Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware problem [Solved]


  • This topic is locked This topic is locked

#1
adjc98

adjc98

    Member

  • Member
  • PipPip
  • 29 posts
Microsoft Essentials keeps on detecting and quarantining malware every two minutes on my computer. It keeps on giving me manager.js in different locations on the c drive.

Here is one of the warnings out of over 200.

It keep saying something about Chrom extention. I uninstalled chrome.

Security Essentials encountered the following error: Error code 0x80070050. The file exists.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
containerfile:C:\Users\Maintenance\AppData\Local\335dee82-3a10-4e20-89c6-33d3acc056c7.crx
file:C:\Users\Maintenance\AppData\Local\335dee82-3a10-4e20-89c6-33d3acc056c7.crx->manager.js

Get more information about this item online.

It says Trojan:JS/Medfos.B in the title.

I also ran avast and it found 3 threats which I tried to delete but was unsuccessful.

Here is the OTL quick scan report.

OTL logfile created on: 2/26/2013 9:51:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maintenance\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.85 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 35.36% Memory free
8.71 Gb Paging File | 4.20 Gb Available in Paging File | 48.26% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.73 Gb Total Space | 150.83 Gb Free Space | 68.64% Space Free | Partition Type: NTFS
Drive D: | 12.86 Gb Total Space | 1.75 Gb Free Space | 13.59% Space Free | Partition Type: NTFS
Drive H: | 3.73 Gb Total Space | 0.47 Gb Free Space | 12.55% Space Free | Partition Type: FAT32

Computer Name: STATION1 | User Name: Maintenance | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/02/26 21:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maintenance\Desktop\OTL.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/29 22:32:58 | 001,078,624 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/01/29 22:23:06 | 011,802,464 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\Evernote.exe
PRC - [2013/01/29 22:23:06 | 000,395,616 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteTray.exe
PRC - [2013/01/28 15:22:50 | 000,551,264 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2013/01/24 21:48:50 | 000,583,456 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2013/01/20 14:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Maintenance\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/23 22:13:16 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/12/14 04:17:03 | 009,876,472 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
PRC - [2012/12/14 04:08:24 | 000,190,968 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
PRC - [2012/11/29 21:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/24 12:57:04 | 001,179,024 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
PRC - [2012/10/22 15:57:18 | 001,533,240 | ---- | M] () -- C:\Program Files\CE\CovenantEyesHelper.exe
PRC - [2012/10/22 15:55:52 | 002,429,440 | ---- | M] () -- C:\Program Files\CE\CovenantEyes.exe
PRC - [2012/10/22 15:48:38 | 001,633,280 | ---- | M] () -- C:\Windows\System32\authServer.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,280,088 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/05/24 16:55:14 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2012/05/24 15:45:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012/05/23 15:00:08 | 000,155,136 | ---- | M] () -- C:\Program Files\NVMS5 Standard Edition\bin\cms.exe
PRC - [2012/05/23 14:58:54 | 000,014,848 | ---- | M] () -- C:\Program Files\NVMS5 Standard Edition\bin\vtdu.exe
PRC - [2012/05/23 14:58:38 | 000,015,872 | ---- | M] () -- C:\Program Files\NVMS5 Standard Edition\bin\nru.exe
PRC - [2012/03/16 20:06:42 | 004,608,656 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2012/03/16 20:06:42 | 001,059,984 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 13:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/09 10:59:18 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/22 14:31:34 | 001,353,232 | ---- | M] (Logitech, Inc.) -- C:\Users\Maintenance\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
PRC - [2011/06/22 14:31:30 | 000,351,248 | ---- | M] (Logitech, Inc.) -- C:\Users\Maintenance\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:31 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
PRC - [2010/11/06 02:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/29 15:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/06/16 14:34:12 | 016,563,592 | ---- | M] (Aldelo Systems Inc.) -- C:\Program Files\Aldelo\Aldelo EDC\Client\Aldelo.EDC.Client.exe
PRC - [2010/06/11 16:02:16 | 001,230,224 | ---- | M] (Aldelo Systems Inc.) -- C:\Program Files\Aldelo\Aldelo For Restaurants\Aldelo For Restaurants POS\AFRService\Services\Aldelo.EDC.AFRService.exe
PRC - [2010/06/11 15:50:46 | 004,202,496 | ---- | M] (Aldelo Systems Inc.) -- C:\Program Files\Aldelo\Aldelo For Restaurants\Aldelo For Restaurants POS\AFR38.exe
PRC - [2010/05/05 21:50:29 | 000,057,344 | ---- | M] (TouchUtility) -- C:\Program Files\TouchUtility\UTCService.exe
PRC - [2010/04/27 23:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe
PRC - [2010/03/12 01:22:10 | 000,050,480 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2011\dbextclr11.exe
PRC - [2010/02/08 14:45:04 | 000,061,440 | ---- | M] (Star Micronics Co., Ltd.) -- C:\Program Files\StarMicronics\TSP100\Software\20110922\Ondemand.exe
PRC - [2009/10/07 16:48:00 | 002,066,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/10/07 16:47:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/07/13 20:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2009/03/20 03:34:54 | 000,705,824 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
PRC - [2009/03/16 13:29:28 | 006,562,432 | ---- | M] () -- C:\Program Files\NVMS5 Standard Edition\data\bin\mysqld.exe
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/05/11 09:29:26 | 000,286,720 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHost.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/23 16:31:14 | 000,372,736 | ---- | M] () -- C:\Users\Maintenance\AppData\Roaming\apsrlp.dll
MOD - [2013/02/13 03:32:09 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/13 03:28:09 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/13 03:28:08 | 010,580,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\31a8f96f8939ac18a867ee26cc37eda8\System.Design.ni.dll
MOD - [2013/02/13 03:28:03 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013/02/13 03:28:02 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/13 03:27:53 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/13 03:27:44 | 001,806,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4976e150a5d096db3981d4d56dda5a8e\System.Deployment.ni.dll
MOD - [2013/01/10 03:31:24 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/10 03:30:56 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll
MOD - [2013/01/10 03:28:52 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 03:28:39 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 03:28:38 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/10 03:28:38 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/10 03:28:37 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/10 03:28:29 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/10 03:28:12 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 03:28:10 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/10 03:28:10 | 000,060,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll
MOD - [2013/01/10 03:28:10 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013/01/10 03:28:02 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 03:27:56 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 03:27:54 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 03:27:53 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 03:27:47 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/10/24 12:57:38 | 000,101,264 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\ReportBridge.DLL
MOD - [2012/10/24 12:57:32 | 000,126,352 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll
MOD - [2012/10/24 12:57:30 | 000,020,880 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.DLL
MOD - [2012/10/24 12:57:28 | 000,070,032 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QB2WPFBridge.dll
MOD - [2012/10/24 12:57:22 | 000,093,072 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\IPDWidgetInterop.dll
MOD - [2012/10/24 12:57:22 | 000,070,544 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\IPDWidgetBridge.DLL
MOD - [2012/10/24 12:57:22 | 000,042,384 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll
MOD - [2012/10/24 12:57:18 | 000,057,744 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\htmlhelper.dll
MOD - [2012/10/24 12:57:10 | 000,268,688 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
MOD - [2012/10/24 12:57:10 | 000,176,528 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2012/10/24 12:57:08 | 000,348,048 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll
MOD - [2012/10/24 09:57:44 | 000,098,192 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\Webification.DLL
MOD - [2012/10/22 15:57:36 | 000,072,992 | ---- | M] () -- C:\Program Files\CE\nmsvTree.dll
MOD - [2012/10/22 15:57:34 | 002,021,144 | ---- | M] () -- C:\Program Files\CE\nmSvc.dll
MOD - [2012/10/22 15:57:30 | 001,623,320 | ---- | M] () -- C:\Windows\System32\nmNsp.dll
MOD - [2012/10/22 15:57:24 | 000,177,944 | ---- | M] () -- C:\Windows\System32\CESpy.dll
MOD - [2012/10/22 15:57:18 | 001,533,240 | ---- | M] () -- C:\Program Files\CE\CovenantEyesHelper.exe
MOD - [2012/10/22 15:57:16 | 000,116,504 | ---- | M] () -- C:\Program Files\CE\zlib.dll
MOD - [2012/10/22 15:55:52 | 002,429,440 | ---- | M] () -- C:\Program Files\CE\CovenantEyes.exe
MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/08/29 06:50:42 | 021,009,920 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libcef.dll
MOD - [2012/08/29 06:50:28 | 000,133,134 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avutil-51.dll
MOD - [2012/08/29 06:50:26 | 000,189,454 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avformat-54.dll
MOD - [2012/08/29 06:50:24 | 000,983,054 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avcodec-54.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/05/28 15:52:17 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/04/20 13:42:40 | 000,476,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Microsoft.PointOfService\1.12.0.0__31bf3856ad364e35\Microsoft.PointOfService.dll
MOD - [2012/01/18 01:43:56 | 000,183,320 | ---- | M] () -- C:\Program Files\Common Files\logishrd\SharedBin\LvApi11.dll
MOD - [2011/11/11 13:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 13:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 13:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 13:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 13:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/01/07 03:57:46 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/29 15:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 15:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2010/05/05 21:50:14 | 000,077,824 | ---- | M] () -- C:\Program Files\TouchUtility\Utpapi.dll
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/04/22 16:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 18:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 17:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 17:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 17:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 17:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 17:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 17:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 17:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 17:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 17:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\NVMS5 Standard Edition\bin\watch.exe -- (NVMS-SRV-WATCH)
SRV - File not found [Auto | Running] -- C:\Program Files\NVMS5 Standard Edition\bin\vtdu.exe vtdu.cfg -- (NVMS-SRV-VTDU)
SRV - File not found [Auto | Running] -- C:\Program Files\NVMS5 Standard Edition\bin\nru.exe nru.cfg -- (NVMS-SRV-NRU)
SRV - File not found [Auto | Running] -- C:\Program Files\NVMS5 Standard Edition\bin\cms.exe cms.cfg -- (NVMS-SRV-CMS)
SRV - [2013/02/08 11:12:27 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/28 15:22:50 | 000,551,264 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2013/01/24 21:48:50 | 000,583,456 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/24 12:06:54 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/10/22 15:48:38 | 001,633,280 | ---- | M] () [Auto | Running] -- C:\Windows\System32\authServer.exe -- (Auth Service)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/05/24 15:45:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/16 20:06:42 | 004,608,656 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2012/03/05 15:06:17 | 000,609,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2012/01/25 07:47:04 | 008,176,640 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/11/29 03:00:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/11/09 10:59:18 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/10/20 13:50:10 | 000,249,856 | ---- | M] (STAR MICRONICS CO,.LTD) [On_Demand | Stopped] -- C:\Program Files\StarMicronics\TSP100\Software\20110922\tcpemu_tsp100lan.exe -- (TcpEmulatorTSP100LAN)
SRV - [2011/10/20 13:47:30 | 000,143,360 | ---- | M] (Star Micronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\StarMicronics\TSP100\Software\20110922\portemu_umdf_tsp100.exe -- (PortEmulator)
SRV - [2011/09/26 06:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/06/11 16:02:16 | 001,230,224 | ---- | M] (Aldelo Systems Inc.) [Auto | Running] -- C:\Program Files\Aldelo\Aldelo For Restaurants\Aldelo For Restaurants POS\AFRService\Services\Aldelo.EDC.AFRService.exe -- (Aldelo EDC - AFR Service)
SRV - [2010/04/27 23:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe -- (QuickBooksDB21)
SRV - [2009/10/07 16:48:00 | 002,066,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/10/07 16:47:58 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:14:48 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSVC)
SRV - [2009/07/13 20:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2009/03/16 13:29:28 | 006,562,432 | ---- | M] () [Auto | Running] -- C:\Program Files\NVMS5 Standard Edition\data\bin\mysqld.exe -- (NVMS-SRV-DB)
SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/02/29 13:25:56 | 000,042,056 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe -- (POSPerformanceCounters)
SRV - [2007/05/15 12:11:38 | 000,114,688 | ---- | M] (Star Micronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\StarMicronics\VirtualPortEmulator\Software\portemu_umdf.exe -- (PortEmulatorV2)
SRV - [2007/05/11 09:29:26 | 000,286,720 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHost.exe -- (DpHost)


========== Driver Services (SafeList) ==========

DRV - [2013/02/26 18:44:21 | 000,043,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\judarpoo.sys -- (judarpoo)
DRV - [2012/12/23 22:13:34 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/12/23 22:13:34 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 03:37:45 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/05/28 15:52:17 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2012/03/01 23:13:58 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2012/01/18 05:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 05:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/18 01:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2011/12/16 10:53:01 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/12/21 01:29:30 | 000,238,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/11 01:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/11/11 01:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010/11/11 01:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/11/11 01:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/10/19 03:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010/10/14 11:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/09/29 12:00:50 | 000,238,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/12/02 02:33:46 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/09/24 06:58:52 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/01/29 14:37:12 | 000,047,104 | ---- | M] (DigitalPersona, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbdpfp.sys -- (usbdpfp)
DRV - [2007/01/29 14:37:12 | 000,046,592 | ---- | M] (DigitalPersona, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dpK00701.sys -- (dpK00701)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {1632F2D5-EE99-4030-A3FB-DF5BD45BE2FB}
IE - HKLM\..\SearchScopes\{1632F2D5-EE99-4030-A3FB-DF5BD45BE2FB}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.co...ome/thinkcentre [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {18F8ECE8-7920-456E-A9BF-EF5FDAF44578}
IE - HKCU\..\SearchScopes\{18F8ECE8-7920-456E-A9BF-EF5FDAF44578}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKCU\..\SearchScopes\{91DF218C-263C-4EC3-ABDB-C70E84275A85}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.8935
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Maintenance\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Maintenance\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/12 11:51:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/19 10:58:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/11 05:15:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/18 16:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/11 05:15:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/12 11:51:16 | 000,000,000 | ---D | M]

[2012/04/18 13:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maintenance\AppData\Roaming\Mozilla\Extensions
[2013/02/23 16:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\extensions
[2012/11/30 16:10:31 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2013/01/18 11:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\extensions\staged
[2013/02/23 16:30:57 | 000,004,023 | ---- | M] () (No name found) -- C:\Users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\extensions\{335dee82-3a10-4e20-89c6-33d3acc056c7}.xpi
[2013/01/18 11:17:31 | 000,002,545 | ---- | M] () -- C:\Users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\searchplugins\aol-search.xml
[2012/04/18 13:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Maintenance\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Maintenance\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Maintenance\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DivX Web Player (Enabled) = C:\windows\system32\C2MP\npdivx32.dll
CHR - Extension: Angry Birds = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Bouncy Mouse = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.2.1_0\
CHR - Extension: Google Search = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Number Bobble = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnmbecganicdpgljmaepmegnnnccppeg\1.2_0\
CHR - Extension: Bubble Shooter -HD = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.2.0_0\
CHR - Extension: Financial Calculator = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkogbjhaelililllocjljiooipepaeal\1.0.5_0\
CHR - Extension: Dino Kids Match = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcnbldkafmemeecgnakohnpahcecodd\1.0_0\
CHR - Extension: Star Supremacy = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\oibeommcpjkcjchbbjinijbgfinkmfpb\0.0.0.1_0\
CHR - Extension: Dice Risk = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\panobgnfkhiehjdillgchancaiimbmlh\13.4795.1906_0\
CHR - Extension: Gmail = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/05/24 17:45:02 | 000,001,539 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 erg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 erg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 http://www.adobeereg.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.225.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AldeloEDC] C:\Program Files\Aldelo\Aldelo EDC\Client\Aldelo.EDC.Client.exe (Aldelo Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [apsrlp] C:\Users\Maintenance\AppData\Roaming\apsrlp.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [brtuiz] C:\Users\Maintenance\AppData\Roaming\brtuiz.dll (TODO)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NMSVC] C:\Program Files\CE\CovenantEyes.exe ()
O4 - HKLM..\Run: [TSP100ecoOndemand] C:\Program Files\StarMicronics\TSP100\Software\20110922\Ondemand.exe (Star Micronics Co., Ltd.)
O4 - HKLM..\Run: [UTCService] C:\Program Files\TouchUtility\UTCService.exe (TouchUtility)
O4 - HKCU..\Run: [AdobeUpdater6] C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Maintenance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Maintenance\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Maintenance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\System32\nmNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nmNsp.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {688C8675-1834-48FA-9DEF-4755CEFB9EDE} http://192.168.1.151:1024/EDVR.CAB (DVR4204 Client Control)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenov...AutoDetect2.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{313713F2-236A-4F11-B93E-F146A5211687}: NameServer = 24.25.5.60,24.25.5.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E56033B5-57A5-4D4B-88A2-01063C3D3276}: DhcpNameServer = 192.168.10.2 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBEC0AC8-A16C-445B-B8DE-6C204D38C056}: DhcpNameServer = 192.168.10.2 192.168.10.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/03/28 13:01:15 | 000,000,000 | ---D | M] - C:\AutoPDF -- [ NTFS ]
O33 - MountPoints2\{0dfe3626-1235-11e1-b56a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0dfe3626-1235-11e1-b56a-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/26 21:51:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maintenance\Desktop\OTL.exe
[2013/02/26 18:34:58 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\Documents\spiritualgiftstest
[2013/02/23 16:30:48 | 000,523,264 | ---- | C] (TODO) -- C:\Users\Maintenance\AppData\Roaming\brtuiz.dll
[2013/02/21 20:04:27 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\Desktop\backup stuff
[2013/02/21 18:58:31 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\Desktop\disk 2
[2013/02/16 14:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/16 14:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/02/13 16:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2013/02/13 16:07:38 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9}
[2013/02/13 14:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/02/08 16:53:48 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\AppData\Roaming\Malwarebytes
[2013/02/08 16:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/08 16:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/08 16:53:37 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/02/08 16:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/08 16:53:14 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\AppData\Local\Programs
[2013/01/30 13:14:39 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\Desktop\DBBC
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\Maintenance\Desktop\*.tmp files -> C:\Users\Maintenance\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/26 21:56:30 | 000,006,526 | ---- | M] () -- C:\Users\Maintenance\AppData\Local\335dee82-3a10-4e20-89c6-33d3acc056c7.crx
[2013/02/26 21:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maintenance\Desktop\OTL.exe
[2013/02/26 21:37:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/26 21:12:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/26 21:04:00 | 000,000,932 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1827283670-394599797-786390170-1001UA.job
[2013/02/26 18:04:00 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1827283670-394599797-786390170-1001Core.job
[2013/02/26 15:37:02 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/25 13:58:57 | 000,057,606 | ---- | M] () -- C:\Users\Maintenance\Desktop\photo.JPG
[2013/02/25 13:42:00 | 000,094,214 | ---- | M] () -- C:\Users\Maintenance\Desktop\Protradesmenservies.pdf
[2013/02/25 13:13:31 | 000,618,147 | ---- | M] () -- C:\Users\Maintenance\Desktop\simplexcontract0001.pdf
[2013/02/25 13:13:17 | 000,178,363 | ---- | M] () -- C:\Users\Maintenance\Desktop\Simplex Grinnell Contract Fire Suppression.pdf
[2013/02/23 16:31:14 | 000,372,736 | ---- | M] () -- C:\Users\Maintenance\AppData\Roaming\apsrlp.dll
[2013/02/23 16:30:50 | 000,523,264 | ---- | M] (TODO) -- C:\Users\Maintenance\AppData\Roaming\brtuiz.dll
[2013/02/22 20:06:09 | 000,002,404 | ---- | M] () -- C:\Users\Maintenance\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/21 18:34:34 | 075,796,480 | ---- | M] () -- C:\Users\Maintenance\Desktop\Dinos Backup.mdb
[2013/02/14 11:36:36 | 000,021,268 | ---- | M] () -- C:\Users\Maintenance\Desktop\Intuit.pdf
[2013/02/14 03:41:46 | 000,016,976 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/14 03:41:46 | 000,016,976 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 13:12:40 | 000,000,090 | ---- | M] () -- C:\windows\QBChanUtil_Trigger.ini
[2013/02/13 03:26:24 | 002,381,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/02/13 03:26:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/13 03:01:43 | 000,736,730 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/02/13 03:01:43 | 000,146,058 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/02/12 15:49:36 | 000,001,947 | ---- | M] () -- C:\Users\Maintenance\Desktop\Kindle.lnk
[2013/02/12 15:28:42 | 000,001,989 | ---- | M] () -- C:\Users\Maintenance\Application Data\Microsoft\Internet Explorer\Quick Launch\Kindle.lnk
[2013/02/08 20:15:48 | 152,437,944 | ---- | M] () -- C:\Users\Maintenance\Desktop\tempmenu.pdf
[2013/02/08 20:13:32 | 152,707,496 | ---- | M] () -- C:\Users\Maintenance\Desktop\tempmenu.ai
[2013/02/08 14:54:52 | 000,001,063 | ---- | M] () -- C:\Users\Maintenance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[10 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\Maintenance\Desktop\*.tmp files -> C:\Users\Maintenance\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/25 15:27:45 | 000,006,526 | ---- | C] () -- C:\Users\Maintenance\AppData\Local\335dee82-3a10-4e20-89c6-33d3acc056c7.crx
[2013/02/25 13:58:57 | 000,057,606 | ---- | C] () -- C:\Users\Maintenance\Desktop\photo.JPG
[2013/02/25 13:42:00 | 000,094,214 | ---- | C] () -- C:\Users\Maintenance\Desktop\Protradesmenservies.pdf
[2013/02/25 13:13:31 | 000,618,147 | ---- | C] () -- C:\Users\Maintenance\Desktop\simplexcontract0001.pdf
[2013/02/25 13:13:17 | 000,178,363 | ---- | C] () -- C:\Users\Maintenance\Desktop\Simplex Grinnell Contract Fire Suppression.pdf
[2013/02/23 16:31:13 | 000,372,736 | ---- | C] () -- C:\Users\Maintenance\AppData\Roaming\apsrlp.dll
[2013/02/23 16:30:54 | 000,160,256 | ---- | C] () -- C:\Users\Maintenance\7195145.exe
[2013/02/14 11:36:36 | 000,021,268 | ---- | C] () -- C:\Users\Maintenance\Desktop\Intuit.pdf
[2013/02/12 15:49:36 | 000,001,947 | ---- | C] () -- C:\Users\Maintenance\Desktop\Kindle.lnk
[2013/02/12 15:28:42 | 000,001,989 | ---- | C] () -- C:\Users\Maintenance\Application Data\Microsoft\Internet Explorer\Quick Launch\Kindle.lnk
[2013/02/08 20:15:38 | 152,437,944 | ---- | C] () -- C:\Users\Maintenance\Desktop\tempmenu.pdf
[2013/02/08 20:13:29 | 152,707,496 | ---- | C] () -- C:\Users\Maintenance\Desktop\tempmenu.ai
[2013/02/08 14:56:52 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/01/18 13:36:39 | 000,004,096 | -H-- | C] () -- C:\Users\Maintenance\AppData\Local\keyfile3.drm
[2012/11/21 19:55:54 | 000,000,202 | ---- | C] () -- C:\windows\DxClient.INI
[2012/11/05 10:35:05 | 001,623,320 | ---- | C] () -- C:\windows\System32\nmNsp.dll
[2012/11/05 10:35:05 | 000,177,944 | ---- | C] () -- C:\windows\System32\CESpy.dll
[2012/09/05 12:59:36 | 000,001,251 | ---- | C] () -- C:\Users\Maintenance\Favorites - Shortcut.lnk
[2012/07/30 14:05:11 | 001,633,280 | ---- | C] () -- C:\windows\System32\authServer.exe
[2012/03/12 11:46:57 | 000,221,509 | ---- | C] () -- C:\windows\hpoins19.dat
[2012/03/12 11:46:57 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat
[2012/03/08 19:12:41 | 000,000,090 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
[2012/03/05 15:06:07 | 000,110,456 | ---- | C] () -- C:\Users\Maintenance\g2ax_customer_downloadhelper_win32_x86.exe
[2012/02/28 15:16:17 | 000,000,193 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
[2012/02/28 15:16:17 | 000,000,063 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
[2012/02/28 15:16:17 | 000,000,044 | ---- | C] () -- C:\ProgramData\Logo_Language.ini
[2012/01/31 14:34:23 | 000,000,017 | ---- | C] () -- C:\Users\Maintenance\AppData\Local\resmon.resmoncfg
[2012/01/31 13:16:22 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\windows\System32\LogiDPP.dll
[2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\windows\System32\DevManagerCore.dll
[2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\windows\System32\LogiDPPApp.exe
[2012/01/18 05:22:54 | 000,028,418 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2012/01/09 15:36:37 | 000,000,000 | ---- | C] () -- C:\Users\Maintenance\timedate.cpl
[2012/01/06 12:49:55 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2012/01/06 12:46:40 | 000,982,220 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2012/01/06 12:46:38 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2012/01/06 12:46:38 | 000,092,216 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2012/01/06 12:46:37 | 000,439,300 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2011/12/07 12:41:17 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2011/12/07 12:38:01 | 000,000,666 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/11/29 14:47:52 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/11/18 18:28:08 | 000,145,804 | ---- | C] () -- C:\windows\System32\igcompkrng600.bin
[2011/11/18 18:28:08 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll
[2011/11/18 18:28:08 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2011/11/18 16:08:38 | 000,963,116 | ---- | C] () -- C:\windows\System32\igkrng600.bin
[2011/11/18 16:07:13 | 000,008,192 | ---- | C] () -- C:\windows\System32\drivers\IntelMEFWVer.dll
[2011/10/21 17:23:10 | 000,217,536 | ---- | C] () -- C:\windows\System32\igfcg600m.bin
[2011/10/21 17:22:54 | 000,056,832 | ---- | C] () -- C:\windows\System32\igdde32.dll
[2011/10/21 17:03:04 | 013,903,872 | ---- | C] () -- C:\windows\System32\ig4icd32.dll
[2011/10/21 16:52:06 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- C:\windows\System32\drivers\iKeyLFT2.dll
[2011/05/16 13:31:44 | 000,008,592 | ---- | C] () -- C:\windows\System32\ractrlkeyhook.dll

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/05 10:32:42 | 000,000,000 | ---D | M] -- C:\Users\Maintenance\AppData\Roaming\CE
[2013/02/13 11:06:44 | 000,000,000 | ---D | M] -- C:\Users\Maintenance\AppData\Roaming\Dropbox
[2011/12/07 17:04:21 | 000,000,000 | ---D | M] -- C:\Users\Maintenance\AppData\Roaming\IObit
[2013/02/26 18:34:56 | 000,000,000 | ---D | M] -- C:\Users\Maintenance\AppData\Roaming\KeeperData
[2012/03/12 11:16:55 | 000,000,000 | ---D | M] -- C:\Users\Maintenance\AppData\Roaming\Leadertech
[2011/12/07 12:41:21 | 000,000,000 | ---D | M] -- C:\Users\Maintenance\AppData\Roaming\pdfforge
[2012/03/05 13:09:19 | 000,000,000 | ---D | M] -- C:\Users\Maintenance\AppData\Roaming\TeamViewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 490 bytes -> C:\windows\System32\drivers\judarpoo.sys:changelist

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello adjc98

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
adjc98

adjc98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok here are the three reports: I was not physically at my desk to remove a thumb drive I had left there so I right clicked on the eject button to eject the thumb drive. It said it was safe to remove hardware. I don't know if that throws anything off.

Results of screen317's Security Check version 0.99.60
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.5.502.149
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


# AdwCleaner v2.113 - Logfile created 02/26/2013 at 23:01:46
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Maintenance - STATION1
# Boot Mode : Normal
# Running from : C:\Users\Maintenance\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Users\Maintenance\AppData\Local\APN
Folder Deleted : C:\Users\Maintenance\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\extensions\staged
Folder Deleted : C:\Users\Maintenance\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Point of Sale\AppData\LocalLow\Dealio
Folder Deleted : C:\Users\Point of Sale\AppData\LocalLow\Search Settings

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (en-US)

File : C:\Users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\prefs.js

C:\Users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;w[...]
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Deleted : user_pref("aol_toolbar.guid", "{8A25D4CA-1113-3848-1B9D-8344A476591B}");
Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.8935");
Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000023");
Deleted : user_pref("aol_toolbar.install.ncid", "");
Deleted : user_pref("aol_toolbar.metrics.activestampdate", "18");
Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "0");
Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Deleted : user_pref("aol_toolbar.metrics.log", false);
Deleted : user_pref("aol_toolbar.metrics.originalDate", "18");
Deleted : user_pref("aol_toolbar.metrics.originalHours", "5");
Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Deleted : user_pref("aol_toolbar.metrics.originalMonth", "1");
Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Deleted : user_pref("aol_toolbar.metrics.originalYear", "2013");
Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Deleted : user_pref("aol_toolbar.remote.publish.xml", "1358525848557");
Deleted : user_pref("aol_toolbar.rtw.active", false);
Deleted : user_pref("aol_toolbar.search.button", true);
Deleted : user_pref("aol_toolbar.search.cid", "18-01-2013");
Deleted : user_pref("aol_toolbar.search.instd", "20121130161120354");
Deleted : user_pref("aol_toolbar.search.oid", "18-01-2013");
Deleted : user_pref("aol_toolbar.search.placement", "right");
Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Deleted : user_pref("aol_toolbar.search.savehistory", false);
Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Deleted : user_pref("aol_toolbar.search.source", "adknowledgeaol-ff");
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("aol_toolbar.surf.date", "3");
Deleted : user_pref("aol_toolbar.surf.lastDate", "18");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "0");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Deleted : user_pref("aol_toolbar.surf.month", "3");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Deleted : user_pref("aol_toolbar.surf.total", "3");
Deleted : user_pref("aol_toolbar.surf.week", "3");
Deleted : user_pref("aol_toolbar.surf.year", "3");
Deleted : user_pref("aol_toolbar.ticker.active", false);
Deleted : user_pref("aol_toolbar.weather.degc", "-3");
Deleted : user_pref("aol_toolbar.weather.degf", "27");
Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/28.png");
Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Deleted : user_pref("aol_toolbar.weather.metric", true);
Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Cloudy");
Deleted : user_pref("aol_toolbar.weather.update", "1358525849271");

File : C:\Users\Point of Sale\AppData\Roaming\Mozilla\Firefox\Profiles\gcwk0vpx.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7020 octets] - [26/02/2013 23:01:46]

########## EOF - C:\AdwCleaner[S1].txt - [7080 octets] ##########

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Maintenance [Admin rights]
Mode : Remove -- Date : 02/26/2013 23:21:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 4 ¤¤¤
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Maintenance\AppData\Roaming\brtuiz.dll [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Maintenance\AppData\Roaming\apsrlp.dll [x] -> KILLED [TermProc]
[SUSP PATH] LULnchr.exe -- C:\Users\Maintenance\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe [7] -> KILLED [TermProc]
[SUSP PATH] LogitechUpdate.exe -- C:\Users\Maintenance\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 21 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : brtuiz ("C:\Windows\System32\rundll32.exe" "C:\Users\Maintenance\AppData\Roaming\brtuiz.dll",Int_Type) [7] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : apsrlp ("C:\Windows\System32\rundll32.exe" "C:\Users\Maintenance\AppData\Roaming\apsrlp.dll",write_info) [7] -> DELETED
[TASK][SUSP PATH] {3C36A341-04E4-435F-9F1D-EE31E5E459B8} : C:\Users\Maintenance\Desktop\Adobe CS4 Master Collection2\Setup.exe [x] -> DELETED
[TASK][SUSP PATH] {5436C8C9-9AF5-4344-B2E6-BF59E83B726E} : C:\Users\Maintenance\Desktop\Adobe CS4 Master Collection2\Setup.exe [x] -> DELETED
[TASK][SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent $(Arg0) [x] -> DELETED
[TASK][SUSP PATH] {C575D34F-B6B1-467E-ACE7-BFB9AD20B4FD} : C:\Users\Maintenance\Desktop\Adobe CS4 Master Collection2\Setup.exe [x] -> DELETED
[TASK][SUSP PATH] {DE72D6BF-D7DA-4BED-A106-48FF6B43786C} : C:\Users\Maintenance\Desktop\Adobe CS4 Master Collection2\Setup.exe [x] -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{313713F2-236A-4F11-B93E-F146A5211687} : NameServer (24.25.5.60,24.25.5.61) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{313713F2-236A-4F11-B93E-F146A5211687} : NameServer (24.25.5.60,24.25.5.61) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 erg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 erg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 hxxp://www.adobeereg.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.225.91
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAKX-083CA1 ATA Device +++++
--- User ---
[MBR] cf05b6453464240eceb39e68542edf96
[BSP] 453b35b4217ece4de0d1c2b4d06e5f16 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 225000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461416448 | Size: 13173 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: HP Officejet 7410 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_02262013_02d2321.txt >>
RKreport[1]_S_02262013_02d2318.txt ; RKreport[2]_D_02262013_02d2321.txt
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello adjc98

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
adjc98

adjc98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here is the Combofix Log

Some of my normal programs are no longer starting up at the begining of restart after running combofix. Microsoft essentials isn't freaking out anymore finding a virus every two minutes.


ComboFix 13-02-26.01 - Maintenance 02/27/2013 11:05:04.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2922.1527 [GMT -5:00]
Running from: c:\users\Maintenance\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Maintenance\AppData\Roaming\apsrlp.dll
c:\users\Maintenance\AppData\Roaming\brtuiz.dll
c:\users\Maintenance\g2ax_customer_downloadhelper_win32_x86.exe
c:\windows\system32\SET30A0.tmp
c:\windows\system32\SET30B2.tmp
c:\windows\system32\SET3144.tmp
c:\windows\system32\SET3155.tmp
c:\windows\system32\SET327F.tmp
c:\windows\system32\SET3280.tmp
c:\windows\system32\SET34AA.tmp
c:\windows\system32\SET353C.tmp
c:\windows\system32\SET41A3.tmp
c:\windows\system32\SETB213.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))
.
.
2013-02-27 16:13 . 2013-02-27 16:14 -------- d-----w- c:\users\Maintenance\AppData\Local\temp
2013-02-27 16:13 . 2013-02-27 16:13 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2013-02-27 16:13 . 2013-02-27 16:13 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp
2013-02-27 16:13 . 2013-02-27 16:13 -------- d-----w- c:\users\POS Nation Tech\AppData\Local\temp
2013-02-27 16:13 . 2013-02-27 16:13 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-02-27 16:13 . 2013-02-27 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-27 16:13 . 2013-02-27 16:13 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-02-27 15:46 . 2013-02-27 15:47 -------- d-----w- c:\users\Maintenance\AppData\Local\VirtualStore
2013-02-27 08:04 . 2013-02-27 08:29 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D8B1FC0-489B-4B1E-A9BF-4248AF1720F3}\offreg.dll
2013-02-27 07:22 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D8B1FC0-489B-4B1E-A9BF-4248AF1720F3}\mpengine.dll
2013-02-26 08:37 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-16 19:05 . 2013-02-16 19:05 -------- d-----w- c:\program files\Common Files\Skype
2013-02-13 21:12 . 2013-02-13 21:12 -------- d-----w- c:\programdata\Splashtop
2013-02-13 21:07 . 2013-02-13 21:07 -------- d-----w- c:\users\Maintenance\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9}
2013-02-13 14:19 . 2013-02-13 14:19 102008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-02-13 04:00 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 03:59 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 03:59 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 03:59 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 03:59 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 03:59 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-08 21:53 . 2013-02-08 21:53 -------- d-----w- c:\users\Maintenance\AppData\Roaming\Malwarebytes
2013-02-08 21:53 . 2013-02-08 21:53 -------- d-----w- c:\programdata\Malwarebytes
2013-02-08 21:53 . 2013-02-08 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-08 21:53 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-08 21:53 . 2013-02-08 21:53 -------- d-----w- c:\users\Maintenance\AppData\Local\Programs
2013-02-08 19:44 . 2013-02-08 19:44 -------- d-----w- c:\users\Point of Sale\AppData\Local\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 11:12 . 2012-05-24 21:58 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 11:12 . 2012-05-24 21:58 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 11:12 . 2012-08-03 01:12 16473456 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-01-30 10:53 . 2011-11-28 15:01 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 20:59 . 2013-01-20 20:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 20:59 . 2011-04-27 20:25 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-12-16 14:13 . 2012-12-21 08:00 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 08:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 11:00 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 11:00 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 11:00 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 11:00 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 11:00 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 11:00 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 11:00 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 11:00 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 11:00 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 11:00 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 11:00 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 11:00 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 11:00 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 11:00 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 11:00 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-09 11:00 51712 ----a-w- c:\windows\system32\esrb.rs
2012-11-30 04:47 . 2013-01-09 11:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 11:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 11:01 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 11:01 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 11:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 11:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 11:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-07-11 07:17 . 2012-07-11 07:17 4024320 ----a-w- c:\program files\GUT70D8.tmp
2012-03-13 04:39 . 2012-04-18 18:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-03-17 01:06 1008784 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-03-17 01:06 1008784 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-03-17 01:06 1008784 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Maintenance\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Maintenance\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Maintenance\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Maintenance\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-09 9914984]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-12-03 112152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"UTCService"="c:\program files\TouchUtility\UTCService.exe" [2010-05-06 57344]
"TSP100ecoOndemand"="c:\program files\StarMicronics\TSP100\Software\20110922\Ondemand.exe" [2010-02-08 61440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 176408]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-10-08 2643320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-03-17 1059984]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"AldeloEDC"="c:\program files\Aldelo\Aldelo EDC\Client\Aldelo.EDC.Client.exe" [2010-06-16 16563592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"NMSVC"="c:\program files\CE\CovenantEyes.exe" [2012-10-22 2429440]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Maintenance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Maintenance\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-1-29 1078624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-10-15 6153080]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-10-24 1157008]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2012-10-24 1179024]
startedc.bat [2011-11-1 375]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2012-03-05 20:06 608632 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\363\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Aldelo EDC - AFR Service;Aldelo EDC - AFR Service;c:\program files\Aldelo\Aldelo For Restaurants\Aldelo For Restaurants POS\AFRService\Services\Aldelo.EDC.AFRService.exe [x]
R2 Auth Service;Auth Service;c:\windows\system32\authServer.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 dpK00701;U.are.U® Fingerprint Reader Upper Driver;c:\windows\system32\DRIVERS\dpK00701.sys [x]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe Start=service [x]
R3 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PortEmulator;Port Emulator (Star);c:\program files\StarMicronics\TSP100\Software\20110922\portemu_umdf_tsp100.exe [x]
R3 PortEmulatorV2;Port Emulator V2 (Star);c:\program files\StarMicronics\VirtualPortEmulator\Software\portemu_umdf.exe [x]
R3 QuickBooksDB21;QuickBooksDB21;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [x]
R3 RapportKELL;RapportKELL;c:\windows\system32\Drivers\RapportKELL.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TcpEmulatorTSP100LAN;TCP Port Emulator (TSP100);c:\program files\StarMicronics\TSP100\Software\20110922\tcpemu_tsp100lan.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 usbdpfp;U.are.U® Fingerprint Reader Class Driver;c:\windows\system32\DRIVERS\usbdpfp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R4 NVMS-SRV-WATCH;NVMS-SRV-WATCH;c:\program files\NVMS5 Standard Edition\bin\watch.exe [x]
R4 POSPerformanceCounters;Point Of Service Performance Counters;c:\program files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RapportCerberus_50414;RapportCerberus_50414;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys [x]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MSSQL$ALDELO;SQL Server (ALDELO);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [x]
S2 NVMS-SRV-CMS;NVMS-SRV-CMS;c:\program files\NVMS5 Standard Edition\bin\cms.exe cms.cfg [x]
S2 NVMS-SRV-DB;NVMS-SRV-DB;c:\program files\NVMS5 Standard Edition\data\bin\mysqld.exe [x]
S2 NVMS-SRV-NRU;NVMS-SRV-NRU;c:\program files\NVMS5 Standard Edition\bin\nru.exe nru.cfg [x]
S2 NVMS-SRV-VTDU;NVMS-SRV-VTDU;c:\program files\NVMS5 Standard Edition\bin\vtdu.exe vtdu.cfg [x]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [x]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NISDRV
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 11:12]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-14 19:03]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-14 19:03]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827283670-394599797-786390170-1001Core.job
- c:\users\Maintenance\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 16:46]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827283670-394599797-786390170-1001UA.job
- c:\users\Maintenance\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-24 16:46]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4 - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
LSP: CESpy.dll
TCP: Interfaces\{313713F2-236A-4F11-B93E-F146A5211687}: NameServer = 24.25.5.60,24.25.5.61
DPF: {688C8675-1834-48FA-9DEF-4755CEFB9EDE} - hxxp://192.168.1.151:1024/EDVR.CAB
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 1969-12-31 19:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - ExtSQL: !HIDDEN! 2012-03-12 12:51; [email protected]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2013-02-26 23:08; {335dee82-3a10-4e20-89c6-33d3acc056c7}; c:\users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\extensions\{335dee82-3a10-4e20-89c6-33d3acc056c7}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
@=""
"NoChange"="1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(560)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2013-02-27 11:16:54
ComboFix-quarantined-files.txt 2013-02-27 16:16
.
Pre-Run: 161,947,529,216 bytes free
Post-Run: 165,802,700,800 bytes free
.
- - End Of File - - 63BA2FE76CD8F4CB1EED1717D38DCB92
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello adjc98

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#8
adjc98

adjc98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello,

When I ran combofix the first time stopped my credit card machine from working during our lunch hour. It turned out that it had closed port 80 on my edc for the credit card software running on my computer we are working on.(It could have coincidentally been a windows update as well) So I have been waiting for a time when we are slow. It also cleared my host file of some sites I had redirected. Is there anyway to keep combofix from clearing the host file? Should I go ahead and proceed?
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello adjc98

lets run this instead - it is more work for me but I will have more control

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

Advertisements


#11
adjc98

adjc98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Yes, Thank you. I need some more time. I am shooting to run OTL on the 12th of march.
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Thanks for letting me know



Note:: will be back 3-12-13
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#14
adjc98

adjc98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok, I am about to run otl now. Sorry, I had been busy.
  • 0

#15
adjc98

adjc98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok here is the otl.txt file:

OTL logfile created on: 3/14/2013 11:51:10 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maintenance\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.85 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 32.54% Memory free
8.71 Gb Paging File | 5.22 Gb Available in Paging File | 59.86% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.73 Gb Total Space | 153.16 Gb Free Space | 69.70% Space Free | Partition Type: NTFS
Drive D: | 12.86 Gb Total Space | 1.75 Gb Free Space | 13.59% Space Free | Partition Type: NTFS
Drive E: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STATION1 | User Name: Maintenance | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Maintenance\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - c:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - c:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Users\Maintenance\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\CE\CovenantEyesHelper.exe ()
PRC - C:\Program Files\CE\CovenantEyes.exe ()
PRC - C:\Windows\System32\authServer.exe ()
PRC - C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\NVMS5 Standard Edition\bin\cms.exe ()
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\rdpclip.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Aldelo\Aldelo For Restaurants\Aldelo For Restaurants POS\AFR38.exe (Aldelo Systems Inc.)
PRC - C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Program Files\NVMS5 Standard Edition\data\bin\mysqld.exe ()
PRC - C:\Program Files\DigitalPersona\Bin\DpHost.exe (DigitalPersona, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\aldeloedc\5d4d8e3c\36a4e95a\App_global.asax.a9a-cluj.dll ()
MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\82f824a2f384011c6eda2095e3c2d3fa\System.Web.Mobile.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da7aa5e0d3171b2b40be34989e83a55f\System.Web.Extensions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\7a64243fd351a567a3ac02755837076e\System.Web.Abstractions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\5cf7fcba96db2ec632eda5e52fc373da\System.Data.DataSetExtensions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\a45209750b0ac26fe628a4f61a27ac6c\Microsoft.JScript.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\86b380f90898ffde6d4d725f1898e3ed\System.Web.RegularExpressions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2011\ReportBridge.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks 2011\QB2WPFBridge.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2011\IPDWidgetInterop.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2011\IPDWidgetBridge.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2011\htmlhelper.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2011\Webification.DLL ()
MOD - C:\Program Files\CE\nmsvTree.dll ()
MOD - C:\Program Files\CE\nmSvc.dll ()
MOD - C:\Windows\System32\nmNsp.dll ()
MOD - C:\Windows\System32\CESpy.dll ()
MOD - C:\Program Files\CE\CovenantEyesHelper.exe ()
MOD - C:\Program Files\CE\zlib.dll ()
MOD - C:\Program Files\CE\CovenantEyes.exe ()
MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Program Files\Common Files\logishrd\SharedBin\LvApi11.dll ()
MOD - C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files\Logitech\Vid HD\SDL.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll ()


========== Services (SafeList) ==========

SRV - (NVMS-SRV-WATCH) -- C:\Program Files\NVMS5 Standard Edition\bin\watch.exe File not found
SRV - (NVMS-SRV-VTDU) -- C:\Program Files\NVMS5 Standard Edition\bin\vtdu.exe vtdu.cfg File not found
SRV - (NVMS-SRV-NRU) -- C:\Program Files\NVMS5 Standard Edition\bin\nru.exe nru.cfg File not found
SRV - (NVMS-SRV-CMS) -- C:\Program Files\NVMS5 Standard Edition\bin\cms.exe cms.cfg File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SplashtopRemoteService) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SSUService) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (Auth Service) -- C:\Windows\System32\authServer.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (GoToAssist Express Customer) -- C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_service.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe ()
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (QBVSS) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (TcpEmulatorTSP100LAN) -- C:\Program Files\StarMicronics\TSP100\Software\20110922\tcpemu_tsp100lan.exe (STAR MICRONICS CO,.LTD)
SRV - (PortEmulator) -- C:\Program Files\StarMicronics\TSP100\Software\20110922\portemu_umdf_tsp100.exe (Star Micronics Co., Ltd.)
SRV - (wampapache) -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe (Apache Software Foundation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Aldelo EDC - AFR Service) -- C:\Program Files\Aldelo\Aldelo For Restaurants\Aldelo For Restaurants POS\AFRService\Services\Aldelo.EDC.AFRService.exe (Aldelo Systems Inc.)
SRV - (QuickBooksDB21) -- C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe (Intuit, Inc.)
SRV - (UNS) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMSVC) -- C:\Windows\System32\inetsrv\WMSvc.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (NVMS-SRV-DB) -- C:\Program Files\NVMS5 Standard Edition\data\bin\mysqld.exe ()
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (POSPerformanceCounters) -- C:\Program Files\Microsoft Point Of Service\Microsoft.PointOfService.Service.exe (Microsoft Corporation)
SRV - (PortEmulatorV2) -- C:\Program Files\StarMicronics\VirtualPortEmulator\Software\portemu_umdf.exe (Star Micronics Co., Ltd.)
SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHost.exe (DigitalPersona, Inc.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\MAINTE~1\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\windows\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRvrt) -- C:\windows\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (RapportIaso) -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys (Trusteer Ltd.)
DRV - (RapportCerberus_50414) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys ()
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (e1cexpress) -- C:\Windows\System32\drivers\e1c6232.sys (Intel Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdserd) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (usbdpfp) -- C:\Windows\System32\drivers\usbdpfp.sys (DigitalPersona, Inc.)
DRV - (dpK00701) -- C:\Windows\System32\drivers\dpK00701.sys (DigitalPersona, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{1632F2D5-EE99-4030-A3FB-DF5BD45BE2FB}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1827283670-394599797-786390170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.co...ome/thinkcentre [binary data]
IE - HKU\S-1-5-21-1827283670-394599797-786390170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-1827283670-394599797-786390170-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1827283670-394599797-786390170-1001\..\SearchScopes,DefaultScope = {18F8ECE8-7920-456E-A9BF-EF5FDAF44578}
IE - HKU\S-1-5-21-1827283670-394599797-786390170-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1827283670-394599797-786390170-1001\..\SearchScopes\{18F8ECE8-7920-456E-A9BF-EF5FDAF44578}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKU\S-1-5-21-1827283670-394599797-786390170-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1827283670-394599797-786390170-1001\..\SearchScopes\{91DF218C-263C-4EC3-ABDB-C70E84275A85}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-1827283670-394599797-786390170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1827283670-394599797-786390170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1827283670-394599797-786390170-1009\..\SearchScopes,DefaultScope =


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.co...rud=27-02-2013"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?...usaolp00000023"
FF - prefs.js..extensions.enabledAddons: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.8935
FF - prefs.js..extensions.enabledAddons: {335dee82-3a10-4e20-89c6-33d3acc056c7}:3.0.1
FF - prefs.js..keyword.URL: "http://slirsredirect...=27-02-2013&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Maintenance\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Maintenance\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/12 12:51:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/01 22:00:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/11 06:15:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/18 17:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/11 06:15:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/12 12:51:16 | 000,000,000 | ---D | M]

[2012/04/18 14:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maintenance\AppData\Roaming\Mozilla\Extensions
[2013/02/27 00:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\extensions
[2012/11/30 17:10:31 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2013/02/27 00:09:32 | 000,004,023 | ---- | M] () (No name found) -- C:\Users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\extensions\{335dee82-3a10-4e20-89c6-33d3acc056c7}.xpi
[2013/02/27 13:23:28 | 000,002,545 | ---- | M] () -- C:\Users\Maintenance\AppData\Roaming\Mozilla\Firefox\Profiles\atv67b2n.default\searchplugins\aol-search.xml
[2012/04/18 14:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Maintenance\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Maintenance\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Maintenance\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: DivX Web Player (Enabled) = C:\windows\system32\C2MP\npdivx32.dll
CHR - Extension: Angry Birds = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Bouncy Mouse = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.2.1_0\
CHR - Extension: Google Search = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Number Bobble = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnmbecganicdpgljmaepmegnnnccppeg\1.2_0\
CHR - Extension: Bubble Shooter -HD = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.2.0_0\
CHR - Extension: Financial Calculator = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkogbjhaelililllocjljiooipepaeal\1.0.5_0\
CHR - Extension: Dino Kids Match = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcnbldkafmemeecgnakohnpahcecodd\1.0_0\
CHR - Extension: Star Supremacy = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\oibeommcpjkcjchbbjinijbgfinkmfpb\0.0.0.1_0\
CHR - Extension: Dice Risk = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\panobgnfkhiehjdillgchancaiimbmlh\13.4795.1906_0\
CHR - Extension: Gmail = C:\Users\Maintenance\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/28 23:22:35 | 000,000,437 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1827283670-394599797-786390170-1001\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AldeloEDC] C:\Program Files\Aldelo\Aldelo EDC\Client\Aldelo.EDC.Client.exe (Aldelo Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NMSVC] C:\Program Files\CE\CovenantEyes.exe ()
O4 - HKLM..\Run: [TSP100ecoOndemand] C:\Program Files\StarMicronics\TSP100\Software\20110922\Ondemand.exe (Star Micronics Co., Ltd.)
O4 - HKLM..\Run: [UTCService] C:\Program Files\TouchUtility\UTCService.exe (TouchUtility)
O4 - HKU\S-1-5-21-1827283670-394599797-786390170-1001..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1827283670-394599797-786390170-1009..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-1827283670-394599797-786390170-1009..\RunOnce: [] File not found
O4 - HKU\S-1-5-21-1827283670-394599797-786390170-1009..\RunOnce: [Lenovoautoqdrive] C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe ()
O4 - HKU\S-1-5-21-1827283670-394599797-786390170-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415..\RunOnce: [] File not found
O4 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415..\RunOnce: [Lenovoautoqdrive] C:\Program Files\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe ()
O4 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Maintenance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Maintenance\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Maintenance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1827283670-394599797-786390170-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1827283670-394599797-786390170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1827283670-394599797-786390170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1827283670-394599797-786390170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1827283670-394599797-786390170-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\System32\nmNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\nmNsp.dll File not found
O15 - HKU\S-1-5-21-1827283670-394599797-786390170-1001\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {688C8675-1834-48FA-9DEF-4755CEFB9EDE} http://192.168.1.151:1024/EDVR.CAB (DVR4204 Client Control)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenov...AutoDetect2.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{313713F2-236A-4F11-B93E-F146A5211687}: NameServer = 24.25.5.60,24.25.5.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E56033B5-57A5-4D4B-88A2-01063C3D3276}: DhcpNameServer = 192.168.10.2 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBEC0AC8-A16C-445B-B8DE-6C204D38C056}: DhcpNameServer = 192.168.10.2 192.168.10.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Express Customer\363\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/03/28 14:01:15 | 000,000,000 | ---D | M] - C:\AutoPDF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/14 23:38:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maintenance\Desktop\OTL.exe
[2013/03/14 03:00:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/03/14 03:00:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/03/14 03:00:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/03/14 03:00:56 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/03/14 03:00:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/03/14 03:00:55 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/03/14 03:00:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/03/14 03:00:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/03/02 16:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/02/27 12:16:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/27 12:13:25 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\AppData\Local\temp
[2013/02/27 12:02:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/02/27 12:02:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/02/27 12:02:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/02/27 12:02:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/27 12:02:19 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/02/27 11:53:01 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\Maintenance\Desktop\ComboFix.exe
[2013/02/27 11:46:42 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\AppData\Local\VirtualStore
[2013/02/27 04:00:27 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll
[2013/02/27 04:00:19 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2013/02/27 04:00:15 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2013/02/27 04:00:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 04:00:15 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 04:00:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 04:00:14 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll
[2013/02/27 04:00:14 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2013/02/27 04:00:14 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2013/02/27 04:00:14 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2013/02/27 04:00:14 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2013/02/27 04:00:14 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2013/02/27 04:00:14 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll
[2013/02/27 04:00:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 04:00:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 04:00:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 04:00:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 04:00:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 04:00:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 04:00:13 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2013/02/27 04:00:13 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/02/27 04:00:13 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2013/02/27 04:00:13 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll
[2013/02/27 04:00:13 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll
[2013/02/27 04:00:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2013/02/27 00:15:55 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\Desktop\RK_Quarantine
[2013/02/27 00:00:55 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\Desktop\posts
[2013/02/26 19:34:58 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\Documents\spiritualgiftstest
[2013/02/21 21:04:27 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\Desktop\backup stuff
[2013/02/21 19:58:31 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\Desktop\disk 2
[2013/02/16 15:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/16 15:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/02/13 17:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2013/02/13 17:07:38 | 000,000,000 | ---D | C] -- C:\Users\Maintenance\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9}
[2013/02/13 10:19:12 | 000,102,008 | ---- | C] (Trusteer Ltd.) -- C:\windows\System32\drivers\RapportKELL.sys
[2013/02/13 00:00:01 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/02/12 23:59:48 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013/02/12 23:59:47 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2013/02/12 23:59:46 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2013/02/12 23:59:44 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\Maintenance\Desktop\*.tmp files -> C:\Users\Maintenance\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/14 23:38:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maintenance\Desktop\OTL.exe
[2013/03/14 23:37:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/14 23:12:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/14 23:04:01 | 000,000,932 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1827283670-394599797-786390170-1001UA.job
[2013/03/14 21:42:32 | 000,016,976 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/14 21:42:32 | 000,016,976 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/14 18:04:00 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1827283670-394599797-786390170-1001Core.job
[2013/03/14 15:37:01 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/14 10:50:15 | 000,736,730 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/03/14 10:50:15 | 000,146,058 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/03/14 10:42:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/14 10:34:17 | 000,001,278 | ---- | M] () -- C:\Users\Maintenance\Desktop\IIS Manager.lnk
[2013/03/13 01:06:07 | 000,002,404 | ---- | M] () -- C:\Users\Maintenance\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/12 23:42:54 | 020,788,327 | ---- | M] () -- C:\Users\Maintenance\Desktop\testai.ai
[2013/03/12 21:12:28 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/03/12 21:12:28 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/03/09 17:08:35 | 000,469,199 | ---- | M] () -- C:\Users\Maintenance\Desktop\testmenu.pdf
[2013/03/09 11:59:44 | 078,450,688 | ---- | M] () -- C:\Users\Maintenance\Desktop\Dinos Backup.mdb
[2013/03/02 14:16:04 | 000,017,851 | ---- | M] () -- C:\Users\Maintenance\Desktop\Vassilska.pdf
[2013/03/01 23:01:27 | 000,007,118 | ---- | M] () -- C:\Users\Maintenance\Desktop\Aldelo For Restaurants.pdf
[2013/03/01 22:00:24 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2013/02/28 23:22:35 | 000,000,437 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/02/28 23:22:35 | 000,000,437 | ---- | M] () -- C:\Users\Maintenance\Desktop\hosts
[2013/02/28 21:14:58 | 000,531,615 | ---- | M] () -- C:\Users\Maintenance\Desktop\869-Sample-Clerical-Skills-Math-Test.pdf
[2013/02/28 04:36:37 | 000,765,808 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2013/02/28 04:36:37 | 000,368,248 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2013/02/28 04:36:37 | 000,163,784 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/02/28 04:36:36 | 000,066,408 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2013/02/28 04:36:36 | 000,049,320 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys
[2013/02/28 04:36:35 | 000,029,880 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2013/02/28 04:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/02/28 04:35:59 | 000,228,600 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2013/02/27 11:53:02 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\Maintenance\Desktop\ComboFix.exe
[2013/02/27 04:03:05 | 000,002,155 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/02/27 00:13:15 | 000,816,640 | ---- | M] () -- C:\Users\Maintenance\Desktop\RogueKiller.exe
[2013/02/27 00:08:45 | 000,006,526 | ---- | M] () -- C:\Users\Maintenance\AppData\Local\335dee82-3a10-4e20-89c6-33d3acc056c7.crx
[2013/02/27 00:01:30 | 000,594,019 | ---- | M] () -- C:\Users\Maintenance\Desktop\adwcleaner.exe
[2013/02/26 23:53:35 | 000,881,950 | ---- | M] () -- C:\Users\Maintenance\Desktop\SecurityCheck.exe
[2013/02/25 14:58:57 | 000,057,606 | ---- | M] () -- C:\Users\Maintenance\Desktop\photo.JPG
[2013/02/25 14:42:00 | 000,094,214 | ---- | M] () -- C:\Users\Maintenance\Desktop\Protradesmenservies.pdf
[2013/02/25 14:13:31 | 000,618,147 | ---- | M] () -- C:\Users\Maintenance\Desktop\simplexcontract0001.pdf
[2013/02/25 14:13:17 | 000,178,363 | ---- | M] () -- C:\Users\Maintenance\Desktop\Simplex Grinnell Contract Fire Suppression.pdf
[2013/02/14 12:36:36 | 000,021,268 | ---- | M] () -- C:\Users\Maintenance\Desktop\Intuit.pdf
[2013/02/13 14:12:40 | 000,000,090 | ---- | M] () -- C:\windows\QBChanUtil_Trigger.ini
[2013/02/13 10:19:12 | 000,102,008 | ---- | M] (Trusteer Ltd.) -- C:\windows\System32\drivers\RapportKELL.sys
[2013/02/13 04:26:24 | 002,381,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\Maintenance\Desktop\*.tmp files -> C:\Users\Maintenance\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/14 10:34:17 | 000,001,278 | ---- | C] () -- C:\Users\Maintenance\Desktop\IIS Manager.lnk
[2013/03/12 23:42:54 | 020,788,327 | ---- | C] () -- C:\Users\Maintenance\Desktop\testai.ai
[2013/03/09 17:08:35 | 000,469,199 | ---- | C] () -- C:\Users\Maintenance\Desktop\testmenu.pdf
[2013/03/02 14:16:04 | 000,017,851 | ---- | C] () -- C:\Users\Maintenance\Desktop\Vassilska.pdf
[2013/03/01 23:01:27 | 000,007,118 | ---- | C] () -- C:\Users\Maintenance\Desktop\Aldelo For Restaurants.pdf
[2013/03/01 22:00:26 | 000,163,784 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/03/01 22:00:25 | 000,049,320 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
[2013/02/28 21:31:05 | 000,000,437 | ---- | C] () -- C:\Users\Maintenance\Desktop\hosts
[2013/02/28 21:14:57 | 000,531,615 | ---- | C] () -- C:\Users\Maintenance\Desktop\869-Sample-Clerical-Skills-Math-Test.pdf
[2013/02/27 12:02:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/02/27 12:02:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/02/27 12:02:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/02/27 12:02:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/02/27 12:02:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/02/27 00:13:14 | 000,816,640 | ---- | C] () -- C:\Users\Maintenance\Desktop\RogueKiller.exe
[2013/02/26 23:56:06 | 000,594,019 | ---- | C] () -- C:\Users\Maintenance\Desktop\adwcleaner.exe
[2013/02/26 23:53:09 | 000,881,950 | ---- | C] () -- C:\Users\Maintenance\Desktop\SecurityCheck.exe
[2013/02/25 16:27:45 | 000,006,526 | ---- | C] () -- C:\Users\Maintenance\AppData\Local\335dee82-3a10-4e20-89c6-33d3acc056c7.crx
[2013/02/25 14:58:57 | 000,057,606 | ---- | C] () -- C:\Users\Maintenance\Desktop\photo.JPG
[2013/02/25 14:42:00 | 000,094,214 | ---- | C] () -- C:\Users\Maintenance\Desktop\Protradesmenservies.pdf
[2013/02/25 14:13:31 | 000,618,147 | ---- | C] () -- C:\Users\Maintenance\Desktop\simplexcontract0001.pdf
[2013/02/25 14:13:17 | 000,178,363 | ---- | C] () -- C:\Users\Maintenance\Desktop\Simplex Grinnell Contract Fire Suppression.pdf
[2013/02/14 12:36:36 | 000,021,268 | ---- | C] () -- C:\Users\Maintenance\Desktop\Intuit.pdf
[2013/01/18 14:36:39 | 000,004,096 | -H-- | C] () -- C:\Users\Maintenance\AppData\Local\keyfile3.drm
[2012/11/21 20:55:54 | 000,000,202 | ---- | C] () -- C:\windows\DxClient.INI
[2012/11/05 11:35:05 | 001,623,320 | ---- | C] () -- C:\windows\System32\nmNsp.dll
[2012/11/05 11:35:05 | 000,177,944 | ---- | C] () -- C:\windows\System32\CESpy.dll
[2012/09/05 13:59:36 | 000,001,251 | ---- | C] () -- C:\Users\Maintenance\Favorites - Shortcut.lnk
[2012/07/30 15:05:11 | 001,633,280 | ---- | C] () -- C:\windows\System32\authServer.exe
[2012/03/12 12:46:57 | 000,221,509 | ---- | C] () -- C:\windows\hpoins19.dat
[2012/03/12 12:46:57 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat
[2012/03/08 20:12:41 | 000,000,090 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
[2012/02/28 16:16:17 | 000,000,193 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
[2012/02/28 16:16:17 | 000,000,063 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
[2012/02/28 16:16:17 | 000,000,044 | ---- | C] () -- C:\ProgramData\Logo_Language.ini
[2012/01/31 15:34:23 | 000,000,017 | ---- | C] () -- C:\Users\Maintenance\AppData\Local\resmon.resmoncfg
[2012/01/31 14:16:22 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2012/01/09 16:36:37 | 000,000,000 | ---- | C] () -- C:\Users\Maintenance\timedate.cpl
[2012/01/06 13:49:55 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2012/01/06 13:46:40 | 000,982,220 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2012/01/06 13:46:38 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2012/01/06 13:46:38 | 000,092,216 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2012/01/06 13:46:37 | 000,439,300 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2011/12/07 13:41:17 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2011/12/07 13:38:01 | 000,000,666 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/11/29 15:47:52 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/11/18 19:28:08 | 000,145,804 | ---- | C] () -- C:\windows\System32\igcompkrng600.bin
[2011/11/18 19:28:08 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll
[2011/11/18 19:28:08 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2011/11/18 17:08:38 | 000,963,116 | ---- | C] () -- C:\windows\System32\igkrng600.bin
[2011/11/18 17:07:13 | 000,008,192 | ---- | C] () -- C:\windows\System32\drivers\IntelMEFWVer.dll
[2011/10/21 18:23:10 | 000,217,536 | ---- | C] () -- C:\windows\System32\igfcg600m.bin
[2011/10/21 18:22:54 | 000,056,832 | ---- | C] () -- C:\windows\System32\igdde32.dll
[2011/10/21 18:03:04 | 013,903,872 | ---- | C] () -- C:\windows\System32\ig4icd32.dll
[2011/10/21 17:52:06 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\windows\System32\drivers\iKeyLFT2.dll
[2011/05/16 14:31:44 | 000,008,592 | ---- | C] () -- C:\windows\System32\ractrlkeyhook.dll

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP