Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help with malware removal [Solved]


  • This topic is locked This topic is locked

#1
timw

timw

    Member

  • Member
  • PipPip
  • 12 posts
I have been having tabs in my Internet Explorer (IE 8)opening by themselves, often multiple copies at the same time (3-6 tabs of the same site). It is a different site each time.

It appears my Windows Security Essentials is either disabled or uninstalled, although I did not do this. When I attempt to re-install it, I get a message that it cannot complete the installation with an error code 0x80070780 .

I ran OTL and the logs are attached. Any help would be greatly appreciated.

OTL logfile created on: 7/10/2013 5:17:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 67.82% Memory free
5.09 Gb Paging File | 4.10 Gb Available in Paging File | 80.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 119.23 Gb Total Space | 34.52 Gb Free Space | 28.95% Space Free | Partition Type: NTFS
Drive E: | 60.26 Gb Total Space | 26.39 Gb Free Space | 43.79% Space Free | Partition Type: FAT32

Computer Name: TIM | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/10 17:10:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
PRC - [2013/06/27 08:47:41 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/08 07:14:38 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/06/08 07:14:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/12/12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2012/11/08 10:01:42 | 004,654,152 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2012/11/08 10:01:42 | 001,065,032 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2012/10/17 04:05:54 | 001,837,672 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
PRC - [2012/10/17 04:05:10 | 000,673,384 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
PRC - [2012/10/10 11:22:30 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2012/08/24 14:41:32 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/12/06 06:40:30 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/15 08:59:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
MOD - [2013/05/15 08:09:29 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll
MOD - [2013/05/15 08:08:12 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/02/14 18:23:58 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013/02/14 18:23:51 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/01/11 17:46:10 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll
MOD - [2013/01/11 17:37:54 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/11 17:37:39 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/11 17:36:43 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/11 17:36:38 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/07/28 18:22:00 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/28 17:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/06/27 08:47:41 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/08 07:14:38 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/06/08 07:14:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/31 10:02:22 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/11/08 10:01:42 | 004,654,152 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2012/11/02 11:15:44 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2012/10/29 08:57:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/24 14:41:32 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/01/25 15:23:54 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/01/25 15:23:54 | 000,192,792 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.355.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/12/06 06:40:30 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/12/06 06:40:08 | 000,061,440 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/12/06 06:38:54 | 000,679,936 | ---- | M] (Intuit, Inc.) [Auto | Stopped] -- C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe -- (QuickBooksDB22)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/06/08 07:14:30 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/25 07:14:33 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/09/21 14:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/09/21 14:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/08/24 14:41:32 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/12/08 01:09:16 | 000,327,400 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2011/10/18 06:53:14 | 006,439,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/07/28 17:20:11 | 007,084,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/12/15 10:06:46 | 000,036,096 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/06/29 16:01:10 | 000,011,832 | R--- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2009/11/17 18:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 18:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/26 22:57:36 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcmdmxp.sys -- (qcusbser)
DRV - [2009/01/24 02:36:22 | 000,103,424 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcserxp.sys -- (qcserxp)
DRV - [2008/12/24 05:40:12 | 000,080,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/04/14 00:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/04/22 23:51:22 | 000,019,840 | ---- | M] (RDM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ustp2.sys -- (ustp2)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2002/09/25 17:11:00 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {593AF7E1-543D-4A8E-82AE-F41517AF5F5D}
IE - HKCU\..\SearchScopes\{593AF7E1-543D-4A8E-82AE-F41517AF5F5D}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MobisynapseSyncHelper] C:\Program Files\Mobisynapse\MobisynapseSyncHelper.exe (Innovation Technology Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKCU..\Run: [HP Officejet Pro 8500 A910 (NET)] C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\spnsrv9x.exe (Rainbow Technologies)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: wellsfargo.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1351515244065 (WUWebControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=972 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6709F088-2BE3-4594-B9DD-D451A08265E4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/29 08:39:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a7cd05b7-df33-11e2-9247-fc6448db03ce}\Shell - "" = AutoRun
O33 - MountPoints2\{a7cd05b7-df33-11e2-9247-fc6448db03ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7cd05b7-df33-11e2-9247-fc6448db03ce}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/10 17:10:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2013/07/10 16:34:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/07/10 14:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2013/07/10 14:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Start Menu\Programs\ErrorEND
[2013/07/10 14:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\ErrorEND
[2013/07/10 14:05:05 | 000,000,000 | ---D | C] -- C:\58a9201ed71c08eeab
[2013/07/10 13:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013/06/27 08:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\Oracle
[2013/06/21 07:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/06/18 12:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\My Documents\ArcGIS Explorer
[2013/06/18 12:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Local Settings\Application Data\ESRI
[2013/06/18 12:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\esri
[2013/06/18 12:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcGIS Explorer Desktop
[2013/06/18 12:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcGIS
[2013/06/18 12:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Explorer (x86)
[2013/06/14 15:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2013/06/14 08:40:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2013/06/13 10:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\Apple Computer
[2013/06/13 10:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/06/13 10:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/06/13 10:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/06/13 10:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/06/13 10:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Local Settings\Application Data\Apple
[2013/06/13 10:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/06/13 10:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2013/06/13 10:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Local Settings\Application Data\Apple Computer
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/10 17:10:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2013/07/10 16:38:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/10 14:25:02 | 000,002,587 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office Word 2007.lnk
[2013/07/10 14:25:02 | 000,002,587 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office Outlook 2007.lnk
[2013/07/10 14:25:02 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office Excel 2007.lnk
[2013/07/10 14:25:02 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office PowerPoint 2007.lnk
[2013/07/10 14:25:02 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office Picture Manager.lnk
[2013/07/10 14:11:14 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\ErrorEND.job
[2013/07/10 14:11:07 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\ErrorEND.lnk
[2013/07/10 14:07:37 | 000,001,965 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/07/10 14:05:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/10 14:00:09 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/07/10 13:56:09 | 000,015,960 | ---- | M] () -- C:\FixitRegBackup.reg
[2013/07/10 13:34:51 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/10 13:34:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/10 11:51:00 | 000,000,482 | -H-- | M] () -- C:\WINDOWS\tasks\WoodMax 1351612689.job
[2013/07/10 10:10:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/07/10 07:46:37 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\CopyBackups.job
[2013/07/10 07:36:09 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/07/10 06:38:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/09 21:35:01 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/09 20:40:09 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/07/09 20:01:00 | 000,000,490 | -H-- | M] () -- C:\WINDOWS\tasks\WoodMax 1351611950.job
[2013/07/03 10:24:16 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\KVSC 88.1 FM.url
[2013/07/03 07:07:40 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\SalesLog.lnk
[2013/07/01 13:56:28 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Connection Diagnostic Tool.lnk
[2013/06/27 09:16:57 | 000,000,435 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\Mobisynapse_Native_Screenshot_2012_192.168.1.8.bat
[2013/06/27 08:50:56 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2013/06/27 08:49:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/26 13:20:40 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/26 08:39:04 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2013/06/21 07:36:41 | 000,002,005 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8500 A910.lnk
[2013/06/21 07:36:20 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/06/19 12:11:55 | 000,008,268 | ---- | M] () -- C:\WINDOWS\System32\acdb.err
[2013/06/18 12:43:30 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ArcGIS Explorer Desktop.lnk
[2013/06/13 10:54:44 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/10 14:11:14 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\ErrorEND.job
[2013/07/10 14:11:07 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\ErrorEND.lnk
[2013/07/10 13:56:09 | 000,015,960 | ---- | C] () -- C:\FixitRegBackup.reg
[2013/07/03 07:07:40 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\SalesLog.lnk
[2013/06/27 09:16:57 | 000,000,435 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\Mobisynapse_Native_Screenshot_2012_192.168.1.8.bat
[2013/06/27 08:50:56 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2013/06/21 07:36:56 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2013/06/21 07:36:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2013/06/21 07:36:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2013/06/21 07:36:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2013/06/21 07:36:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2013/06/21 07:36:41 | 000,002,005 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8500 A910.lnk
[2013/06/21 07:36:20 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/06/18 12:43:30 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ArcGIS Explorer Desktop.lnk
[2013/06/13 10:54:44 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/03/15 07:21:35 | 000,512,376 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/26 18:14:55 | 000,596,042 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1644491937-287218729-682003330-1006-0.dat
[2012/11/02 00:26:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/31 10:44:25 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/30 11:09:36 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2012/10/29 18:03:50 | 000,924,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1644491937-287218729-682003330-1003-0.dat
[2012/10/29 18:03:50 | 000,327,970 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/29 17:31:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/10/29 15:26:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/29 15:26:12 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/29 14:58:06 | 000,569,436 | ---- | C] () -- C:\WINDOWS\System32\pktlib.dll
[2012/10/29 14:58:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ncppa.dll
[2012/10/29 14:58:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\utils.dll
[2012/10/29 14:52:27 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\pss_lib.dll
[2012/10/29 14:52:26 | 000,684,544 | ---- | C] () -- C:\WINDOWS\System32\hinstd.dll
[2012/10/29 14:52:26 | 000,463,872 | ---- | C] () -- C:\WINDOWS\System32\calcldat.dll
[2012/10/29 14:52:26 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\hbridge.dll
[2012/10/29 14:52:26 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\dbgalloc.dll
[2012/10/29 14:50:41 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2012/10/29 08:50:10 | 000,016,836 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/10/29 08:49:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/10/29 08:49:26 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/10/29 08:49:26 | 000,234,855 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/10/29 08:49:26 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/10/29 08:46:05 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2012/10/29 08:46:05 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2012/10/29 08:40:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/10/29 08:37:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/29 08:09:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/21 14:08:36 | 010,919,784 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2012/09/21 14:08:36 | 000,338,136 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2012/09/21 14:08:36 | 000,103,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2012/09/21 13:48:30 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/09/12 16:20:50 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2011/12/06 06:34:10 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2011/12/06 06:34:10 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2011/12/06 06:34:10 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\Gsw32.exe.config
[2011/07/28 18:49:12 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

========== ZeroAccess Check ==========

[2013/05/20 08:00:52 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$c1d8c4cd0eea34ee49f3d9f610e4e601\@
[2013/05/20 08:00:52 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$c1d8c4cd0eea34ee49f3d9f610e4e601\L
[2013/06/27 04:29:25 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$c1d8c4cd0eea34ee49f3d9f610e4e601\U
[2013/06/27 04:29:25 | 000,000,912 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$c1d8c4cd0eea34ee49f3d9f610e4e601\U\00000001.@
[2013/05/20 08:01:13 | 000,011,776 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$c1d8c4cd0eea34ee49f3d9f610e4e601\U\80000000.@
[2013/05/20 08:01:13 | 000,022,016 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$c1d8c4cd0eea34ee49f3d9f610e4e601\U\800000cb.@
[2012/10/29 08:47:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\RECYCLER\S-1-5-21-1644491937-287218729-682003330-1003\$c1d8c4cd0eea34ee49f3d9f610e4e601\o. -- File not found

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 15:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/02 11:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/11/02 08:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2012/10/29 17:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2013/07/10 14:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2013/07/10 06:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/10/29 17:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/10/31 14:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2012/11/06 09:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Autodesk
[2013/06/18 12:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\esri
[2012/11/20 08:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Interact Commerce
[2013/05/03 13:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Leadertech
[2013/07/08 14:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\MB4Outlook
[2013/07/08 14:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mobisynapse
[2013/06/27 08:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Oracle
[2012/11/02 15:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\PrimoPDF
[2012/11/02 13:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Softland
[2013/05/17 09:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\TeamViewer

========== Purity Check ==========



< End of report >

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you run a fresh OTL scan please as I need to check out some different areas. Only one log will be produced this time



  • Run OTL.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • 0

#3
timw

timw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I ran OTL again as requested. The 'include 64 bit scans' check box was not present in my OTL program window. It prodcued both log files again and I have attached them.

Thanks for taking a look at this for me.

OTL logfile created on: 7/11/2013 8:22:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 54.73% Memory free
5.09 Gb Paging File | 3.55 Gb Available in Paging File | 69.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 119.23 Gb Total Space | 33.26 Gb Free Space | 27.90% Space Free | Partition Type: NTFS
Drive E: | 60.26 Gb Total Space | 25.81 Gb Free Space | 42.82% Space Free | Partition Type: FAT32

Computer Name: TIM | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/11 08:20:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
PRC - [2013/07/11 07:49:10 | 011,091,432 | ---- | M] (Microsoft Corporation) -- C:\TempTW\mseinstall.exe
PRC - [2013/06/27 08:47:41 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/08 07:14:38 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/06/08 07:14:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/05/31 10:49:38 | 001,182,024 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
PRC - [2013/05/31 10:02:22 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2013/05/01 00:49:53 | 006,258,488 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
PRC - [2013/05/01 00:49:52 | 000,082,232 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\IBuEngHost.exe
PRC - [2013/01/31 19:05:26 | 000,071,024 | ---- | M] (Innovation Technology Inc.) -- C:\Program Files\Mobisynapse\MobisynapseSyncHelper.exe
PRC - [2013/01/27 11:11:46 | 000,847,920 | ---- | M] (Microsoft Corporation) -- c:\ae3fc0da969092091bef6a78db081a\x86\setup.exe
PRC - [2013/01/27 11:11:06 | 000,324,584 | ---- | M] (Microsoft Corporation) -- c:\ae3fc0da969092091bef6a78db081a\epplauncher.exe
PRC - [2012/12/12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2012/11/08 10:01:42 | 004,654,152 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2012/11/08 10:01:42 | 001,065,032 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2012/10/17 04:05:54 | 001,837,672 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
PRC - [2012/10/17 04:05:10 | 000,673,384 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
PRC - [2012/10/10 11:22:30 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2012/08/24 14:41:32 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/12/06 06:40:30 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/12/06 06:40:08 | 000,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
PRC - [2011/12/06 06:38:54 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe
PRC - [2011/12/06 06:38:52 | 000,050,552 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2012\dbextclr11.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/11 03:18:31 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\faa947d3cf5ddf23a46cf292df004a35\System.EnterpriseServices.ni.dll
MOD - [2013/07/11 03:18:31 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\5ec5f80f35fbc6665e2eddb7711a8410\System.Transactions.ni.dll
MOD - [2013/07/11 03:18:31 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\faa947d3cf5ddf23a46cf292df004a35\System.EnterpriseServices.Wrapper.dll
MOD - [2013/07/11 03:09:24 | 006,817,280 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\a77cef85535aec07317e7b1a302365c1\System.Data.ni.dll
MOD - [2013/07/11 03:09:21 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/11 03:09:17 | 001,013,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/11 03:09:12 | 007,070,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll
MOD - [2013/07/11 03:09:07 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll
MOD - [2013/07/11 03:09:04 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/11 03:08:59 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll
MOD - [2013/07/11 03:08:58 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 03:01:31 | 000,240,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\0d85fc52f9ae1af45899926eb6740bb7\WindowsFormsIntegration.ni.dll
MOD - [2013/07/11 03:01:30 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\dc91f442dd1844d291c778bc5b138fb0\UIAutomationProvider.ni.dll
MOD - [2013/07/11 03:01:21 | 000,224,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5484a552be160e77848996c7229eaaa0\PresentationFramework.Classic.ni.dll
MOD - [2013/07/11 03:01:19 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6f18724ffbb7d53d4ed87db423c179f2\PresentationFramework.ni.dll
MOD - [2013/07/11 03:00:54 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\d3d7e27bef85e6442dbee0e3a2beb6ad\PresentationCore.ni.dll
MOD - [2013/07/11 03:00:43 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4bb59b1e37bed00a559301279e2fea17\WindowsBase.ni.dll
MOD - [2013/05/31 10:50:12 | 000,138,568 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\QBMAPILibrary.dll
MOD - [2013/05/31 10:50:10 | 000,021,320 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\QBCompressor.DLL
MOD - [2013/05/31 10:50:02 | 000,042,824 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\mbpopup.dll
MOD - [2013/05/31 10:49:44 | 000,269,128 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
MOD - [2013/05/31 10:49:44 | 000,176,968 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2013/05/31 10:49:42 | 000,380,744 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\BackupLib.dll
MOD - [2013/05/15 08:59:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
MOD - [2013/05/15 08:59:17 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b6efe2639cf6d0f305cf4cb8d0a34304\System.ServiceModel.ni.dll
MOD - [2013/05/15 08:59:00 | 001,071,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e8172ec65cbfc6cb540889acb30f44a7\System.IdentityModel.ni.dll
MOD - [2013/05/15 08:09:29 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll
MOD - [2013/05/15 08:09:16 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\c52b1734cefd25d5c8e7b4ebf4c1f76a\System.Core.ni.dll
MOD - [2013/05/15 08:08:12 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/05/01 00:49:53 | 000,084,280 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll
MOD - [2013/05/01 00:49:52 | 000,082,232 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\IBuEngHost.exe
MOD - [2013/02/14 18:24:08 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8a0eba3c8f881dd718ab4d1bb5118f15\System.Web.Services.ni.dll
MOD - [2013/02/14 18:23:58 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013/02/14 18:23:51 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/01/31 19:05:14 | 000,050,544 | ---- | M] () -- C:\Program Files\Mobisynapse\Constant.dll
MOD - [2013/01/11 17:46:39 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\64bfc7fc01a4a79ce6b2c433c2e6e1a9\SMDiagnostics.ni.dll
MOD - [2013/01/11 17:46:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\51e7151c1420690c754d7f986c4b1c42\System.Runtime.Serialization.ni.dll
MOD - [2013/01/11 17:46:10 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll
MOD - [2013/01/11 17:37:54 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/11 17:37:39 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/11 17:36:43 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/11 17:36:38 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012/10/29 17:14:59 | 008,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/12/06 06:39:58 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\zlib1.dll
MOD - [2011/07/28 18:22:00 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/28 17:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/06/27 08:47:41 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/08 07:14:38 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/06/08 07:14:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/31 10:02:22 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/11/08 10:01:42 | 004,654,152 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2012/11/02 11:15:44 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2012/10/29 08:57:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/24 14:41:32 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/12/06 06:40:30 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/12/06 06:40:08 | 000,061,440 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/12/06 06:38:54 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe -- (QuickBooksDB22)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/06/08 07:14:30 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/25 07:14:33 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/09/21 14:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/09/21 14:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/08/24 14:41:32 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/12/08 01:09:16 | 000,327,400 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2011/10/18 06:53:14 | 006,439,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/07/28 17:20:11 | 007,084,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/12/15 10:06:46 | 000,036,096 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/06/29 16:01:10 | 000,011,832 | R--- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2009/11/17 18:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 18:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/26 22:57:36 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcmdmxp.sys -- (qcusbser)
DRV - [2009/01/24 02:36:22 | 000,103,424 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcserxp.sys -- (qcserxp)
DRV - [2008/12/24 05:40:12 | 000,080,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/04/14 00:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/04/22 23:51:22 | 000,019,840 | ---- | M] (RDM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ustp2.sys -- (ustp2)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2002/09/25 17:11:00 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1644491937-287218729-682003330-1003\..\SearchScopes,DefaultScope = {593AF7E1-543D-4A8E-82AE-F41517AF5F5D}
IE - HKU\S-1-5-21-1644491937-287218729-682003330-1003\..\SearchScopes\{593AF7E1-543D-4A8E-82AE-F41517AF5F5D}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-1644491937-287218729-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MobisynapseSyncHelper] C:\Program Files\Mobisynapse\MobisynapseSyncHelper.exe (Innovation Technology Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKU\S-1-5-21-1644491937-287218729-682003330-1003..\Run: [HP Officejet Pro 8500 A910 (NET)] C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\spnsrv9x.exe (Rainbow Technologies)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-1644491937-287218729-682003330-1003\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKU\S-1-5-21-1644491937-287218729-682003330-1003\..Trusted Domains: wellsfargo.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1351515244065 (WUWebControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=972 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6709F088-2BE3-4594-B9DD-D451A08265E4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/29 08:39:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a7cd05b7-df33-11e2-9247-fc6448db03ce}\Shell - "" = AutoRun
O33 - MountPoints2\{a7cd05b7-df33-11e2-9247-fc6448db03ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7cd05b7-df33-11e2-9247-fc6448db03ce}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/11 08:20:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2013/07/11 07:49:29 | 000,000,000 | ---D | C] -- C:\ae3fc0da969092091bef6a78db081a
[2013/07/11 07:44:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/11 07:41:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2013/07/10 14:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2013/07/10 13:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013/06/27 08:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\Oracle
[2013/06/27 08:47:47 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/06/27 08:47:47 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/06/27 08:47:45 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/06/27 08:47:45 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/06/27 08:47:45 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/06/21 07:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/06/21 07:36:42 | 000,580,712 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5312.dll
[2013/06/21 07:36:40 | 002,216,848 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkins5312.exe
[2013/06/21 07:36:40 | 001,979,280 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanTRDrv_OJ8500_A910.dll
[2013/06/21 07:36:40 | 000,529,296 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5312.dll
[2013/06/21 07:36:40 | 000,496,016 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPWia1_OJ8500_A910.dll
[2013/06/21 07:36:40 | 000,269,200 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5312LM.dll
[2013/06/21 07:36:40 | 000,221,072 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5312.dll
[2013/06/18 12:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\My Documents\ArcGIS Explorer
[2013/06/18 12:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Local Settings\Application Data\ESRI
[2013/06/18 12:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\esri
[2013/06/14 15:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2013/06/14 08:40:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2013/06/13 10:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\Apple Computer
[2013/06/13 10:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/06/13 10:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/06/13 10:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/06/13 10:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Local Settings\Application Data\Apple
[2013/06/13 10:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Local Settings\Application Data\Apple Computer
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/11 08:20:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2013/07/11 08:03:08 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office Outlook 2007.lnk
[2013/07/11 07:49:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/11 07:38:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/11 07:37:20 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/11 07:36:09 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/07/11 03:12:19 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\CopyBackups.job
[2013/07/11 03:12:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/11 03:12:16 | 000,361,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/11 03:08:27 | 000,552,858 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/11 03:08:27 | 000,107,392 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/11 03:07:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/10 21:35:20 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/10 20:40:09 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/07/10 20:01:13 | 000,000,490 | -H-- | M] () -- C:\WINDOWS\tasks\WoodMax 1351611950.job
[2013/07/10 14:25:02 | 000,002,587 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office Word 2007.lnk
[2013/07/10 14:25:02 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office Excel 2007.lnk
[2013/07/10 14:25:02 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office PowerPoint 2007.lnk
[2013/07/10 14:25:02 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office Picture Manager.lnk
[2013/07/10 14:07:37 | 000,001,965 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/07/10 14:00:09 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/07/10 13:56:09 | 000,015,960 | ---- | M] () -- C:\FixitRegBackup.reg
[2013/07/10 11:51:00 | 000,000,482 | -H-- | M] () -- C:\WINDOWS\tasks\WoodMax 1351612689.job
[2013/07/10 10:10:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/07/10 06:38:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/03 10:24:16 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\KVSC 88.1 FM.url
[2013/07/03 07:07:40 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\SalesLog.lnk
[2013/07/01 13:56:28 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Connection Diagnostic Tool.lnk
[2013/06/27 09:16:57 | 000,000,435 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\Mobisynapse_Native_Screenshot_2012_192.168.1.8.bat
[2013/06/27 08:50:56 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2013/06/27 08:47:41 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/06/27 08:47:41 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/06/27 08:47:41 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/06/27 08:47:41 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/06/27 08:47:41 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/06/27 08:47:41 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/06/27 08:47:41 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/06/26 13:20:40 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/26 08:39:04 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2013/06/21 07:36:41 | 000,002,005 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8500 A910.lnk
[2013/06/21 07:36:20 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/06/19 12:11:55 | 000,008,268 | ---- | M] () -- C:\WINDOWS\System32\acdb.err
[2013/06/13 10:54:44 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/11 03:11:38 | 000,718,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/07/10 13:56:09 | 000,015,960 | ---- | C] () -- C:\FixitRegBackup.reg
[2013/07/03 07:07:40 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\SalesLog.lnk
[2013/06/27 09:16:57 | 000,000,435 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\Mobisynapse_Native_Screenshot_2012_192.168.1.8.bat
[2013/06/27 08:50:56 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2013/06/21 07:36:56 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2013/06/21 07:36:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2013/06/21 07:36:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2013/06/21 07:36:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2013/06/21 07:36:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2013/06/21 07:36:41 | 000,002,005 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8500 A910.lnk
[2013/06/21 07:36:20 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/06/13 10:54:44 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/12/26 18:14:55 | 000,596,042 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1644491937-287218729-682003330-1006-0.dat
[2012/11/02 00:26:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/31 10:44:25 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/30 11:09:36 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2012/10/29 18:03:50 | 001,252,386 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1644491937-287218729-682003330-1003-0.dat
[2012/10/29 18:03:50 | 000,327,970 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/29 17:31:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/10/29 15:26:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/29 15:26:12 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/29 14:58:06 | 000,569,436 | ---- | C] () -- C:\WINDOWS\System32\pktlib.dll
[2012/10/29 14:58:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ncppa.dll
[2012/10/29 14:58:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\utils.dll
[2012/10/29 14:52:27 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\pss_lib.dll
[2012/10/29 14:52:26 | 000,684,544 | ---- | C] () -- C:\WINDOWS\System32\hinstd.dll
[2012/10/29 14:52:26 | 000,463,872 | ---- | C] () -- C:\WINDOWS\System32\calcldat.dll
[2012/10/29 14:52:26 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\hbridge.dll
[2012/10/29 14:52:26 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\dbgalloc.dll
[2012/10/29 14:50:41 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2012/10/29 08:50:10 | 000,016,836 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/10/29 08:49:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/10/29 08:49:26 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/10/29 08:49:26 | 000,234,855 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/10/29 08:49:26 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/10/29 08:46:05 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2012/10/29 08:46:05 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2012/10/29 08:40:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/10/29 08:37:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/29 08:09:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/21 14:08:36 | 010,919,784 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2012/09/21 14:08:36 | 000,338,136 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2012/09/21 14:08:36 | 000,103,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2012/09/21 13:48:30 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/09/12 16:20:50 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2011/12/06 06:34:10 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2011/12/06 06:34:10 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2011/12/06 06:34:10 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\Gsw32.exe.config
[2011/07/28 18:49:12 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

========== ZeroAccess Check ==========

[2013/05/20 08:00:52 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$c1d8c4cd0eea34ee49f3d9f610e4e601\@
[2013/05/20 08:00:52 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$c1d8c4cd0eea34ee49f3d9f610e4e601\L
[2013/06/27 04:29:25 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$c1d8c4cd0eea34ee49f3d9f610e4e601\U
[2013/06/27 04:29:25 | 000,000,912 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$c1d8c4cd0eea34ee49f3d9f610e4e601\U\00000001.@
[2013/05/20 08:01:13 | 000,011,776 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$c1d8c4cd0eea34ee49f3d9f610e4e601\U\80000000.@
[2013/05/20 08:01:13 | 000,022,016 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$c1d8c4cd0eea34ee49f3d9f610e4e601\U\800000cb.@
[2012/10/29 08:47:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\RECYCLER\S-1-5-21-1644491937-287218729-682003330-1003\$c1d8c4cd0eea34ee49f3d9f610e4e601\o. -- File not found

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 15:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/02 11:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/11/02 08:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2012/10/29 17:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2013/07/10 14:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2013/07/11 03:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/10/29 17:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/10/31 14:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2012/12/21 11:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Employees\Application Data\Interact Commerce
[2013/06/19 15:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Employees\Application Data\Mobisynapse
[2012/12/28 07:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Employees\Application Data\TeamViewer
[2012/11/02 13:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Softland
[2012/11/06 09:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Autodesk
[2013/06/18 12:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\esri
[2012/11/20 08:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Interact Commerce
[2013/05/03 13:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Leadertech
[2013/07/08 14:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\MB4Outlook
[2013/07/08 14:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mobisynapse
[2013/06/27 08:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Oracle
[2012/11/02 15:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\PrimoPDF
[2012/11/02 13:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Softland
[2013/05/17 09:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\TeamViewer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 07:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 07:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 07:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 07:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 07:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 07:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 07:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 07:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 07:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 07:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 07:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 07:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 07:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 07:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 07:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 07:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 07:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 07:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 07:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 07:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 07:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 07:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2012/05/15 08:58:11 | 030,218,224 | ---- | M] (IObit ) -- C:\asc-setup.exe
[2012/05/15 07:30:38 | 000,024,576 | ---- | M] () -- C:\memtest.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2003/06/19 14:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) MD5=59CF2B7DCED9111F48F51B4B570E672D -- C:\Backups\Komo HDD Backup2010\WINNT\explorer.exe
[2003/06/19 14:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) MD5=59CF2B7DCED9111F48F51B4B570E672D -- C:\Backups\Komo HDD Backup2010\WINNT\ServicePackFiles\i386\explorer.exe
[2001/05/08 07:00:00 | 000,242,960 | ---- | M] (Microsoft Corporation) MD5=5F3BA74126D0ABC8E113D2AEB86B65CF -- C:\Backups\Komo HDD Backup2010\WINNT\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2001/05/08 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\Backups\Komo HDD Backup2010\WINNT\system32\drivers\etc\services
[2008/04/14 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.ARCGISONLINE.COM_ARCGIS_SERVICES_WORLD_IMAGERY_MAPSERVER >
[2013/07/11 07:39:10 | 000,000,100 | ---- | M] () MD5=A651699799CDDF15CCBC6E84430D6952 -- C:\Documents and Settings\Tim\Local Settings\Temp\E3\MapCacheV1\services.arcgisonline.com_arcgis_services_world_imagery_mapserver

< MD5 for: SERVICES.ARCGISONLINE.COM_ARCGIS_SERVICES_WORLD_STREET_MAP_MAPSERVER >
[2013/06/18 13:06:14 | 000,000,102 | ---- | M] () MD5=D910666A9F27B072622F70B34C6D060A -- C:\Documents and Settings\Tim\Local Settings\Temp\E3\MapCacheV1\services.arcgisonline.com_arcgis_services_world_street_map_mapserver

< MD5 for: SERVICES.CFG >
[2013/05/10 02:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CNF >
[2009/03/02 15:26:23 | 000,000,002 | ---- | M] () MD5=A55822426A5330C04625A41D264C190B -- C:\Heritage\Web Site Backup 3-2-09\_vti_pvt\services.cnf
[2009/11/05 08:58:31 | 000,000,002 | ---- | M] () MD5=A55822426A5330C04625A41D264C190B -- C:\Heritage\WebSiteBackup11-4-2009\_vti_pvt\services.cnf
[2009/06/19 14:47:53 | 000,000,002 | ---- | M] () MD5=A55822426A5330C04625A41D264C190B -- C:\Heritage\WebSiteBackup6-2009\_vti_pvt\services.cnf
[2010/11/20 17:51:18 | 000,000,053 | ---- | M] () MD5=B7E8A161213AE810588F05F30A564BEB -- C:\FrontPage Webs\Content\_vti_pvt\services.cnf

< MD5 for: SERVICES.CSS >
[2011/12/06 06:31:34 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files\Intuit\QuickBooks 2012\Components\Services\services.css

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2001/05/08 07:00:00 | 000,088,848 | ---- | M] (Microsoft Corporation) MD5=048811C03D7F71D2EDEC993348138480 -- C:\Backups\Komo HDD Backup2010\WINNT\$NtServicePackUninstall$\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2005/04/08 06:51:16 | 000,092,944 | ---- | M] (Microsoft Corporation) MD5=B861B4E6E9637EB76A40C10C552E0229 -- C:\Backups\Komo HDD Backup2010\WINNT\system32\dllcache\services.exe
[2005/04/08 06:51:16 | 000,092,944 | ---- | M] (Microsoft Corporation) MD5=B861B4E6E9637EB76A40C10C552E0229 -- C:\Backups\Komo HDD Backup2010\WINNT\system32\SERVICES.EXE
[2003/06/19 14:05:04 | 000,089,360 | ---- | M] (Microsoft Corporation) MD5=CFED2D28F5B8A24127E9E06043070643 -- C:\Backups\Komo HDD Backup2010\WINNT\$NtUpdateRollupPackUninstall$\services.exe
[2003/06/19 14:05:04 | 000,089,360 | ---- | M] (Microsoft Corporation) MD5=CFED2D28F5B8A24127E9E06043070643 -- C:\Backups\Komo HDD Backup2010\WINNT\ServicePackFiles\i386\services.exe

< MD5 for: SERVICES.LNK >
[2012/10/29 08:39:21 | 000,001,602 | ---- | M] () MD5=50CA182CB387E5E3532C787C56CD0A90 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2013/05/23 08:30:43 | 000,000,475 | ---- | M] () MD5=003145C4E57321A44B382E02AD96381E -- C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\8XV5CSSA\mochiads.com\services.mochiads.com.sol
[2013/07/10 13:48:11 | 000,001,175 | ---- | M] () MD5=5ADFEA7E65958565C016EE896FF0D419 -- C:\Documents and Settings\Tim\Application Data\Macromedia\Flash Player\#SharedObjects\ZHWDSRGZ\mochiads.com\services.mochiads.com.sol
[2013/06/14 16:37:55 | 000,001,199 | ---- | M] () MD5=5DD20468D55C597FCA399B3F254B2B60 -- C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\VSFCCRY3\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MSC >
[2001/05/08 07:00:00 | 000,023,040 | ---- | M] () MD5=A7C3708829EEB23DFFEE7CF093F25B8C -- C:\Backups\Komo HDD Backup2010\WINNT\system32\services.msc
[2008/04/14 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2001/05/08 07:00:00 | 000,007,952 | ---- | M] (Microsoft Corporation) MD5=9E64AD53CFD9DA2D22E8A924F8C6E62C -- C:\Backups\Komo HDD Backup2010\WINNT\system32\dllcache\svchost.exe
[2001/05/08 07:00:00 | 000,007,952 | ---- | M] (Microsoft Corporation) MD5=9E64AD53CFD9DA2D22E8A924F8C6E62C -- C:\Backups\Komo HDD Backup2010\WINNT\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2001/05/08 07:00:00 | 000,017,680 | ---- | M] (Microsoft Corporation) MD5=63B99625D94CC8479E896BB407FBF27C -- C:\Backups\Komo HDD Backup2010\WINNT\$NtServicePackUninstall$\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2003/06/19 14:05:04 | 000,017,680 | ---- | M] (Microsoft Corporation) MD5=BF179C5B8A722CC79AEF1CA90D6C7D48 -- C:\Backups\Komo HDD Backup2010\WINNT\ServicePackFiles\i386\userinit.exe
[2003/06/19 14:05:04 | 000,017,680 | ---- | M] (Microsoft Corporation) MD5=BF179C5B8A722CC79AEF1CA90D6C7D48 -- C:\Backups\Komo HDD Backup2010\WINNT\system32\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2001/05/08 07:00:00 | 000,177,936 | ---- | M] (Microsoft Corporation) MD5=1AC45958115F15C26417AEF4B1F53CF4 -- C:\Backups\Komo HDD Backup2010\WINNT\$NtServicePackUninstall$\winlogon.exe
[2003/06/19 14:05:04 | 000,181,008 | ---- | M] (Microsoft Corporation) MD5=3980C28D116D438BBB36FB38526FDE1A -- C:\Backups\Komo HDD Backup2010\WINNT\$NtUninstallKB890859$\winlogon.exe
[2003/06/19 14:05:04 | 000,181,008 | ---- | M] (Microsoft Corporation) MD5=3980C28D116D438BBB36FB38526FDE1A -- C:\Backups\Komo HDD Backup2010\WINNT\ServicePackFiles\i386\winlogon.exe
[2004/08/24 17:59:09 | 000,182,544 | ---- | M] (Microsoft Corporation) MD5=5922E8055EB439A58EF29530D8567A40 -- C:\Backups\Komo HDD Backup2010\WINNT\$NtUninstallKB840987$\winlogon.exe
[2004/08/24 17:59:09 | 000,182,544 | ---- | M] (Microsoft Corporation) MD5=5922E8055EB439A58EF29530D8567A40 -- C:\Backups\Komo HDD Backup2010\WINNT\$NtUninstallKB841533$\winlogon.exe
[2004/08/24 17:59:09 | 000,182,544 | ---- | M] (Microsoft Corporation) MD5=5922E8055EB439A58EF29530D8567A40 -- C:\Backups\Komo HDD Backup2010\WINNT\$NtUpdateRollupPackUninstall$\winlogon.exe
[2005/04/08 06:51:16 | 000,186,640 | ---- | M] (Microsoft Corporation) MD5=BB1DAF6A5737652646D52665251A0265 -- C:\Backups\Komo HDD Backup2010\WINNT\system32\dllcache\WINLOGON.EXE
[2005/04/08 06:51:16 | 000,186,640 | ---- | M] (Microsoft Corporation) MD5=BB1DAF6A5737652646D52665251A0265 -- C:\Backups\Komo HDD Backup2010\WINNT\system32\WINLOGON.EXE
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 10C5-2F8C
Directory of C:\Program Files\Microsoft Security Client
10/30/2012 10:28 AM <JUNCTION> Backup
05/23/2012 10:25 AM <JUNCTION> DbgHelp.dll
02/14/2013 06:18 PM <JUNCTION> Drivers
02/14/2013 06:18 PM <JUNCTION> en-us
01/27/2013 03:37 PM <JUNCTION> EppManifest.dll
02/08/2012 04:06 PM <JUNCTION> LegitLib.dll
01/27/2013 01:25 PM <JUNCTION> MpAsDesc.dll
01/27/2013 12:12 PM <JUNCTION> MpClient.dll
01/27/2013 12:11 PM <JUNCTION> MpCmdRun.exe
01/27/2013 12:12 PM <JUNCTION> MpCommu.dll
01/27/2013 01:05 PM <JUNCTION> mpevmsg.dll
01/27/2013 12:12 PM <JUNCTION> MpOAv.dll
01/27/2013 12:12 PM <JUNCTION> MpRTP.dll
01/27/2013 12:12 PM <JUNCTION> MpSvc.dll
01/27/2013 12:12 PM <JUNCTION> MsMpCom.dll
01/27/2013 12:11 PM <JUNCTION> MsMpEng.exe
01/27/2013 12:11 PM <JUNCTION> MsMpLics.dll
01/27/2013 12:08 PM <JUNCTION> MsMpRes.dll
01/27/2013 12:11 PM <JUNCTION> msseces.exe
01/27/2013 12:11 PM <JUNCTION> MsseWat.dll
01/27/2013 12:11 PM <JUNCTION> Setup.exe
01/27/2013 12:08 PM <JUNCTION> SetupRes.dll
01/27/2013 12:08 PM <JUNCTION> shellext.dll
02/08/2012 04:06 PM <JUNCTION> SqmApi.dll
05/23/2012 10:25 AM <JUNCTION> SymSrv.dll
04/06/2012 09:59 AM <JUNCTION> SymSrv.yes
23 File(s) 8,144,177 bytes
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
05/15/2013 08:08 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
05/15/2013 08:08 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\Intuit.QuickBooks.FCS
10/29/2012 05:36 PM <JUNCTION> 1.3.0.0__5b3f47ba29970ccb
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
07/11/2013 03:08 AM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
01/11/2013 05:34 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
23 File(s) 8,144,177 bytes
8 Dir(s) 35,682,025,472 bytes free

< >
[2012/10/29 08:38:17 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012/10/29 08:44:02 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012/10/30 10:46:00 | 000,000,490 | -H-- | C] () -- C:\WINDOWS\Tasks\WoodMax 1351611950.job
[2012/10/30 10:58:09 | 000,000,482 | -H-- | C] () -- C:\WINDOWS\Tasks\WoodMax 1351612689.job
[2012/10/30 16:14:59 | 000,000,226 | ---- | C] () -- C:\WINDOWS\Tasks\CopyBackups.job
[2012/11/27 16:24:06 | 000,000,876 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013/02/14 18:28:34 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
[2013/05/10 22:28:12 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013/06/21 07:36:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\Tasks\At1.job
[2013/06/21 07:36:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\Tasks\At2.job
[2013/06/21 07:36:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\Tasks\At3.job
[2013/06/21 07:36:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\Tasks\At4.job

< End of report >

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK on completion of this can you let me know what problems remain, also does MSE now work

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
[2012/10/30 10:46:00 | 000,000,490 | -H-- | C] () -- C:\WINDOWS\Tasks\WoodMax 1351611950.job
[2012/10/30 10:58:09 | 000,000,482 | -H-- | C] () -- C:\WINDOWS\Tasks\WoodMax 1351612689.job

:Reg
[-HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

:Files
C:\WINDOWS\tasks\At*.job
C:\RECYCLER\S-1-5-18\$c1d8c4cd0eea34ee49f3d9f610e4e601

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
timw

timw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Can you tell me a typical length of time it takes to run this fix?

It has been running for 2-1/2 hours and the last 2 hours the only change is the status bar repeatedly moves rapidly left to right across the bottom of the window. Does this mean it is still working, or has it possibly hung up or gone into a loop of some sort?

Thank you.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That does sound a bit long. Stop OTL and run a fresh scan for me please
  • 0

#7
timw

timw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OK, the Run Fix procedure finally completed successfully after 3-1/2 hrs. The log file for the fix is attached.

I re-booted and ran a Quick scan, and the log file for that scan is alos attached here.

I then tried to install MSE, but it failed with the same error message and code.

Thank you.

OTL logfile created on: 7/11/2013 12:38:51 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 64.68% Memory free
5.09 Gb Paging File | 4.16 Gb Available in Paging File | 81.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 119.23 Gb Total Space | 59.08 Gb Free Space | 49.55% Space Free | Partition Type: NTFS
Drive E: | 60.26 Gb Total Space | 25.81 Gb Free Space | 42.82% Space Free | Partition Type: FAT32

Computer Name: TIM | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/11 12:38:27 | 001,173,456 | ---- | M] (Google Inc.) -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_C03E0.tmp\setup.exe
PRC - [2013/07/11 08:20:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
PRC - [2013/07/09 10:30:00 | 007,256,928 | ---- | M] () -- C:\Program Files\Google\Update\Install\{EB8D5E4E-BF3B-4ADF-90C8-5B36C3FCB36B}\28.0.1500.71_27.0.1453.116_chrome_updater.exe
PRC - [2013/06/27 08:47:41 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/08 07:14:38 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/06/08 07:14:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/05/31 10:49:38 | 001,182,024 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
PRC - [2013/05/31 10:02:22 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2013/05/01 00:49:53 | 006,258,488 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
PRC - [2013/05/01 00:49:52 | 000,082,232 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\IBuEngHost.exe
PRC - [2013/01/31 19:05:26 | 000,071,024 | ---- | M] (Innovation Technology Inc.) -- C:\Program Files\Mobisynapse\MobisynapseSyncHelper.exe
PRC - [2012/12/12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2012/11/08 10:01:42 | 004,654,152 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2012/11/08 10:01:42 | 001,065,032 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2012/10/17 04:05:54 | 001,837,672 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
PRC - [2012/10/17 04:05:10 | 000,673,384 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
PRC - [2012/10/10 11:22:30 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2012/08/24 14:41:32 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/12/06 06:40:30 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/12/06 06:40:08 | 000,061,440 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
PRC - [2011/12/06 06:38:54 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe
PRC - [2011/02/14 08:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/11 03:18:43 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9f22d07e9863e4e1bf4f47ef4c3862e6\System.ServiceProcess.ni.dll
MOD - [2013/07/11 03:09:21 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/11 03:09:17 | 001,013,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/11 03:09:04 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/11 03:08:58 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/07/11 03:01:31 | 000,240,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\0d85fc52f9ae1af45899926eb6740bb7\WindowsFormsIntegration.ni.dll
MOD - [2013/07/11 03:01:30 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\dc91f442dd1844d291c778bc5b138fb0\UIAutomationProvider.ni.dll
MOD - [2013/07/11 03:01:21 | 000,224,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5484a552be160e77848996c7229eaaa0\PresentationFramework.Classic.ni.dll
MOD - [2013/07/11 03:01:19 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6f18724ffbb7d53d4ed87db423c179f2\PresentationFramework.ni.dll
MOD - [2013/07/11 03:00:54 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\d3d7e27bef85e6442dbee0e3a2beb6ad\PresentationCore.ni.dll
MOD - [2013/07/11 03:00:43 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4bb59b1e37bed00a559301279e2fea17\WindowsBase.ni.dll
MOD - [2013/07/09 10:30:00 | 007,256,928 | ---- | M] () -- C:\Program Files\Google\Update\Install\{EB8D5E4E-BF3B-4ADF-90C8-5B36C3FCB36B}\28.0.1500.71_27.0.1453.116_chrome_updater.exe
MOD - [2013/05/31 10:50:12 | 000,138,568 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\QBMAPILibrary.dll
MOD - [2013/05/31 10:50:10 | 000,021,320 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\QBCompressor.DLL
MOD - [2013/05/31 10:50:02 | 000,042,824 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\mbpopup.dll
MOD - [2013/05/31 10:49:44 | 000,269,128 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
MOD - [2013/05/31 10:49:44 | 000,176,968 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2013/05/31 10:49:42 | 000,380,744 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\BackupLib.dll
MOD - [2013/05/15 08:59:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
MOD - [2013/05/15 08:59:17 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b6efe2639cf6d0f305cf4cb8d0a34304\System.ServiceModel.ni.dll
MOD - [2013/05/15 08:59:00 | 001,071,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e8172ec65cbfc6cb540889acb30f44a7\System.IdentityModel.ni.dll
MOD - [2013/05/15 08:09:29 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll
MOD - [2013/05/15 08:09:16 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\c52b1734cefd25d5c8e7b4ebf4c1f76a\System.Core.ni.dll
MOD - [2013/05/15 08:08:12 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/05/01 00:49:53 | 000,084,280 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll
MOD - [2013/05/01 00:49:52 | 000,082,232 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\IBuEngHost.exe
MOD - [2013/02/14 18:24:08 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8a0eba3c8f881dd718ab4d1bb5118f15\System.Web.Services.ni.dll
MOD - [2013/02/14 18:23:58 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013/02/14 18:23:51 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/01/31 19:05:14 | 000,050,544 | ---- | M] () -- C:\Program Files\Mobisynapse\Constant.dll
MOD - [2013/01/11 17:46:39 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\64bfc7fc01a4a79ce6b2c433c2e6e1a9\SMDiagnostics.ni.dll
MOD - [2013/01/11 17:46:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\51e7151c1420690c754d7f986c4b1c42\System.Runtime.Serialization.ni.dll
MOD - [2013/01/11 17:46:10 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll
MOD - [2013/01/11 17:37:54 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/11 17:37:39 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/11 17:36:43 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/11 17:36:38 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012/10/29 17:14:59 | 008,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/12/06 06:39:58 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2012\zlib1.dll
MOD - [2011/07/28 18:22:00 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/28 17:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2011/02/14 08:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2010/03/16 13:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/06/27 08:47:41 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/08 07:14:38 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/06/08 07:14:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/31 10:02:22 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/11/08 10:01:42 | 004,654,152 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2012/11/02 11:15:44 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2012/10/29 08:57:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/24 14:41:32 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/12/06 06:40:30 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/12/06 06:40:08 | 000,061,440 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/12/06 06:38:54 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe -- (QuickBooksDB22)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/06/08 07:14:30 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/25 07:14:33 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/09/21 14:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/09/21 14:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/08/24 14:41:32 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/12/08 01:09:16 | 000,327,400 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2011/10/18 06:53:14 | 006,439,528 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/07/28 17:20:11 | 007,084,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/12/15 10:06:46 | 000,036,096 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/06/29 16:01:10 | 000,011,832 | R--- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2009/11/17 18:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 18:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/26 22:57:36 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcmdmxp.sys -- (qcusbser)
DRV - [2009/01/24 02:36:22 | 000,103,424 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcserxp.sys -- (qcserxp)
DRV - [2008/12/24 05:40:12 | 000,080,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/04/14 00:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/04/22 23:51:22 | 000,019,840 | ---- | M] (RDM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ustp2.sys -- (ustp2)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2002/09/25 17:11:00 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {593AF7E1-543D-4A8E-82AE-F41517AF5F5D}
IE - HKCU\..\SearchScopes\{593AF7E1-543D-4A8E-82AE-F41517AF5F5D}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll File not found



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/07/11 09:31:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MobisynapseSyncHelper] C:\Program Files\Mobisynapse\MobisynapseSyncHelper.exe (Innovation Technology Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKCU..\Run: [HP Officejet Pro 8500 A910 (NET)] C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\spnsrv9x.exe (Rainbow Technologies)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: wellsfargo.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1351515244065 (WUWebControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=972 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6709F088-2BE3-4594-B9DD-D451A08265E4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/29 08:39:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a7cd05b7-df33-11e2-9247-fc6448db03ce}\Shell - "" = AutoRun
O33 - MountPoints2\{a7cd05b7-df33-11e2-9247-fc6448db03ce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7cd05b7-df33-11e2-9247-fc6448db03ce}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/11 09:31:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/11 08:20:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2013/07/11 07:44:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/11 07:41:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2013/07/10 14:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2013/07/10 13:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013/06/27 08:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\Oracle
[2013/06/21 07:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/06/18 12:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\My Documents\ArcGIS Explorer
[2013/06/18 12:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Local Settings\Application Data\ESRI
[2013/06/18 12:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\esri
[2013/06/14 15:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2013/06/14 08:40:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2013/06/13 10:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\Apple Computer
[2013/06/13 10:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/06/13 10:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/06/13 10:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/06/13 10:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Local Settings\Application Data\Apple
[2013/06/13 10:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Local Settings\Application Data\Apple Computer

========== Files - Modified Within 30 Days ==========

[2013/07/11 12:38:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/11 12:36:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/11 12:36:27 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/11 12:36:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/11 09:31:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/07/11 09:30:17 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office Word 2007.lnk
[2013/07/11 09:24:43 | 000,001,965 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/07/11 09:14:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/11 09:01:43 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office Outlook 2007.lnk
[2013/07/11 08:20:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2013/07/11 03:12:19 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\CopyBackups.job
[2013/07/11 03:12:16 | 000,361,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/11 03:08:27 | 000,552,858 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/11 03:08:27 | 000,107,392 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/11 03:07:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/10 21:35:20 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/10 14:25:02 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office Excel 2007.lnk
[2013/07/10 14:25:02 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office PowerPoint 2007.lnk
[2013/07/10 14:25:02 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Office Picture Manager.lnk
[2013/07/10 13:56:09 | 000,015,960 | ---- | M] () -- C:\FixitRegBackup.reg
[2013/07/03 10:24:16 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\KVSC 88.1 FM.url
[2013/07/03 07:07:40 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\SalesLog.lnk
[2013/07/01 13:56:28 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Connection Diagnostic Tool.lnk
[2013/06/27 09:16:57 | 000,000,435 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\Mobisynapse_Native_Screenshot_2012_192.168.1.8.bat
[2013/06/27 08:50:56 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2013/06/26 13:20:40 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/26 08:39:04 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2013/06/21 07:36:41 | 000,002,005 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8500 A910.lnk
[2013/06/21 07:36:20 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/06/19 12:11:55 | 000,008,268 | ---- | M] () -- C:\WINDOWS\System32\acdb.err
[2013/06/13 10:54:44 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2013/07/11 03:11:38 | 000,718,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/07/10 13:56:09 | 000,015,960 | ---- | C] () -- C:\FixitRegBackup.reg
[2013/07/03 07:07:40 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\SalesLog.lnk
[2013/06/27 09:16:57 | 000,000,435 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\Mobisynapse_Native_Screenshot_2012_192.168.1.8.bat
[2013/06/27 08:50:56 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2013/06/21 07:36:56 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2013/06/21 07:36:41 | 000,002,005 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8500 A910.lnk
[2013/06/21 07:36:20 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/06/13 10:54:44 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/12/26 18:14:55 | 000,596,042 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1644491937-287218729-682003330-1006-0.dat
[2012/11/02 00:26:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/31 10:44:25 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/30 11:09:36 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2012/10/29 18:03:50 | 001,252,386 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1644491937-287218729-682003330-1003-0.dat
[2012/10/29 18:03:50 | 000,327,970 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/29 17:31:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/10/29 15:26:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/29 15:26:12 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/29 14:58:06 | 000,569,436 | ---- | C] () -- C:\WINDOWS\System32\pktlib.dll
[2012/10/29 14:58:06 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ncppa.dll
[2012/10/29 14:58:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\utils.dll
[2012/10/29 14:52:27 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\pss_lib.dll
[2012/10/29 14:52:26 | 000,684,544 | ---- | C] () -- C:\WINDOWS\System32\hinstd.dll
[2012/10/29 14:52:26 | 000,463,872 | ---- | C] () -- C:\WINDOWS\System32\calcldat.dll
[2012/10/29 14:52:26 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\hbridge.dll
[2012/10/29 14:52:26 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\dbgalloc.dll
[2012/10/29 14:50:41 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2012/10/29 08:50:10 | 000,016,836 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/10/29 08:49:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/10/29 08:49:26 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/10/29 08:49:26 | 000,234,855 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/10/29 08:49:26 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/10/29 08:46:05 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2012/10/29 08:46:05 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2012/10/29 08:40:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/10/29 08:37:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/29 08:09:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/21 14:08:36 | 010,919,784 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2012/09/21 14:08:36 | 000,338,136 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2012/09/21 14:08:36 | 000,103,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2012/09/21 13:48:30 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/09/12 16:20:50 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2011/12/06 06:34:10 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2011/12/06 06:34:10 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2011/12/06 06:34:10 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\Gsw32.exe.config
[2011/07/28 18:49:12 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

========== ZeroAccess Check ==========

[2012/10/29 08:47:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 15:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/02 11:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/11/02 08:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2012/10/29 17:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2013/07/10 14:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2013/07/11 03:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/10/29 17:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/10/31 14:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2012/11/06 09:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Autodesk
[2013/06/18 12:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\esri
[2012/11/20 08:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Interact Commerce
[2013/05/03 13:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Leadertech
[2013/07/08 14:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\MB4Outlook
[2013/07/08 14:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mobisynapse
[2013/06/27 08:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Oracle
[2012/11/02 15:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\PrimoPDF
[2012/11/02 13:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Softland
[2013/05/17 09:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\TeamViewer

========== Purity Check ==========



< End of report >

Attached Files


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi the reason for the long fix was the amount of junk files on the computer Total Files Cleaned = 21,631.00 mb :)

OK lets now hit the main infection

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
timw

timw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I ran Combo Fix and the log is attached. It did detect that MSE was running on my machine, but i could not find it. It is not in the Add/Rmove Programs list, nor is it in the Tasks/Processes window. So I ran Combo Fix anyway.

I was then able to successfully install MSE and it is now updating and scanning.

Thank you for you help. I think this means I am good to go!

Please let me know if you see anything else in the log file.

Regards,
Tim

Attached Files


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No the logs look good now, combofix removed the junctions points which is a little hard to do manually in XP

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP