Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

optimize-App.com Removal [Solved]

Started by pattyL , Jan 19 2014 04:48 PM

This topic is locked

#16
pattyL

Posted 25 January 2014 - 03:00 PM

Member

Topic Starter
Member
35 posts

Logs:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\MLOVEL~1.LOV\AppData\Local\Temp\catchme.sys not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\ProgramData\GlarySoft folder moved successfully.
C:\Users\mlovelace.lovelaceeng\AppData\Roaming\GlarySoft folder moved successfully.
========== REGISTRY ==========
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}\\"AutoStart"|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mlovelace
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mlovelace.lovelaceeng
->Temp folder emptied: 3306738 bytes
->Temporary Internet Files folder emptied: 32235950 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 55982497 bytes
->Flash cache emptied: 581 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61632515 bytes
RecycleBin emptied: 2195768 bytes

Total Files Cleaned = 148.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01242014_120258

Files\Folders moved on Reboot...
C:\Users\mlovelace.lovelaceeng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QO6TYL7I\page__gopid__2369428[1].htm moved successfully.
C:\Users\mlovelace.lovelaceeng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G9H1PADV\page__pid__2369443[1].htm moved successfully.
C:\Users\mlovelace.lovelaceeng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\mlovelace.lovelaceeng\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.18.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16750
mlovelace :: MLOVELACE-PC [administrator]

1/24/2014 12:12:53 PM
mbam-log-2014-01-24 (12-12-53).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 515695
Time elapsed: 1 hour(s), 24 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\mlovelace.lovelaceeng\Downloads\Setup.exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.

(end)

C:\AdwCleaner\Quarantine\C\Users\mlovelace.lovelaceeng\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\mlovelace.lovelaceeng\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.37.zip.vir Win32/NextLive.A application
C:\AdwCleaner\Quarantine\C\Users\mlovelace.lovelaceeng\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A application
C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\mlovelace.lovelaceeng\Downloads\ccsetup409 (1).exe Win32/Bundled.Toolbar.Google.D application
C:\Users\mlovelace.lovelaceeng\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D application

#17
godawgs

Posted 25 January 2014 - 03:03 PM

Teacher

Retired Staff
8,228 posts

Is the IE pop up gone now?

#18
pattyL

Posted 25 January 2014 - 03:11 PM

Member

Topic Starter
Member
35 posts

No, it still comes up.

But I'm thinking I may have made a mistake on the last set of instructions you gave me. For the OTL scan, I think I ran it with the text in the quote box like you said, but did not do it "as an administrator". So I ran it again as an administrator, but might have forgot to paste the text in the quote box. So that log might not be corr4ect, I'm not sure now, I did it yesterday. Would it be worth re-running that?

I have this different OTL log (below) with an earlier time (not sure which one is correct now). Also, I didn't see where I told the other scans to remove the threats?

OTL logfile created on: 1/24/2014 10:12:18 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mlovelace.lovelaceeng\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 59.83% Memory free
6.49 Gb Paging File | 5.09 Gb Available in Paging File | 78.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.32 Gb Total Space | 82.12 Gb Free Space | 27.62% Space Free | Partition Type: NTFS
Drive D: | 353.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MLOVELACE-PC | User Name: mlovelace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/21 15:59:28 | 000,203,088 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2014/01/21 15:59:01 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2014/01/19 14:33:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mlovelace.lovelaceeng\Downloads\OTL.exe
PRC - [2014/01/19 06:26:12 | 000,840,072 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_38_ActiveX.exe
PRC - [2013/12/13 07:51:13 | 000,309,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/09/06 19:59:50 | 015,997,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2013/05/17 14:30:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2013/02/15 17:23:34 | 014,731,776 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
PRC - [2012/11/22 18:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/20 00:18:20 | 007,065,224 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
PRC - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 11:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/11/09 10:59:18 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/21 14:01:38 | 000,147,840 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/06/22 09:33:38 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010/03/29 10:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2010/03/29 10:45:46 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
PRC - [2009/12/08 18:41:40 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/12/08 18:41:40 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 17:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/21 15:30:49 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\071856a2fade2421a4b3440ce7e5810c\stdole.ni.dll
MOD - [2014/01/21 15:10:38 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2014/01/21 15:09:47 | 007,350,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Bluebeam.Utilities\3ad55f7a4b88ccbd1f071f765c1bcb3a\Bluebeam.Utilities.ni.dll
MOD - [2014/01/21 15:07:45 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll
MOD - [2014/01/21 15:07:40 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2014/01/21 15:07:28 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\40b43527d6fdbeb6e905a7b6123f3a42\System.Web.ni.dll
MOD - [2014/01/21 15:07:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dd8f4efb7e81c75fe444a180f6f1aacf\System.Runtime.Remoting.ni.dll
MOD - [2014/01/21 15:07:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2014/01/21 15:06:54 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2014/01/21 15:06:36 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2014/01/21 15:06:33 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2014/01/21 15:06:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2014/01/21 15:06:25 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/02/14 15:46:50 | 001,044,048 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2012/08/20 00:18:20 | 007,065,224 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
MOD - [2012/08/20 00:17:50 | 000,310,272 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\swscale-2.dll
MOD - [2012/08/20 00:17:48 | 002,535,936 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\avformat-54.dll
MOD - [2012/08/20 00:17:48 | 000,142,848 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\avutil-51.dll
MOD - [2012/08/20 00:17:46 | 013,766,656 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\avcodec-54.dll
MOD - [2012/08/20 00:17:42 | 000,684,032 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\libexpat.dll
MOD - [2012/08/20 00:17:40 | 000,466,975 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\sqlite3.dll
MOD - [2011/06/29 02:05:04 | 000,448,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\office.dll
MOD - [2011/06/29 02:05:03 | 000,004,608 | ---- | M] () -- C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll
MOD - [2010/12/14 13:29:03 | 000,972,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2010/12/08 16:59:26 | 000,046,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.460.18066__f25c74fcad379103\Status Lib.dll
MOD - [2010/12/08 16:59:26 | 000,014,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.460.18065__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2010/12/08 16:54:26 | 001,703,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:26 | 000,692,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3609.23327__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:26 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:26 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:26 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3609.23341__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:26 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:26 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:26 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,749,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3609.23337__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3609.23317__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:25 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:25 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/12/08 16:54:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/12/08 16:54:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/12/08 16:54:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/12/08 16:54:25 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:24 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/12/08 16:54:24 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/12/08 16:54:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/12/08 16:54:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/12/08 16:54:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/12/08 16:54:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/12/08 16:54:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010/12/08 16:54:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/12/08 16:54:24 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/12/08 16:54:23 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/12/08 16:54:23 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/12/08 16:54:23 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/12/08 16:54:23 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/12/08 16:54:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/12/08 16:54:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll
MOD - [2010/12/08 16:54:23 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/12/08 16:54:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/12/08 16:54:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/12/08 16:54:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/12/08 16:54:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/12/08 16:54:23 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/12/08 16:54:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/12/08 16:54:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/12/08 16:54:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/12/08 16:54:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/12/08 16:54:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/12/08 16:54:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/12/08 16:54:23 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/09/02 23:29:14 | 000,678,384 | ---- | M] () -- C:\Program Files\Roxio\OEM\Roxio Burn\RBVirtualFolder.dll
MOD - [2010/03/02 10:46:38 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2010/01/19 10:44:30 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/01/18 13:50:01 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeXMP.dll
MOD - [2008/11/18 11:25:08 | 000,016,384 | R--- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/11/12 11:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
MOD - [2007/11/16 15:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\ccme_base.dll
MOD - [2007/11/16 15:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\cryptocme2.dll

========== Services (SafeList) ==========

SRV - [2014/01/21 15:59:28 | 000,203,088 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2014/01/21 15:59:01 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/01/19 06:26:15 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 20:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/17 14:30:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/28 08:27:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/11/09 10:59:18 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/19 03:00:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/03 23:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/03 23:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/04/27 22:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe -- (QuickBooksDB21)
SRV - [2010/03/29 10:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/02/03 15:24:20 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/12/08 18:41:40 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/11/12 11:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\USBKey.sys -- (usbkey)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MLOVEL~1.LOV\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014/01/21 15:59:04 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/23 06:44:48 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/12/09 13:20:23 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/06/08 11:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/05/13 19:35:22 | 000,035,776 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/04/12 12:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 03:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 03:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 01:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/17 09:42:46 | 000,179,520 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2010/09/17 09:42:46 | 000,064,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010/01/19 10:46:44 | 000,229,888 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/12/08 18:41:40 | 005,140,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/11/16 15:21:24 | 002,748,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService)
DRV - [2009/09/17 07:05:02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2009/09/17 07:05:02 | 000,038,376 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2009/07/13 15:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/20 04:34:56 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/05/11 09:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 12:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9D389CAE-A4CB-4BB7-98F7-241E0E4BCA19}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goggle.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS485
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*;<local>

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1: C:\Users\mlovelace.lovelaceeng\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\mlovelace.lovelaceeng\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\Application\32.0.1700.76\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Drive = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/01/21 10:43:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: lovelaceeng.com ([server] https in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lovelaceeng.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{931E52D8-6786-4AB7-BD14-CFCE5BC4414C}: DhcpNameServer = 192.168.254.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/10 14:40:01 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/30 08:56:22 | 000,000,000 | ---D | M] - D:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2011/03/30 08:56:21 | 000,000,041 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/24 09:49:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/24 09:49:01 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\mlovelace.lovelaceeng\Desktop\JRT.exe
[2014/01/21 15:44:37 | 000,361,185 | ---- | C] (Farbar) -- C:\Users\mlovelace.lovelaceeng\Desktop\FSS.exe
[2014/01/21 10:49:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/21 10:43:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/21 10:31:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/21 10:31:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/21 10:31:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/21 10:31:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/21 10:31:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/21 10:30:07 | 005,172,786 | R--- | C] (Swearware) -- C:\Users\mlovelace.lovelaceeng\Desktop\ComboFix.exe
[2014/01/21 10:12:47 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mlovelace.lovelaceeng\Desktop\tdsskiller.exe
[2014/01/21 10:03:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/21 07:33:32 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\mlovelace.lovelaceeng\Desktop\aswmbr.exe
[2014/01/21 07:28:10 | 000,000,000 | ---D | C] -- C:\Users\mlovelace.lovelaceeng\Desktop\BackupFile
[2014/01/19 09:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
[2014/01/19 08:37:35 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/19 07:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/01/19 07:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/01/18 10:32:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2014/01/15 10:06:30 | 000,000,000 | ---D | C] -- C:\Users\mlovelace.lovelaceeng\Desktop\New folder
[2014/01/10 15:03:48 | 000,000,000 | ---D | C] -- C:\Users\mlovelace.lovelaceeng\AppData\Local\cache
[2014/01/10 15:01:44 | 000,000,000 | ---D | C] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\DigitalSites
[2014/01/08 15:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2014/01/08 15:16:35 | 000,000,000 | ---D | C] -- C:\Users\mlovelace.lovelaceeng\Documents\Downloaded Installations
[2014/01/08 15:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RISA
[2014/01/08 15:14:56 | 000,000,000 | ---D | C] -- C:\RISA

========== Files - Modified Within 30 Days ==========

[2014/01/24 10:12:28 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/24 10:12:28 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/24 10:12:21 | 000,664,788 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/24 10:12:21 | 000,122,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/24 10:09:00 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2214254689-1862867731-28425037-1155UA.job
[2014/01/24 10:05:06 | 000,000,000 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\AppData\Local\WavXMapDrive.bat
[2014/01/24 10:05:05 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/24 10:04:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/24 10:04:32 | 2615,394,304 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/24 10:01:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/24 09:51:10 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/24 09:49:12 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\mlovelace.lovelaceeng\Desktop\JRT.exe
[2014/01/23 13:09:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2214254689-1862867731-28425037-1155Core.job
[2014/01/21 15:59:04 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2014/01/21 15:59:02 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2014/01/21 15:59:01 | 000,085,832 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2014/01/21 15:44:37 | 000,361,185 | ---- | M] (Farbar) -- C:\Users\mlovelace.lovelaceeng\Desktop\FSS.exe
[2014/01/21 15:41:03 | 001,236,282 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\AdwCleaner.exe
[2014/01/21 15:04:46 | 000,554,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/21 10:43:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/01/21 10:30:16 | 005,172,786 | R--- | M] (Swearware) -- C:\Users\mlovelace.lovelaceeng\Desktop\ComboFix.exe
[2014/01/21 10:13:08 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mlovelace.lovelaceeng\Desktop\tdsskiller.exe
[2014/01/21 07:39:49 | 226,361,344 | R--- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW.TLG
[2014/01/21 07:39:49 | 099,733,504 | R--- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW
[2014/01/21 07:39:46 | 000,000,429 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW.ND
[2014/01/21 07:35:45 | 000,000,512 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\MBR.dat
[2014/01/21 07:33:52 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\mlovelace.lovelaceeng\Desktop\aswmbr.exe
[2014/01/21 07:26:45 | 000,000,389 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW.DSN
[2014/01/20 16:11:24 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks File Doctor.lnk
[2014/01/20 16:00:04 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2014/01/20 14:57:56 | 000,080,935 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision4.pdf
[2014/01/20 14:52:48 | 000,080,605 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision3.pdf
[2014/01/20 14:52:13 | 000,080,585 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision2.pdf
[2014/01/20 14:44:49 | 000,080,687 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision.PDF
[2014/01/19 09:02:55 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2014/01/19 08:14:59 | 000,164,416 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\cc_20140119_081425.reg
[2014/01/19 00:01:05 | 000,000,180 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\WB.CFG
[2014/01/19 00:01:04 | 000,000,005 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\WBPU-TTL.DAT
[2014/01/18 11:09:03 | 000,421,661 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Lavallart.PDF
[2014/01/18 09:28:09 | 000,062,647 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Invoice, Lavallart.pdf
[2014/01/16 13:30:09 | 000,002,452 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Google Chrome.lnk
[2014/01/16 10:56:10 | 000,398,770 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Lavallart Truss Reinforcement.pdf
[2014/01/16 08:53:41 | 000,112,900 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\email with digital 2015.jpg
[2014/01/15 13:44:16 | 000,075,906 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Transaction Details - PayPal.pdf
[2014/01/15 09:50:02 | 000,044,544 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Miles stamp, 12-31-15 20%.jpg
[2014/01/15 09:05:41 | 000,029,135 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Kaina Lavallart.r3d
[2014/01/13 14:10:04 | 000,260,247 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\OMEGA Mochaccino.jpg
[2014/01/13 14:06:28 | 000,212,886 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\OMEGA Mochaccino.pdf
[2014/01/08 15:15:05 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\RISA-3D 9.1.lnk

========== Files Created - No Company Name ==========

[2014/01/21 15:59:51 | 000,000,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
[2014/01/21 15:59:49 | 000,000,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
[2014/01/21 15:40:56 | 001,236,282 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\AdwCleaner.exe
[2014/01/21 14:32:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/01/21 10:31:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/21 10:31:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/21 10:31:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/21 10:31:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/21 10:31:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/21 07:35:45 | 000,000,512 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\MBR.dat
[2014/01/21 07:26:45 | 000,000,429 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW.ND
[2014/01/21 07:26:45 | 000,000,389 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW.DSN
[2014/01/21 07:26:44 | 099,733,504 | R--- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW
[2014/01/21 07:26:38 | 226,361,344 | R--- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW.TLG
[2014/01/20 16:11:24 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks File Doctor.lnk
[2014/01/20 14:57:56 | 000,080,935 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision4.pdf
[2014/01/20 14:52:48 | 000,080,605 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision3.pdf
[2014/01/20 14:52:13 | 000,080,585 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision2.pdf
[2014/01/20 14:44:49 | 000,080,687 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision.PDF
[2014/01/19 09:02:55 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2014/01/19 08:14:31 | 000,164,416 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\cc_20140119_081425.reg
[2014/01/18 11:09:02 | 000,421,661 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Lavallart.PDF
[2014/01/18 09:28:09 | 000,062,647 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Invoice, Lavallart.pdf
[2014/01/16 10:56:09 | 000,398,770 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Lavallart Truss Reinforcement.pdf
[2014/01/16 08:52:07 | 000,112,900 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\email with digital 2015.jpg
[2014/01/15 13:44:16 | 000,075,906 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Transaction Details - PayPal.pdf
[2014/01/15 09:50:02 | 000,044,544 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Miles stamp, 12-31-15 20%.jpg
[2014/01/15 09:05:41 | 000,029,135 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Kaina Lavallart.r3d
[2014/01/13 14:10:04 | 000,260,247 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\OMEGA Mochaccino.jpg
[2014/01/13 14:06:27 | 000,212,886 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\OMEGA Mochaccino.pdf
[2014/01/10 16:01:04 | 000,000,005 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\WBPU-TTL.DAT
[2014/01/10 16:01:02 | 000,000,180 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\WB.CFG
[2014/01/08 15:15:05 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\RISA-3D 9.1.lnk
[2013/12/23 11:14:32 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/12/11 11:27:36 | 000,024,136 | ---- | C] () -- C:\Windows\System32\ppmon.exe
[2013/12/11 11:27:36 | 000,012,480 | ---- | C] () -- C:\Windows\System32\KL2N.DLL
[2013/12/11 11:27:36 | 000,007,440 | ---- | C] () -- C:\Windows\System32\ppmon.dll
[2013/12/11 11:27:36 | 000,000,001 | ---- | C] () -- C:\Windows\System32\onlylana.dat
[2013/12/11 11:27:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\tcpipsvr.dat
[2013/05/19 14:47:13 | 000,000,123 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\mbam.context.scan
[2012/08/20 00:18:30 | 000,602,112 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2012/06/28 10:05:30 | 000,678,912 | R--- | C] () -- C:\Windows\System32\Bluebeam Javascript Library.dll
[2012/06/28 10:04:46 | 000,246,272 | R--- | C] () -- C:\Windows\System32\Bluebeam JPX Library.dll
[2012/06/28 10:04:42 | 012,828,672 | R--- | C] () -- C:\Windows\System32\BGP905A.dll
[2012/03/21 14:20:01 | 000,007,609 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\AppData\Local\Resmon.ResmonCfg
[2012/03/16 21:56:36 | 000,047,104 | ---- | C] () -- C:\Windows\System32\AntUsbCIv2.dll
[2012/03/09 08:34:08 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/05/30 19:05:45 | 000,000,850 | RHS- | C] () -- C:\Users\mlovelace.lovelaceeng\ntuser.pol
[2010/12/15 10:54:05 | 000,000,336 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\EC_StartupLog.INI
[2010/12/14 13:25:39 | 000,000,000 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\AppData\Local\WavXMapDrive.bat
[2010/12/14 09:58:08 | 000,047,954 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/10 14:59:16 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Autodesk
[2014/01/19 06:27:21 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\BackupTrans
[2010/12/14 13:25:54 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Broadcom
[2012/09/27 13:14:29 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\com.Shutterfly.ExpressUploader
[2014/01/19 06:19:38 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\DigitalSites
[2012/05/25 08:51:56 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\DVDVideoSoft
[2013/02/27 12:52:03 | 000,000,000 | -H-D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\F13B5D67
[2011/09/28 08:08:08 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\FrostWire
[2012/08/10 13:30:37 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\GARMIN
[2014/01/21 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\GlarySoft
[2014/01/19 06:30:55 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Motorola
[2012/05/24 10:21:03 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Motorola Mobility
[2012/04/19 12:19:38 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Puyzwo
[2012/04/18 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\TeamViewer
[2010/12/14 13:25:54 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Wave Systems Corp
[2012/04/28 07:55:09 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Windows Search
[2011/05/30 15:49:10 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Windows Small Business Server
[2013/01/22 10:10:49 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Ybize

========== Purity Check ==========

< End of report >

#19
godawgs

Posted 25 January 2014 - 03:36 PM

Teacher

Retired Staff
8,228 posts

The OTL fixes log shows it was run correctly. The MalwareBytes log shows it quarantined the item it found. I can't see where the IE popup is comming from so let's get a fresh OTL log and a new scan.

Step-1.

Run RogueKiller

NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here

Click here to go to the RogueKiller download page.
Click the Build 32 bits (x86): download button and save the RogueKiller.exe file to the desktop.

Quit all programs and close all browsers.
Right click the RogueKiller icon and click Run as Administrator to run the program.
NOTE: If this is the first time you have used the program you will need to accept the User Agreement.
Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
Click on Scan
Wait for the end of the scan.
Please don't delete anything at this time.
The report has been created on the desktop.

Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Step-2.

Run OTL again and click the Posted Image

button. Post the log it produces in your next reply.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The RKreport.txt log
2. the OTL.txt log

#20
pattyL

Posted 27 January 2014 - 10:32 AM

Member

Topic Starter
Member
35 posts

Logs:
RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : mlovelace [Admin rights]
Mode : Scan -- Date : 01/27/2014 08:19:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6ACC1E4B)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76630E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x7663468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x7663469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x766346AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x762D46E9)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76630E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x7663468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x7663469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x766346AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x762D46E9)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD322GJ ATA Device +++++
--- User ---
[MBR] d231802144f15999e70ee44ac0e0ac2b
[BSP] 976833c91be82e3a47ff2464d98af4e2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 750 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1617920 | Size: 304454 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01272014_081943.txt >>

OTL logfile created on: 1/27/2014 8:22:55 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mlovelace.lovelaceeng\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 27.84% Memory free
6.49 Gb Paging File | 4.06 Gb Available in Paging File | 62.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.32 Gb Total Space | 81.00 Gb Free Space | 27.24% Space Free | Partition Type: NTFS
Drive D: | 353.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MLOVELACE-PC | User Name: mlovelace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/27 08:16:27 | 003,792,384 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\RogueKiller.exe
PRC - [2014/01/21 15:59:28 | 000,203,088 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2014/01/21 15:59:01 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2014/01/19 14:33:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mlovelace.lovelaceeng\Downloads\OTL.exe
PRC - [2014/01/19 06:26:12 | 000,840,072 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_38_ActiveX.exe
PRC - [2013/12/13 07:51:13 | 000,309,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/09/06 20:53:00 | 020,394,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
PRC - [2013/09/06 19:59:50 | 015,997,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2013/05/17 15:16:22 | 001,179,464 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
PRC - [2013/05/17 14:30:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2013/02/15 17:23:34 | 014,731,776 | ---- | M] (GARMIN Corp.) -- C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
PRC - [2012/11/22 18:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/20 00:18:20 | 007,065,224 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
PRC - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 11:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/11/09 10:59:18 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/21 14:01:38 | 000,147,840 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/06/22 09:33:38 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010/04/27 22:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe
PRC - [2010/03/29 10:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2010/03/29 10:45:46 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
PRC - [2009/12/08 18:41:40 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/12/08 18:41:40 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/03/20 02:34:54 | 000,705,824 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/21 15:30:49 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\071856a2fade2421a4b3440ce7e5810c\stdole.ni.dll
MOD - [2014/01/21 15:10:38 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2014/01/21 15:09:47 | 007,350,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Bluebeam.Utilities\3ad55f7a4b88ccbd1f071f765c1bcb3a\Bluebeam.Utilities.ni.dll
MOD - [2014/01/21 15:07:45 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll
MOD - [2014/01/21 15:07:40 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2014/01/21 15:07:36 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2014/01/21 15:07:28 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\40b43527d6fdbeb6e905a7b6123f3a42\System.Web.ni.dll
MOD - [2014/01/21 15:07:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dd8f4efb7e81c75fe444a180f6f1aacf\System.Runtime.Remoting.ni.dll
MOD - [2014/01/21 15:07:13 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e46ace9f4b8da0416c9ed58e21f7dd7a\PresentationFramework.ni.dll
MOD - [2014/01/21 15:07:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2014/01/21 15:06:54 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2014/01/21 15:06:52 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f4a3d09bd38a742ccfe4a20a126fff5\UIAutomationProvider.ni.dll
MOD - [2014/01/21 15:06:51 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ed6acb87c49ee9b5716f19753bcc0205\PresentationCore.ni.dll
MOD - [2014/01/21 15:06:41 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2014/01/21 15:06:36 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2014/01/21 15:06:33 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2014/01/21 15:06:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2014/01/21 15:06:25 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2014/01/11 02:29:21 | 000,399,640 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
MOD - [2014/01/11 02:29:17 | 004,055,320 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 02:28:15 | 000,715,544 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 02:28:14 | 000,100,120 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 02:28:11 | 001,634,584 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/05/17 16:17:10 | 000,098,632 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\Webification.DLL
MOD - [2013/05/17 15:17:02 | 000,101,704 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\ReportBridge.DLL
MOD - [2013/05/17 15:16:54 | 000,126,792 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll
MOD - [2013/05/17 15:16:52 | 000,021,320 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.DLL
MOD - [2013/05/17 15:16:50 | 000,070,472 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QB2WPFBridge.dll
MOD - [2013/05/17 15:16:44 | 000,093,512 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\IPDWidgetInterop.dll
MOD - [2013/05/17 15:16:44 | 000,042,824 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll
MOD - [2013/05/17 15:16:42 | 000,070,984 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\IPDWidgetBridge.DLL
MOD - [2013/05/17 15:16:40 | 000,058,184 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\htmlhelper.dll
MOD - [2013/05/17 15:16:30 | 000,269,128 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
MOD - [2013/05/17 15:16:30 | 000,176,968 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2013/05/17 15:16:28 | 000,348,488 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll
MOD - [2013/02/14 15:46:50 | 001,044,048 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2012/08/20 00:18:20 | 007,065,224 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
MOD - [2012/08/20 00:17:50 | 000,310,272 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\swscale-2.dll
MOD - [2012/08/20 00:17:48 | 002,535,936 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\avformat-54.dll
MOD - [2012/08/20 00:17:48 | 000,142,848 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\avutil-51.dll
MOD - [2012/08/20 00:17:46 | 013,766,656 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\avcodec-54.dll
MOD - [2012/08/20 00:17:42 | 000,684,032 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\libexpat.dll
MOD - [2012/08/20 00:17:40 | 000,466,975 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\sqlite3.dll
MOD - [2011/06/29 02:05:04 | 000,448,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\office.dll
MOD - [2011/06/29 02:05:03 | 000,004,608 | ---- | M] () -- C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll
MOD - [2010/12/14 13:29:03 | 000,972,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2010/12/14 13:28:59 | 001,550,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Excel\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
MOD - [2010/12/08 16:59:26 | 000,046,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.460.18066__f25c74fcad379103\Status Lib.dll
MOD - [2010/12/08 16:59:26 | 000,014,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.460.18065__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2010/12/08 16:54:26 | 001,703,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:26 | 000,692,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3609.23327__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:26 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3609.23357__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:26 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3609.23260__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:26 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3609.23341__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:26 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3609.23281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:26 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3609.23336__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:26 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3609.23316__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3609.23270__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3609.23385__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,749,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3609.23337__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3609.23317__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3609.23331__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:25 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3609.23302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3609.23282__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3609.23308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3609.23322__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/12/08 16:54:25 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3609.23368__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3609.23269__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3609.23358__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/12/08 16:54:25 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3609.23321__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3609.23306__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3609.23313__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3609.23286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3609.23307__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3609.23315__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3589.25834__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/12/08 16:54:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3589.25817__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/12/08 16:54:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3589.25847__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/12/08 16:54:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3589.25854__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/12/08 16:54:25 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3609.23390__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2010/12/08 16:54:24 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3589.25814__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3589.25796__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/12/08 16:54:24 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3589.25859__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3589.25948__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3589.25848__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3589.25945__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3589.25846__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3589.25888__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/12/08 16:54:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3609.23363__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/12/08 16:54:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3589.25905__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3589.25831__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3589.25857__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3589.25791__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/12/08 16:54:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3589.25794__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/12/08 16:54:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3589.26042__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/12/08 16:54:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3589.25893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3589.25912__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3589.25825__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3589.25822__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3589.25862__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010/12/08 16:54:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3589.25829__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3589.25810__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3589.25907__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3589.25838__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3589.25858__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3589.25837__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3589.25917__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3589.25832__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3589.25896__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3589.25844__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3589.25836__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3589.25951__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3589.25922__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3589.25916__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/12/08 16:54:24 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/12/08 16:54:24 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/12/08 16:54:23 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3609.23265__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/12/08 16:54:23 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3609.23275__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/12/08 16:54:23 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3609.23351__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/12/08 16:54:23 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3609.23350__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/12/08 16:54:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3609.23257__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/12/08 16:54:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3609.23255__90ba9c70f846762e\APM.Server.dll
MOD - [2010/12/08 16:54:23 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3609.23259__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/12/08 16:54:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3589.25849__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/12/08 16:54:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3609.23256__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/12/08 16:54:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3589.25806__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/12/08 16:54:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3589.25826__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/12/08 16:54:23 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3589.25801__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/12/08 16:54:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/12/08 16:54:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3589.25839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/12/08 16:54:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3589.25819__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/12/08 16:54:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3589.25856__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/12/08 16:54:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3589.25851__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/12/08 16:54:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3589.25865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/12/08 16:54:23 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3609.23351__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/09/02 23:29:14 | 000,678,384 | ---- | M] () -- C:\Program Files\Roxio\OEM\Roxio Burn\RBVirtualFolder.dll
MOD - [2010/03/02 10:46:38 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2010/01/19 10:44:30 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2008/11/18 11:25:08 | 000,016,384 | R--- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/11/12 11:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
MOD - [2005/07/19 22:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll

========== Services (SafeList) ==========

SRV - [2014/01/21 15:59:28 | 000,203,088 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2014/01/21 15:59:01 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/01/19 06:26:15 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 20:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/17 14:30:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/28 08:27:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/11/09 10:59:18 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/19 03:00:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/03 23:15:22 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/09/03 23:14:26 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/04/27 22:36:44 | 000,679,936 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe -- (QuickBooksDB21)
SRV - [2010/03/29 10:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/02/03 15:24:20 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/12/08 18:41:40 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/11/12 11:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\USBKey.sys -- (usbkey)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)
DRV - [2014/01/27 08:17:53 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC1CC880-0295-41FA-91D2-1543E1E42375}\MpKsl0a39865a.sys -- (MpKsl0a39865a)
DRV - [2014/01/27 08:17:50 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\TrueSight.sys -- (TrueSight)
DRV - [2014/01/21 15:59:04 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/23 06:44:48 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/12/09 13:20:23 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/06/08 11:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/05/13 19:35:22 | 000,035,776 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/04/12 12:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 03:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 03:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 01:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/17 09:42:46 | 000,179,520 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2010/09/17 09:42:46 | 000,064,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010/01/19 10:46:44 | 000,229,888 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/12/08 18:41:40 | 005,140,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/11/16 15:21:24 | 002,748,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService)
DRV - [2009/09/17 07:05:02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2009/09/17 07:05:02 | 000,038,376 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2009/07/13 15:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/20 04:34:56 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/05/11 09:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 12:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9D389CAE-A4CB-4BB7-98F7-241E0E4BCA19}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goggle.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS485
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1: C:\Users\mlovelace.lovelaceeng\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\mlovelace.lovelaceeng\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\Application\32.0.1700.76\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Drive = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\mlovelace.lovelaceeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/01/21 10:43:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: lovelaceeng.com ([server] https in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lovelaceeng.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{931E52D8-6786-4AB7-BD14-CFCE5BC4414C}: DhcpNameServer = 192.168.254.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/10 14:40:01 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/30 08:56:22 | 000,000,000 | ---D | M] - D:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2011/03/30 08:56:21 | 000,000,041 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/27 08:17:14 | 000,000,000 | ---D | C] -- C:\Users\mlovelace.lovelaceeng\Desktop\RK_Quarantine
[2014/01/24 09:49:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/24 09:49:01 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\mlovelace.lovelaceeng\Desktop\JRT.exe
[2014/01/21 15:44:37 | 000,361,185 | ---- | C] (Farbar) -- C:\Users\mlovelace.lovelaceeng\Desktop\FSS.exe
[2014/01/21 10:49:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/21 10:43:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/21 10:31:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/21 10:31:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/21 10:31:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/21 10:31:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/21 10:31:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/21 10:30:07 | 005,172,786 | R--- | C] (Swearware) -- C:\Users\mlovelace.lovelaceeng\Desktop\ComboFix.exe
[2014/01/21 10:12:47 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mlovelace.lovelaceeng\Desktop\tdsskiller.exe
[2014/01/21 10:03:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/21 07:33:32 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\mlovelace.lovelaceeng\Desktop\aswmbr.exe
[2014/01/21 07:28:10 | 000,000,000 | ---D | C] -- C:\Users\mlovelace.lovelaceeng\Desktop\BackupFile
[2014/01/19 08:37:35 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/19 07:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/01/19 07:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/01/18 10:32:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2014/01/15 10:06:30 | 000,000,000 | ---D | C] -- C:\Users\mlovelace.lovelaceeng\Desktop\New folder
[2014/01/10 15:03:48 | 000,000,000 | ---D | C] -- C:\Users\mlovelace.lovelaceeng\AppData\Local\cache
[2014/01/10 15:01:44 | 000,000,000 | ---D | C] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\DigitalSites
[2014/01/08 15:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2014/01/08 15:16:35 | 000,000,000 | ---D | C] -- C:\Users\mlovelace.lovelaceeng\Documents\Downloaded Installations
[2014/01/08 15:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RISA
[2014/01/08 15:14:56 | 000,000,000 | ---D | C] -- C:\RISA

========== Files - Modified Within 30 Days ==========

[2014/01/27 08:17:50 | 000,026,624 | ---- | M] () -- C:\Windows\System32\TrueSight.sys
[2014/01/27 08:16:27 | 003,792,384 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\RogueKiller.exe
[2014/01/27 08:11:00 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/27 08:11:00 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/27 08:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/27 07:51:43 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/27 07:09:00 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2214254689-1862867731-28425037-1155UA.job
[2014/01/26 17:51:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/26 13:09:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2214254689-1862867731-28425037-1155Core.job
[2014/01/24 14:31:44 | 000,664,788 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/24 14:31:44 | 000,122,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/24 14:26:58 | 000,000,000 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\AppData\Local\WavXMapDrive.bat
[2014/01/24 14:26:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/24 14:26:19 | 2615,394,304 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/24 09:49:12 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\mlovelace.lovelaceeng\Desktop\JRT.exe
[2014/01/21 15:59:04 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2014/01/21 15:59:02 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2014/01/21 15:59:01 | 000,085,832 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2014/01/21 15:44:37 | 000,361,185 | ---- | M] (Farbar) -- C:\Users\mlovelace.lovelaceeng\Desktop\FSS.exe
[2014/01/21 15:41:03 | 001,236,282 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\AdwCleaner.exe
[2014/01/21 15:04:46 | 000,554,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/21 10:43:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/01/21 10:30:16 | 005,172,786 | R--- | M] (Swearware) -- C:\Users\mlovelace.lovelaceeng\Desktop\ComboFix.exe
[2014/01/21 10:13:08 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mlovelace.lovelaceeng\Desktop\tdsskiller.exe
[2014/01/21 07:39:49 | 226,361,344 | R--- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW.TLG
[2014/01/21 07:39:49 | 099,733,504 | R--- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW
[2014/01/21 07:39:46 | 000,000,429 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW.ND
[2014/01/21 07:35:45 | 000,000,512 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\MBR.dat
[2014/01/21 07:33:52 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\mlovelace.lovelaceeng\Desktop\aswmbr.exe
[2014/01/21 07:26:45 | 000,000,389 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW.DSN
[2014/01/20 16:11:24 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\QuickBooks File Doctor.lnk
[2014/01/20 16:00:04 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2014/01/20 14:57:56 | 000,080,935 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision4.pdf
[2014/01/20 14:52:48 | 000,080,605 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision3.pdf
[2014/01/20 14:52:13 | 000,080,585 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision2.pdf
[2014/01/20 14:44:49 | 000,080,687 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision.PDF
[2014/01/19 09:02:55 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2014/01/19 08:14:59 | 000,164,416 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\cc_20140119_081425.reg
[2014/01/19 00:01:05 | 000,000,180 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\WB.CFG
[2014/01/19 00:01:04 | 000,000,005 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\WBPU-TTL.DAT
[2014/01/18 11:09:03 | 000,421,661 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Lavallart.PDF
[2014/01/18 09:28:09 | 000,062,647 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Invoice, Lavallart.pdf
[2014/01/16 13:30:09 | 000,002,452 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Google Chrome.lnk
[2014/01/16 10:56:10 | 000,398,770 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Lavallart Truss Reinforcement.pdf
[2014/01/16 08:53:41 | 000,112,900 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\email with digital 2015.jpg
[2014/01/15 13:44:16 | 000,075,906 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Transaction Details - PayPal.pdf
[2014/01/15 09:50:02 | 000,044,544 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Miles stamp, 12-31-15 20%.jpg
[2014/01/15 09:05:41 | 000,029,135 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\Kaina Lavallart.r3d
[2014/01/13 14:10:04 | 000,260,247 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\OMEGA Mochaccino.jpg
[2014/01/13 14:06:28 | 000,212,886 | ---- | M] () -- C:\Users\mlovelace.lovelaceeng\Documents\OMEGA Mochaccino.pdf
[2014/01/08 15:15:05 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\RISA-3D 9.1.lnk

========== Files Created - No Company Name ==========

[2014/01/27 08:17:50 | 000,026,624 | ---- | C] () -- C:\Windows\System32\TrueSight.sys
[2014/01/27 08:06:11 | 003,792,384 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\RogueKiller.exe
[2014/01/21 15:59:51 | 000,000,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
[2014/01/21 15:59:49 | 000,000,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
[2014/01/21 15:40:56 | 001,236,282 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\AdwCleaner.exe
[2014/01/21 14:32:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/01/21 10:31:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/21 10:31:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/21 10:31:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/21 10:31:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/21 10:31:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/21 07:35:45 | 000,000,512 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\MBR.dat
[2014/01/21 07:26:45 | 000,000,429 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW.ND
[2014/01/21 07:26:45 | 000,000,389 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW.DSN
[2014/01/21 07:26:44 | 099,733,504 | R--- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW
[2014/01/21 07:26:38 | 226,361,344 | R--- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Lovelace Engineering, Inc..QBW.TLG
[2014/01/20 16:11:24 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks File Doctor.lnk
[2014/01/20 14:57:56 | 000,080,935 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision4.pdf
[2014/01/20 14:52:48 | 000,080,605 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision3.pdf
[2014/01/20 14:52:13 | 000,080,585 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision2.pdf
[2014/01/20 14:44:49 | 000,080,687 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Clint Precision.PDF
[2014/01/19 09:02:55 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2014/01/19 08:14:31 | 000,164,416 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\cc_20140119_081425.reg
[2014/01/18 11:09:02 | 000,421,661 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Lavallart.PDF
[2014/01/18 09:28:09 | 000,062,647 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Invoice, Lavallart.pdf
[2014/01/16 10:56:09 | 000,398,770 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Lavallart Truss Reinforcement.pdf
[2014/01/16 08:52:07 | 000,112,900 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\email with digital 2015.jpg
[2014/01/15 13:44:16 | 000,075,906 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Transaction Details - PayPal.pdf
[2014/01/15 09:50:02 | 000,044,544 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Desktop\Miles stamp, 12-31-15 20%.jpg
[2014/01/15 09:05:41 | 000,029,135 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\Kaina Lavallart.r3d
[2014/01/13 14:10:04 | 000,260,247 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\OMEGA Mochaccino.jpg
[2014/01/13 14:06:27 | 000,212,886 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\Documents\OMEGA Mochaccino.pdf
[2014/01/10 16:01:04 | 000,000,005 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\WBPU-TTL.DAT
[2014/01/10 16:01:02 | 000,000,180 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\WB.CFG
[2014/01/08 15:15:05 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\RISA-3D 9.1.lnk
[2013/12/23 11:14:32 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/12/11 11:27:36 | 000,024,136 | ---- | C] () -- C:\Windows\System32\ppmon.exe
[2013/12/11 11:27:36 | 000,012,480 | ---- | C] () -- C:\Windows\System32\KL2N.DLL
[2013/12/11 11:27:36 | 000,007,440 | ---- | C] () -- C:\Windows\System32\ppmon.dll
[2013/12/11 11:27:36 | 000,000,001 | ---- | C] () -- C:\Windows\System32\onlylana.dat
[2013/12/11 11:27:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\tcpipsvr.dat
[2013/05/19 14:47:13 | 000,000,123 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\mbam.context.scan
[2012/08/20 00:18:30 | 000,602,112 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2012/06/28 10:05:30 | 000,678,912 | R--- | C] () -- C:\Windows\System32\Bluebeam Javascript Library.dll
[2012/06/28 10:04:46 | 000,246,272 | R--- | C] () -- C:\Windows\System32\Bluebeam JPX Library.dll
[2012/06/28 10:04:42 | 012,828,672 | R--- | C] () -- C:\Windows\System32\BGP905A.dll
[2012/03/21 14:20:01 | 000,007,609 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\AppData\Local\Resmon.ResmonCfg
[2012/03/16 21:56:36 | 000,047,104 | ---- | C] () -- C:\Windows\System32\AntUsbCIv2.dll
[2012/03/09 08:34:08 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/05/30 19:05:45 | 000,000,850 | RHS- | C] () -- C:\Users\mlovelace.lovelaceeng\ntuser.pol
[2010/12/15 10:54:05 | 000,000,336 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\EC_StartupLog.INI
[2010/12/14 13:25:39 | 000,000,000 | ---- | C] () -- C:\Users\mlovelace.lovelaceeng\AppData\Local\WavXMapDrive.bat
[2010/12/14 09:58:08 | 000,047,954 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/10 14:59:16 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Autodesk
[2014/01/19 06:27:21 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\BackupTrans
[2010/12/14 13:25:54 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Broadcom
[2012/09/27 13:14:29 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\com.Shutterfly.ExpressUploader
[2014/01/19 06:19:38 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\DigitalSites
[2012/05/25 08:51:56 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\DVDVideoSoft
[2013/02/27 12:52:03 | 000,000,000 | -H-D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\F13B5D67
[2011/09/28 08:08:08 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\FrostWire
[2012/08/10 13:30:37 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\GARMIN
[2014/01/19 06:30:55 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Motorola
[2012/05/24 10:21:03 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Motorola Mobility
[2012/04/19 12:19:38 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Puyzwo
[2012/04/18 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\TeamViewer
[2010/12/14 13:25:54 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Wave Systems Corp
[2012/04/28 07:55:09 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Windows Search
[2011/05/30 15:49:10 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Windows Small Business Server
[2013/01/22 10:10:49 | 000,000,000 | ---D | M] -- C:\Users\mlovelace.lovelaceeng\AppData\Roaming\Ybize

========== Purity Check ==========

< End of report >

#21
godawgs

Posted 27 January 2014 - 12:29 PM

Teacher

Retired Staff
8,228 posts

Hello,

I think I see the IE pop up. It was always there I just didn't look closely enough at the spelling. :blush:

Actually someone was kind enough to point it out.
Let's remove it and the final bits from the OTL log. Then we'll scan for any programs that need updating. After that is done, if you don't have any other issues, we'll be ready to clean up.

Step-1.

Posted Image

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goggle.com/
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)

:FILES
C:\Users\mlovelace.lovelaceeng\Downloads\ccsetup409 (1).exe
C:\Users\mlovelace.lovelaceeng\Downloads\ccsetup409.exe
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image

on your desktop. To do that:

Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the Posted Image

textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image

button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image

button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

Step-2.

Run Security Check

Download Security Check from here or here and save it to the Desktop.

Right click the SecurityCheck icon and click Run as Administrator to run the application. Allow any UAC warnings.
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if the pop up is gone now.
2. The OTL fixes log
3. The checkup.txt log

#22
pattyL

Posted 27 January 2014 - 12:50 PM

Member

Topic Starter
Member
35 posts

Pop Up is gone!! Yes!

Logs:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
========== FILES ==========
C:\Users\mlovelace.lovelaceeng\Downloads\ccsetup409 (1).exe moved successfully.
C:\Users\mlovelace.lovelaceeng\Downloads\ccsetup409.exe moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\mlovelace.lovelaceeng\Downloads\cmd.bat deleted successfully.
C:\Users\mlovelace.lovelaceeng\Downloads\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
C:\Users\mlovelace.lovelaceeng\Downloads\cmd.bat deleted successfully.
C:\Users\mlovelace.lovelaceeng\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mlovelace
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mlovelace.lovelaceeng
->Temp folder emptied: 58653461 bytes
->Temporary Internet Files folder emptied: 25264417 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 60643888 bytes
->Flash cache emptied: 1242 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52661 bytes
RecycleBin emptied: 4380160 bytes

Total Files Cleaned = 142.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01272014_103057

Files\Folders moved on Reboot...
C:\Users\mlovelace.lovelaceeng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YOQ1V2L8\page__pid__2370200__st__15[1].htm moved successfully.
C:\Users\mlovelace.lovelaceeng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\mlovelace.lovelaceeng\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
JavaFX 2.1.0
Java 7 Update 45
Java version out of Date!
Google Chrome 31.0.1650.63
Google Chrome 32.0.1700.76
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#23
godawgs

Posted 28 January 2014 - 09:22 AM

Teacher

Retired Staff
8,228 posts

Your Java is out of date so let's update it. Then, if there aren't any further issues we'll be ready to clean up.

Posted Image

JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:

For Firefox, install the NoScript add-on.
For Chrome, install the Script-No add-on.
NOTE: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Java.
Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to update your Java, follow the instructions below:

A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

Download the latest version of the Java Runtime Environment (JRE) Version from Here or Here and save it to your desktop.
Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 7u51
Click the "Download button under the JRE" column.
On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
Under the Java SE Runtime Environment 7u51 heading:
To install the version for your system:
- For Windows 32 bit systems, look for Windows x86 Offline 27.79MB, click the jre-7u51-windows-i586.exe file and save it to your desktop. Do Not run it from the Java site.
Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java

Click Start > Control Panel > Add/Remove Programs. The list of installed programs will populate.
Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
The versions I see on the computer are:
- Java 7 Update 45
Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

C.
Install the latest JAVA

Back on your desktop:

Right click the jre-7u51-Windows-i586.exe file and click Run as Administrator and OK the UAC prompt to install the newest version.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. It's on the Update tab in Java in the Control Panel. NOTE: 64bit versions of Windows will not have the Update tab.

[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you have any further issues.

#24
pattyL

Posted 28 January 2014 - 01:33 PM

Member

Topic Starter
Member
35 posts

godawgs, everything seems to be running smoothly, thanks so much!

I deleted old Java stuff and installed the newest version with automatic updates. Then I disabled it in both browsers that I use, IE and Chrome. I put the add-on in Chrome to allow me to have certain sites use Java, that need it.

Thanks again, Miles

#25
godawgs

Posted 28 January 2014 - 11:25 PM

Teacher

Retired Staff
8,228 posts

You are very welcome.

OK! Well done. :thumbsup:

Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Step-1.

Uninstall ESET

1. Please click the Start Orb

, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

ESET

3. Right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\ESET

2. Close Windows Explorer.

Step-2.

Uninstall AdwCleaner

Re-open AdwCleaner

Click the Uninstall button
Confirm with yes

Step-3.

Uninstall ComboFix

Click the Start Orb and click Run. This will display the Run dialogue box .
In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
Follow the prompts on the screen.
A message should appear confirming that ComboFix was uninstalled

Step-4.

OTL Cleanup

1. Please re-open Posted Image

on your desktop.

Be sure all other programs are closed as this step will require a reboot.
Click on
You will be prompted to reboot your system. Please do so.

The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-5.

Delete the following Files and Folders (If Present):

MBR.dat
JRT.exe
JRT.txt
esetsmartinstaller_enu.exe If you used Firefox for the ESET scan.
SecurityCheck.exe
checkup.txt

Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-6.

Reset Hidden Files and Folders

1. Click the Start Orb and click Computer.
2. In the Menu bar at the top click the Tools menu and click Folder Oprtions...
3. On the Folder Options window click the View tab.
4. In the Advanced settings: box, Under Hidden files and folders, click the Do not show hidden files and folders button.
5. Click the Hide protected operating system files (Recommended) box.
6. Click Apply and then OK

Step-7.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Click the Start Orb. Click Control Panel. Click System and Maintenance
Click System
In the left column under Tasks, click Advance System Settings and accept the warning if you get one
Click the System Protection Tab
Windows Vista: In the Available Disks box put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?
Windows 7/8: In the Protection Settings section, make sure the protection for the System drive is ON. If it isn't, click the Configure button and turn it on.

Note: It may take some time for the system to populate the Available Disks box, so be patient.
Click the Create button at the bottom
Type in a name for the restore point, i.e: Clean
Click Create
A small System Protection window will come up telling you a Restore Point is being created.
Another System Protection window will come up telling you the Restore Point has been created, click OK
Click OK again.
Close the Control Panel

Now we can purge the old Restore Points

Click Start(Windows 7 Orb), click Run (or press the Windows key and R together) to bring up the Run box.
Copy and Paste the following in the Run box:
```
cleanmgr
```
Click OK
A Disk Cleanup Options popup will open
Click Files from all users on this computer

A Drive Selection popup will open
NOTE: You will not see this window unless you have more than one drive or partition on your computer.

If you chose Files from all users on this computer above, then click on Continue for UAC prompt.
Select the system drive, C:\ and click OK.
For a few moments the system will make some calculations
The Disk Cleanup Window will open:
Click the More Options tab.
NOTE: If there isn't a More Options tab then click the Clean up system files button at the bottom of the window. Disk Cleanup will reload and the More Options button should be visible.
Click the Clean up button under the System Restore and Shadow Copies section. (See screenshot below)
In the Disk Cleanup dialog box, click Delete (See screenshot below).
You will get a Disk Cleanup confirmation (See screenshot below)
Click Delete Files, and then click OK.

Preventing Re-Infection

Below, I have included a number of recommendations for how to protect your computer against future malware infections.

SPECIAL NOTICE

“CryptoLocker” is the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts the files on your computer until you pay a ransom. Some variants encrypt you personal files(MP3s, photos, doc files,ect;). But ither variants encrypy virtually every file, including system files. According to reports from security firms, CryptoLocker is most often spread through booby-trapped email attachments, but the malware also can be deployed by hacked and malicious Web sites by exploiting outdated browser plugins.
Unfortunately, there isn't a way to recover the files short of paying the ransom because the encryption uses 2048-bit RSA keys that would take like a quadrillion years to decrypt.
We haven't seen a lot of the CryptoLocker ransomeware in the wild yet, but if enough people pay the ransom to get their files back it will become more prevelant. You can read more about the CryptoLocker ransomware here

Fortunately there is a program that will help prevent this type of ransomeware and other malware. You should download it and install it now.
Click here to go to the CryptoPrevent web page. You can read about the program. There are also a couple of videos toward the end of the page that show the program in action.
Scroll to the bottom of the page and click the Download "CryptoPrevent Installer" button and download the file to the desktop. Close the browser and all open programs.

Right click the CryptoPreventSetup.exe file and click Run as Administrator and OK ant UAC prompts to install the program.
Next, Right click the Cryptoprevent icon on the desktop and click Run as Administrator and OK any UAC prompt to run the program.

Posted Image

When the program opens make sure all boxes are checked and then click the Block button to apply the protection.

NOTE: I don't think the free version has an update tab so you will need to check the web site from time to time to check for newer versions of the program. Or you can pay a one time fee of $15 and get the Premium Edition which includes an automatic updating function.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable.
Please either enable Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Vista and Windows 7 Users:
1. Click Start> All Programs, from the list find Windows Update and click it.

:Turn On Automatic Updates:

Vista and Windows 7
1. Click Start> Control Panel. Click Security. Under Windows Update, Click Turn automatic on or off.
2. On the next page, under Important Updates, Click the Drop down arrow on the right side of the box and Click Install Updates Automatically(recommended).
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your task bar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:

For Firefox, install the NoScript add-on.
For Chrome, install the Script-No add-on.
NOTE: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Java.
Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to keep Java

Click the Start button
Click Control Panel
Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
Click the Update tab
Click Update Now
Allow any updates to be downloaded and installed

: Keep Adobe Reader Updated :

Open Adobe Reader
Click Help on the menu at the top
Click Check for Updates
Allow any updates to be downloaded and installed

NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

NOTE: Many installers offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

This webpage is worth bookmarking/reading for future reference:
Securing Your Web Browser

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.

NoScript - for blocking ads and other potential website attacks
WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

:Install the MVPs Hosts File:

MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

NOTE: Please read all of the information on the MVP Hosts page before you install the HOSTS file. This file may result in some of the web sites you visit not working as expected or not at all. There are work arounds for this but you will need to read about them on the web page. If you install the MVP HOSTS file and decide you don't want it you can replace it with the HOSTS file that you were using before. The web page has directions for this.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========

Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.

It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========

TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.

========BACKUPS================

Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
Tweaking.com's Registry Backup - Download the installer for Registry Backup from the link below and save it to the desktop :
Link
Click one of the Download buttons under Installer
A tutorial for Registry Backup explaining the various features can be viewed here

========Keep Installed Programs Up to Date========
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I get infected in the first place? by Mr. Tony Cline

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

IF I have helped you and you want to say "thanks", you can do that by clicking the Rep+ button at the bottom right of this post.

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:

godawgs

#26
pattyL

Posted 29 January 2014 - 01:43 PM

Member

Topic Starter
Member
35 posts

got it and thanks again!

#27
godawgs

Posted 30 January 2014 - 10:12 AM

Teacher

Retired Staff
8,228 posts

If you need us in the future just give us a shout. :geek:

#28
godawgs

Posted 30 January 2014 - 10:12 AM

Teacher

Retired Staff
8,228 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.