_Services
[2013/01/12 10:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar
[2013/01/12 09:58:43 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\assembly
[2013/01/12 09:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCH Small Firm Services
[2013/01/12 09:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\CCH Small Firm Services
[2013/01/12 09:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCH Small Firm Services
[2013/01/09 22:04:11 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Desk Top
[2013/01/09 22:00:42 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\City of Smithville
[2013/01/09 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VitalSource Bookshelf
[2013/01/09 21:34:15 | 000,000,000 | ---D | C] -- C:\Users\Greg\Documents\My Books
[2013/01/09 21:30:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Books
[2013/01/06 15:34:50 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/06 15:34:25 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symnets.sys
[2013/01/06 15:34:25 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymELAM.sys
[2013/01/06 15:34:24 | 001,133,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymEFA64.sys
[2013/01/06 15:34:24 | 000,776,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtsp64.sys
[2013/01/06 15:34:24 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymDS64.sys
[2013/01/06 15:34:24 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\Ironx64.sys
[2013/01/06 15:34:24 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\ccSetx64.sys
[2013/01/06 15:34:24 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtspx64.sys
[2013/01/06 15:34:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/01/06 15:34:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1402000.013
[2013/01/06 15:34:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/01/06 15:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/01/05 20:31:04 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\MigWiz
[2013/01/04 22:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/01/04 22:12:37 | 000,000,000 | ---D | C] -- C:\Users\Greg\Documents\Symantec
[2013/01/04 22:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/01/04 22:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/01/04 22:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/01/04 22:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/01/04 22:04:16 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/01/04 22:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/26 14:37:04 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/26 14:37:04 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/26 14:33:58 | 000,798,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/26 14:33:58 | 000,676,142 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/26 14:33:58 | 000,126,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/26 14:29:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/26 14:29:23 | 3207,417,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/26 13:29:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/26 07:18:01 | 005,026,751 | ---- | M] (Swearware) -- C:\Users\Greg\Desktop\ComboFix.exe
[2013/01/25 19:07:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2013/01/25 07:25:17 | 000,588,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/25 07:24:17 | 001,651,171 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\Cat.DB
[2013/01/25 07:14:45 | 000,002,299 | ---- | M] () -- C:\Users\Greg\Desktop\fix.rtf
[2013/01/21 22:47:22 | 000,000,394 | ---- | M] () -- C:\Users\Greg\Documents\error messages.rtf
[2013/01/20 21:37:40 | 000,031,120 | ---- | M] () -- C:\{0359807E-1B18-44B1-9FDA-2F9D757E0DFE}
[2013/01/20 13:44:02 | 000,031,120 | ---- | M] () -- C:\{F83A5D03-6432-45A6-BBE5-939FB6F37714}
[2013/01/20 01:10:30 | 000,031,120 | ---- | M] () -- C:\{7FE6CFCC-0756-4B28-B74C-F8967D4DAB04}
[2013/01/19 13:01:54 | 000,031,120 | ---- | M] () -- C:\{6087B4AB-4E3C-4F76-B4A0-09199E3E652D}
[2013/01/19 03:37:54 | 000,031,120 | ---- | M] () -- C:\{E3C01294-E365-4861-8EEE-BA42E3A16887}
[2013/01/19 01:11:23 | 000,031,288 | ---- | M] () -- C:\{D214B67E-7770-4427-A619-EB64469C8252}
[2013/01/18 10:07:30 | 000,031,112 | ---- | M] () -- C:\{72CECB7A-2FD8-48EF-8EB2-9B42EEAD7A96}
[2013/01/18 01:16:10 | 000,031,128 | ---- | M] () -- C:\{E7DAF1BA-7118-41D9-892A-4DD59FC054AD}
[2013/01/17 13:35:52 | 000,031,128 | ---- | M] () -- C:\{561FBD64-5BD6-4181-BD7E-2B6347851FC6}
[2013/01/17 01:38:57 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\VT20130115.021
[2013/01/17 01:29:05 | 000,031,288 | ---- | M] () -- C:\{1DEEF191-5ED4-44BE-8322-75D217D57F98}
[2013/01/16 13:40:19 | 000,031,128 | ---- | M] () -- C:\{A24B0296-8DA0-44AD-B6DC-3C028D0B1146}
[2013/01/15 18:30:02 | 000,031,288 | ---- | M] () -- C:\{54128122-D539-4BDE-AE70-990FBF236131}
[2013/01/15 13:22:06 | 000,031,136 | ---- | M] () -- C:\{C1045E3B-A181-48B9-8C98-179E1EAD4DC3}
[2013/01/14 16:27:24 | 000,031,128 | ---- | M] () -- C:\{2C536ABA-C7D7-46DD-BC88-EDA09A4EF809}
[2013/01/13 13:30:02 | 000,031,152 | ---- | M] () -- C:\{49851CB9-6D43-4A82-B655-AA515A97B38A}
[2013/01/13 01:56:43 | 000,031,136 | ---- | M] () -- C:\{4E282032-A8D9-4975-B5CB-AE9E24617D6F}
[2013/01/12 17:25:39 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\STS 2012.lnk
[2013/01/12 17:18:53 | 000,031,152 | ---- | M] () -- C:\{20DA0C02-2B53-4A18-A67E-284589B5D4EB}
[2013/01/12 09:43:53 | 000,031,144 | ---- | M] () -- C:\{95FA9D90-E001-4153-920A-DAFCF7F0677A}
[2013/01/11 13:39:47 | 000,031,128 | ---- | M] () -- C:\{5E9E9517-E0A2-48E0-92EE-EE9404491CE5}
[2013/01/10 07:03:10 | 000,031,296 | ---- | M] () -- C:\{7F0FE94D-D0B9-4FE3-A812-1201CE49E442}
[2013/01/10 01:45:15 | 000,031,144 | ---- | M] () -- C:\{AA3EF57E-F883-4CEE-8E95-6549AB5AE2FE}
[2013/01/09 22:05:01 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/09 21:39:30 | 000,002,749 | ---- | M] () -- C:\Users\Public\Desktop\VitalSource Bookshelf.lnk
[2013/01/09 19:46:43 | 000,001,294 | ---- | M] () -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/01/09 13:19:53 | 000,031,128 | ---- | M] () -- C:\{1EC36ED4-67EE-47D5-956D-8E374B2F0B4F}
[2013/01/09 01:36:05 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 01:36:05 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/08 13:03:01 | 000,031,144 | ---- | M] () -- C:\{8C853E91-0924-4B5E-BD88-A34B8AE1DBD0}
[2013/01/06 20:14:18 | 000,031,144 | ---- | M] () -- C:\{97B6794E-F84F-462A-BBEB-B6BDAE8877F5}
[2013/01/06 15:34:50 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/06 15:34:50 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/06 15:34:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/06 15:34:41 | 000,002,582 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/25 07:14:45 | 000,002,299 | ---- | C] () -- C:\Users\Greg\Desktop\fix.rtf
[2013/01/21 22:47:22 | 000,000,394 | ---- | C] () -- C:\Users\Greg\Documents\error messages.rtf
[2013/01/20 21:37:40 | 000,031,120 | ---- | C] () -- C:\{0359807E-1B18-44B1-9FDA-2F9D757E0DFE}
[2013/01/20 13:44:02 | 000,031,120 | ---- | C] () -- C:\{F83A5D03-6432-45A6-BBE5-939FB6F37714}
[2013/01/20 01:10:30 | 000,031,120 | ---- | C] () -- C:\{7FE6CFCC-0756-4B28-B74C-F8967D4DAB04}
[2013/01/19 13:01:54 | 000,031,120 | ---- | C] () -- C:\{6087B4AB-4E3C-4F76-B4A0-09199E3E652D}
[2013/01/19 03:37:54 | 000,031,120 | ---- | C] () -- C:\{E3C01294-E365-4861-8EEE-BA42E3A16887}
[2013/01/19 01:11:23 | 000,031,288 | ---- | C] () -- C:\{D214B67E-7770-4427-A619-EB64469C8252}
[2013/01/18 10:07:30 | 000,031,112 | ---- | C] () -- C:\{72CECB7A-2FD8-48EF-8EB2-9B42EEAD7A96}
[2013/01/18 01:16:10 | 000,031,128 | ---- | C] () -- C:\{E7DAF1BA-7118-41D9-892A-4DD59FC054AD}
[2013/01/17 13:35:52 | 000,031,128 | ---- | C] () -- C:\{561FBD64-5BD6-4181-BD7E-2B6347851FC6}
[2013/01/17 01:39:20 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\VT20130115.021
[2013/01/17 01:29:05 | 000,031,288 | ---- | C] () -- C:\{1DEEF191-5ED4-44BE-8322-75D217D57F98}
[2013/01/16 13:40:19 | 000,031,128 | ---- | C] () -- C:\{A24B0296-8DA0-44AD-B6DC-3C028D0B1146}
[2013/01/15 18:30:02 | 000,031,288 | ---- | C] () -- C:\{54128122-D539-4BDE-AE70-990FBF236131}
[2013/01/15 13:22:06 | 000,031,136 | ---- | C] () -- C:\{C1045E3B-A181-48B9-8C98-179E1EAD4DC3}
[2013/01/14 16:27:24 | 000,031,128 | ---- | C] () -- C:\{2C536ABA-C7D7-46DD-BC88-EDA09A4EF809}
[2013/01/13 13:30:02 | 000,031,152 | ---- | C] () -- C:\{49851CB9-6D43-4A82-B655-AA515A97B38A}
[2013/01/13 01:56:43 | 000,031,136 | ---- | C] () -- C:\{4E282032-A8D9-4975-B5CB-AE9E24617D6F}
[2013/01/12 17:18:53 | 000,031,152 | ---- | C] () -- C:\{20DA0C02-2B53-4A18-A67E-284589B5D4EB}
[2013/01/12 09:58:08 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\STS 2012.lnk
[2013/01/12 09:43:53 | 000,031,144 | ---- | C] () -- C:\{95FA9D90-E001-4153-920A-DAFCF7F0677A}
[2013/01/11 13:39:47 | 000,031,128 | ---- | C] () -- C:\{5E9E9517-E0A2-48E0-92EE-EE9404491CE5}
[2013/01/10 07:03:10 | 000,031,296 | ---- | C] () -- C:\{7F0FE94D-D0B9-4FE3-A812-1201CE49E442}
[2013/01/10 01:45:15 | 000,031,144 | ---- | C] () -- C:\{AA3EF57E-F883-4CEE-8E95-6549AB5AE2FE}
[2013/01/09 21:31:04 | 000,002,749 | ---- | C] () -- C:\Users\Public\Desktop\VitalSource Bookshelf.lnk
[2013/01/09 21:31:03 | 000,002,755 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitalSource Bookshelf.lnk
[2013/01/09 19:46:43 | 000,001,294 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/01/09 13:19:53 | 000,031,128 | ---- | C] () -- C:\{1EC36ED4-67EE-47D5-956D-8E374B2F0B4F}
[2013/01/08 13:03:01 | 000,031,144 | ---- | C] () -- C:\{8C853E91-0924-4B5E-BD88-A34B8AE1DBD0}
[2013/01/06 20:14:18 | 000,031,144 | ---- | C] () -- C:\{97B6794E-F84F-462A-BBEB-B6BDAE8877F5}
[2013/01/06 15:34:54 | 001,651,171 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\Cat.DB
[2013/01/06 15:34:50 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/06 15:34:50 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/06 15:34:41 | 000,002,582 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/06 15:34:18 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymELAM64.cat
[2013/01/06 15:34:18 | 000,009,103 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymVTcer.dat
[2013/01/06 15:34:18 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\ccSetx64.cat
[2013/01/06 15:34:18 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtspx64.cat
[2013/01/06 15:34:18 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymEFA64.cat
[2013/01/06 15:34:18 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symnet64.cat
[2013/01/06 15:34:18 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtsp64.cat
[2013/01/06 15:34:18 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymDS64.cat
[2013/01/06 15:34:18 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\iron.cat
[2013/01/06 15:34:18 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymEFA.inf
[2013/01/06 15:34:18 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymDS.inf
[2013/01/06 15:34:18 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\SymNet.inf
[2013/01/06 15:34:18 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtsp64.inf
[2013/01/06 15:34:18 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtspx64.inf
[2013/01/06 15:34:18 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symELAM.inf
[2013/01/06 15:34:18 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\ccSetx64.inf
[2013/01/06 15:34:18 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\Iron.inf
[2013/01/06 15:34:18 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402000.013\isolate.ini
[2012/10/11 22:20:58 | 000,000,691 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\GetValue.vbs
[2012/10/11 22:20:58 | 000,000,035 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\SetValue.bat
[2012/02/06 21:14:53 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/01/29 20:21:16 | 000,013,701 | ---- | C] () -- C:\Windows\hplj1010.ini
[2012/01/18 14:46:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/18 14:16:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/01/18 13:04:03 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/01/18 13:04:03 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/01/18 13:04:02 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2012/01/18 13:04:02 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2012/01/18 13:04:02 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2012/01/18 13:04:02 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2012/01/18 13:04:02 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2012/01/18 13:04:02 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2012/01/18 13:04:02 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2012/01/18 13:04:02 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2012/01/18 13:04:02 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2012/01/18 13:04:02 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2012/01/18 13:04:02 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2012/01/18 13:04:02 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2012/01/18 13:04:02 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2012/01/18 13:04:02 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2012/01/18 13:04:02 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2012/01/18 13:04:02 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2012/01/18 13:04:02 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2012/01/18 13:04:02 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2012/01/18 13:04:02 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2012/01/18 13:04:02 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2011/06/28 23:32:24 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/10 08:33:46 | 000,794,772 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 21:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 21:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/04/23 23:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/04/23 22:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 21:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/01/18 14:41:11 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 21:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 21:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/01/18 14:41:17 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 21:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 21:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 21:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 21:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 21:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 21:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 21:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 21:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 21:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 21:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 21:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 21:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 21:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 21:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2012/01/18 14:41:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/01/18 14:41:16 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/01/18 14:41:16 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/01/18 14:41:16 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/01/18 14:41:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/01/18 14:41:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CSS >
[2005/06/29 14:48:58 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files (x86)\Intuit\QuickBooks 2009\Components\Services\services.css

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2012/08/17 15:29:04 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< >

< >

< End of report >

[gkkeith]

OTL Extras logfile created on: 01/26/13 2:32:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Greg\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

3.98 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 67.18% Memory free
7.96 Gb Paging File | 6.45 Gb Available in Paging File | 80.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.57 Gb Total Space | 387.58 Gb Free Space | 86.21% Space Free | Partition Type: NTFS
Drive D: | 162.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1863.01 Gb Total Space | 1847.91 Gb Free Space | 99.19% Space Free | Partition Type: NTFS
Drive I: | 3.73 Gb Total Space | 3.53 Gb Free Space | 94.40% Space Free | Partition Type: NTFS

Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04972F85-72F3-4EC0-844B-CF86BB99C07C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1AB4B795-5B7B-449F-809E-9C420DC0F40B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2296D4E0-25A0-4F4D-B6C6-AB625E820527}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{29231805-DFFC-44B4-868E-04951A7234A5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37E5DD9C-6470-409D-9FC4-7AF6CEA4D76D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A53EE70-1259-4E44-89D4-09787F9BA064}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B1D36C5-80A1-4B23-8F3B-5C9C3A964E69}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B8CA7CF-F162-4CCD-85C1-51C055997A5E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{44D70AD2-7700-40A7-B383-F1F201A5745C}" = rport=138 | protocol=17 | dir=out | app=system |
"{51251E9F-7D5D-4CC7-8C3F-DED677770ACF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61C27C0D-F047-4AF8-8690-3D7ACCDDC874}" = rport=10243 | protocol=6 | dir=out | app=system |
"{642CBF24-FE9D-4B7A-A99C-3900753ABDA0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68A2148E-032A-413C-984A-EDE1D047B735}" = lport=32392 | protocol=6 | dir=in | name=atxrollover |
"{719BF953-3208-4CB3-B84A-DDA59DF910D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7259AF54-8152-403A-8780-F6785D61360B}" = lport=32393 | protocol=6 | dir=in | name=atxprint |
"{78840049-528C-4C10-9AC1-2A26E9A7A396}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8AF553E0-DB9A-4F98-849A-6D99C2343172}" = rport=445 | protocol=6 | dir=out | app=system |
"{8CFBBEEC-C734-436D-A358-9B961964E3DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{903185AF-6F09-4B61-9BA4-04EA70259254}" = rport=137 | protocol=17 | dir=out | app=system |
"{92EBD03D-3937-4C75-BB3E-9ECA90D14100}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9E26D466-4D5F-4A29-97E9-8A09AA65C68D}" = lport=139 | protocol=6 | dir=in | app=system |
"{A37B2F2A-8F1E-43FC-A68B-572ADF40EC03}" = lport=138 | protocol=17 | dir=in | app=system |
"{ACD71E94-24CF-45D3-972C-4DC318A7AB68}" = lport=137 | protocol=17 | dir=in | app=system |
"{BDBC21BA-AABE-4E27-92A7-569710A3FD40}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0D0DD18-2B36-4E93-9FCE-AD245374EB44}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2EC6EB8-0298-4D79-990F-7CD83393F60E}" = rport=139 | protocol=6 | dir=out | app=system |
"{E956BBED-A306-41DC-ACA4-7F6FA1040063}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EF8FA00F-786C-446F-B9B3-38241148AA7E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ADDFC0-A4F5-4068-9101-3DBDC2FE807E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{16AACBC4-73E6-4908-A7CB-FD0B6232AB84}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{17DC84A8-6517-4494-ACDD-AF7BB02230A4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{209DAF96-8C4F-4045-9C37-06A13CF6C8BB}" = protocol=1 | dir=out | [email protected],-28544 |
"{2218DB2E-7364-404B-94B9-2FF5386F6BDB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3091C04C-2CF7-4395-8E60-4549814E5FD7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D3F7E51-D486-4916-A943-79F8967DF8BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{43B57692-9E49-4C97-885B-180DA8D8386E}" = protocol=6 | dir=out | app=system |
"{473F6B6A-8BF5-459B-98D2-F39D78F0C939}" = protocol=1 | dir=in | [email protected],-28543 |
"{4EFC44F9-BCD7-4BEE-B169-C83FF06883FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E8AE3A5-F2AC-40D1-AE53-9358A547CA45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5EC4EA68-421B-4037-8626-9622F3C894E4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{62FE7CCD-CCFD-4AE7-90C2-3170BA6AD6D7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{68A9E6A9-51E6-4DF5-A1C5-CD88132DE8B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{74B638A5-A2FA-46D1-88C2-64FF2C6AC39C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{74CC4B99-E8EB-43B0-B2F2-D3A1FB2FB10B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74D98BFF-F2D1-4AB9-B907-A1394400C982}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78D352B2-10C0-40FA-9737-AB8AEFEDE740}" = protocol=6 | dir=in | app=c:\program files (x86)\cch small firm services\atx2012\sfs.max.rolloverservice.exe |
"{78FE2DFD-DE91-4C8B-B64D-CFC452028561}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{85BA6135-8EC4-45E4-BAB7-A1B49B29B587}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8D4AD8F9-ADA6-4246-87C4-07E6CBE898C9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{99F2F99A-EA96-43DB-8C69-E7D5233FC96D}" = protocol=58 | dir=in | [email protected],-28545 |
"{9A488310-E16B-409B-8D9B-93BE0B3FF4DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F9A0DAF-388B-46C5-B9B3-F7AA19998958}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2843A16-68C0-4DD0-90F3-4668AAC56809}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA22179A-73B0-4BD9-BCE4-D4B7ADDC3694}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AACB708D-0613-41E8-A124-CB0A8356D5D6}" = protocol=17 | dir=in | app=c:\program files (x86)\cch small firm services\atx2012\sfs.max.rolloverservice.exe |
"{B3EE817B-C4ED-4873-899C-0213E397725D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD38D02E-D708-45A3-887A-42CDB3D0C6DA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BD5CF824-16EC-4F9B-9C91-058670AD516B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E44D70E6-D537-4BB2-B4E0-2A8B252BAE88}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E46DF602-9B14-4B4A-A572-3664441876DD}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{408868FB-C823-443D-ADBE-0FA11F1F98EF}C:\users\magicjack\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\magicjack\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{FF3A9165-1F48-4072-934F-ED1C43625AE3}C:\users\magicjack\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\magicjack\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{ACA70C2A-CB07-4BB4-B1C6-3D55F6175D96}C:\users\magicjack\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\magicjack\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{AF62908A-A29C-4474-A6BD-82828F0B5664}C:\users\magicjack\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\magicjack\appdata\roaming\mjusbsp\magicjack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{094A1E1C-F6F9-9BC1-4F0D-8EC94A9F118D}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{262325FE-E6AA-7D56-9071-453A374086C9}" = ATI AVIVO64 Codecs
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java™ 6 Update 27 (64-bit)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{82AB13D7-BDE1-D24C-B245-1A3F0C29022C}" = ATI Catalyst Install Manager
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"9C6975C1801E1FD9353B8A42B5C15E8EA5E0B66E" = Windows Driver Package - Scientific-Atlanta (USBCM) Net (06/10/2004 1.12.0.0000)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00082694-C740-753D-0E17-FAB8B7DFF52F}" = CCC Help Thai
"{066EA6E0-1152-714C-F2B3-10457072F542}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{12F9B590-7ED9-6ED7-B41E-CB69E4147A7B}" = Catalyst Control Center Localization All
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19DD3392-63F3-5F8B-BAFE-EF362F797E9E}" = CCC Help Hungarian
"{1E98D5E9-1E56-CE9B-4198-24D185F71B8C}" = CCC Help Polish
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 30
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2B9F83AE-EA8C-7FFB-6BA3-A81BCA9AE4DC}" = CCC Help Japanese
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{382F1842-0E6C-4782-B920-D96ED5165F03}" = Catalyst Control Center - Branding
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{458039D4-0096-9DCF-A752-70D02227F616}" = CCC Help Italian
"{46ABF416-F6DC-C213-0356-E52C0C751E03}" = CCC Help Swedish
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D0AAB66-E604-4E82-A5AF-01AB97CB506D}" = Roxio Creator 2010 Content
"{50218CA0-C05D-C4CE-035C-27A735750666}" = Catalyst Control Center
"{52FBC497-0796-D089-BBE1-1C0642678E8C}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5DFC378F-28C5-A5B7-0798-2E2A1D60EC28}" = CCC Help Spanish
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer
"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio RecordNow Premier
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B818622-DB95-B03F-E081-2796BBFA150C}" = CCC Help Chinese Standard
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio RecordNow Premier
"{89BA1176-0C98-483D-9CAF-EBBC4EEE5DB3}" = VitalSource Bookshelf
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D01A923-5A28-53ED-EB3C-FB6C8D80964B}" = CCC Help English
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{90FA9C66-5810-AE21-8598-704E8C299DE6}" = CCC Help Korean
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{975C9422-4A8E-82DE-238D-604778B4B431}" = CCC Help Finnish
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A3A529DA-F910-6768-EF19-A795C26FE102}" = CCC Help Chinese Traditional
"{A5D50767-9200-4D23-BFBC-F9E45C521EA4}" = ATX 2012
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-1033-0000-BA7E-000000000002}" = Adobe Acrobat 7.0 Standard
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B9AB5A97-9C85-B607-B61B-90C129BC2C6F}" = CCC Help Dutch
"{BE6505D6-9355-D51A-D36E-85E51AD89554}" = CCC Help Greek
"{BF953F1A-F946-4804-875D-94B6A6C05CE1}" = Business Card Factory Deluxe 2.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}" = Sound Blaster X-Fi
"{CC1D9CCB-B4E6-1575-14AE-BF0F7774A6C8}" = CCC Help French
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDF56C6B-E732-4F95-9F03-9A0E1E42B6DC}" = Roxio RecordNow Premier
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2DB85DC-6582-251E-FA93-EB2CF6870EF1}" = CCC Help Portuguese
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D571FEBA-938F-BCCF-FC0C-8BA4E9C06D83}" = CCC Help Norwegian
"{DCC41203-3F8B-9C4D-19E6-59B72E4FFB5F}" = CCC Help Russian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECE8F1BD-62BA-A6BB-D351-2980ECE35976}" = CCC Help German
"{ED2DFB39-FED4-83A9-92B0-EDF04CD27D2B}" = Catalyst Control Center InstallProxy
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA0E84DC-7A7F-9A73-9632-0F00FC89C421}" = CCC Help Turkish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Acrobat 7.0 Standard" = Adobe Acrobat 7.1.0 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AudioCS" = Creative Audio Control Panel
"CCH Small Firm Services (xulRunner)" = CCH Small Firm Services (xulRunner)
"CCH Small Firm Services 2008" = CCH Small Firm Services 2008 (Remove Only)
"CCH Small Firm Services 2009" = CCH Small Firm Services 2009 (Remove Only)
"CCH Small Firm Services 2010" = CCH Small Firm Services 2010 (Remove Only)
"CCH Small Firm Services 2011" = CCH Small Firm Services 2011 (Remove Only)
"CCH Small Firm Services XML Printer" = 2009 SFS W2/1099 Printer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Host OpenAL" = Host OpenAL
"InstallShield_{A5D50767-9200-4D23-BFBC-F9E45C521EA4}" = ATX 2012
"N360" = Norton 360
"Office14.SingleImage" = Microsoft Office Professional 2010
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-640593470-2294703735-3661521093-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"bd4d3a0508d364f5" = Dell Driver Download Manager

========== Last 20 Event Log Errors ==========

[ Media Center Events ]
Error - 11/24/12 3:35:16 AM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
Description = 1:35:12 AM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 11/25/12 3:17:05 AM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
Description = 1:17:05 AM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 11/25/12 3:40:09 AM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
Description = 1:39:48 AM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 11/25/12 3:40:56 AM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
Description = 1:40:55 AM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 11/25/12 4:43:05 AM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
Description = 2:43:05 AM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 11/25/12 5:44:06 AM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
Description = 3:44:06 AM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 11/29/12 3:02:51 AM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
Description = 1:02:49 AM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 12/02/12 3:33:10 AM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
Description = 1:33:10 AM - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 12/10/12 8:48:47 PM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
Description = 6:48:44 PM - Error connecting to the internet. 6:48:44 PM - Unable
to contact server..

Error - 12/31/12 4:05:49 AM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
Description = 2:05:47 AM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 01/26/13 4:13:48 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SoftThinks
Agent Service service to connect.

Error - 01/26/13 4:13:48 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
Description = The SoftThinks Agent Service service failed to start due to the following
error: %%1053

Error - 01/26/13 4:15:50 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
.NET Framework NGEN v4.0.30319_X86 service to connect.

Error - 01/26/13 4:15:51 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel®
Rapid Storage Technology service to connect.

Error - 01/26/13 4:15:51 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
Description = The Intel® Rapid Storage Technology service failed to start due
to the following error: %%1053

Error - 01/26/13 4:15:51 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 12 service to connect.

Error - 01/26/13 4:27:26 PM | Computer Name = Greg-PC | Source = DCOM | ID = 10010
Description =

Error - 01/26/13 4:30:25 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 01/26/13 4:30:55 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 01/26/13 4:32:00 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7034
Description = The Intel® Rapid Storage Technology service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

[Essexboy]

Are other programmes opening normally now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:OTL
O4 - HKU\S-1-5-21-640593470-2294703735-3661521093-1001..\Run: [q] "xidpwooedd.exe" File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex File not found

:Files

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.