1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Disk health - "ERROR"

Discussion in 'Virus & Other Malware Removal' started by white_tigress, Feb 18, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. white_tigress

    white_tigress Thread Starter

    Joined:
    Apr 6, 2011
    Messages:
    65
    My computer has gotten extremely slow during downloads. It took me an entire day to download a 1/2 hour program and then I was unable to open it. I did a virus scan and found nothing. I ran CCleaner but found no change after.

    I then ran Defraggler and next to Disk Health, it said 'ERROR'.

    Please help me.


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, Intel64 Family 6 Model 15 Stepping 11
    Processor Count: 2
    RAM: 3054 Mb
    Graphics Card: NVIDIA Quadro NVS 140M, 128 Mb
    Hard Drives: C: Total - 95293 MB, Free - 57849 MB;
    Motherboard: LENOVO, 6457W7X
    Antivirus: Trend Micro Titanium Internet Security 2012, Updated: Yes, On-Demand Scanner: Enabled

    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-18 13:39:59
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9100821AS rev.3.CME 93.16GB
    Running: rov5s9g1.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2124] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_http_auth_create_response + 294 000000006ab32076 4 bytes [24, D9, B9, 68]
    .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2124] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_mp4_read_dec_config_descr + 435 000000006ab37283 4 bytes [74, 4C, 09, 66]
    .text C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2124] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_nut_add_sp + 70 000000006ab751a6 4 bytes [20, EF, B9, 68]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076441465 2 bytes [44, 76]
    .text c:\PROGRA~2\mcafee\SITEAD~1\saui.exe[4068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764414bb 2 bytes [44, 76]
    .text ... * 2
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007747f991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007747f99b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007747fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007747fa17 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007747fb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007747fb2f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007747fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007747fbdf 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007747fc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007747fc0f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007747fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007747fc27 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007747fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007747fc3f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007747fc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007747fc6f 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007747fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007747fcef 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007747fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007747fd07 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007747fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007747fd53 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007747fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007747fdb7 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007747fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007747fe4b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007747ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007747ff93 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077480099 8 bytes {MOV EDX, 0x90028; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000774800a3 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077480781 8 bytes {MOV EDX, 0x90268; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007748078b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077480ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077481007 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007748105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077481067 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000774810a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000774810af 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007748111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077481127 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077481321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 000000007748132b 1 byte [90]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007634103d 5 bytes JMP 0000000100010030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076341072 5 bytes JMP 0000000100010070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 0000000076a7119f 5 bytes JMP 0000000100020030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 0000000076a711cf 5 bytes JMP 0000000100020070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000075fe4de0 5 bytes JMP 00000001001603b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000075fe4f70 5 bytes JMP 00000001001605f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetBkMode 0000000075fe51a2 5 bytes JMP 00000001001608f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetTextColor 0000000075fe522d 5 bytes JMP 0000000100160a30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000075fe5689 5 bytes JMP 00000001001601b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000075fe58b3 5 bytes JMP 0000000100160170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000075fe6bad 5 bytes JMP 0000000100160370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000075fe6e05 5 bytes JMP 0000000100160570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000075fe6ead 5 bytes JMP 0000000100160530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000075fe7180 5 bytes JMP 00000001001606b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000075fe7435 5 bytes JMP 0000000100160770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000075fe7bcc 5 bytes JMP 00000001001600b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000075fe7dc4 5 bytes JMP 00000001001603f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000075fe7fd5 5 bytes JMP 0000000100160d70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 0000000075fe82b2 5 bytes JMP 0000000100160e30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000075fe8401 5 bytes JMP 00000001001609f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 0000000075fe879f 5 bytes JMP 00000001001602f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000075fe8916 5 bytes JMP 00000001001605b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000075fe8b7a 5 bytes JMP 0000000100160970
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000075fe8ee6 5 bytes JMP 0000000100160470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000075fe9875 5 bytes JMP 0000000100160c70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000075fe9936 5 bytes JMP 0000000100160d30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!Rectangle 0000000075fea53a 5 bytes JMP 00000001001609b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetClipBox 0000000075feaf9f 5 bytes JMP 0000000100160330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!LineTo 0000000075feb9e5 5 bytes JMP 0000000100160430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetICMMode 0000000075febd55 5 bytes JMP 0000000100160db0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!CreateICW 0000000075fec040 5 bytes JMP 0000000100160130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 0000000075fec107 5 bytes JMP 0000000100160670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 0000000075fec269 5 bytes JMP 00000001001606f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 0000000075fed1f1 5 bytes JMP 0000000100160df0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 0000000075fed349 5 bytes JMP 0000000100160630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 0000000075fedce4 5 bytes JMP 0000000100160930
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000075fee743 5 bytes JMP 00000001001600f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!ExtEscape 0000000075ff03b7 5 bytes JMP 00000001001602b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!Escape 0000000075ff1bda 5 bytes JMP 0000000100160270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000075ff1e89 5 bytes JMP 0000000100160cf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 0000000075ff4843 5 bytes JMP 0000000100160b30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000075ff5690 5 bytes JMP 0000000100160b70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!EndPage 0000000075ff6bde 5 bytes JMP 0000000100160230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!ResetDCW 0000000075ffe2db 5 bytes JMP 0000000100160ab0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 000000007600940d 5 bytes JMP 0000000100160cb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 000000007600c621 5 bytes JMP 0000000100160bb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 000000007600d2b2 5 bytes JMP 0000000100160bf0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 000000007600d919 5 bytes JMP 0000000100160c30
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000076013adc 5 bytes JMP 0000000100160030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000076013f29 5 bytes JMP 00000001001601f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!StartPage 000000007601401a 5 bytes JMP 0000000100160730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000076014c51 5 bytes JMP 00000001001607f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000760153fd 5 bytes JMP 0000000100160830
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000076015454 5 bytes JMP 0000000100160af0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000760154af 5 bytes JMP 0000000100160070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!EndPath 0000000076015506 5 bytes JMP 0000000100160a70
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!StrokePath 000000007601573f 5 bytes JMP 00000001001607b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!FillPath 00000000760157d2 5 bytes JMP 0000000100160870
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000076015c44 5 bytes JMP 00000001001604f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000076015cd5 5 bytes JMP 00000001001604b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000076015d87 5 bytes JMP 00000001001608b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000076698c40 5 bytes JMP 0000000100170570
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076699ebd 5 bytes JMP 00000001001702b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 00000000766a0afa 5 bytes JMP 00000001001702f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000766a0c62 7 bytes JMP 00000001001705b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetParent 00000000766a0f68 7 bytes JMP 00000001001706f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!IsWindowVisible 00000000766a112d 7 bytes JMP 00000001001706b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000766a12a5 5 bytes JMP 00000001001705f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!ScreenToClient 00000000766a227d 7 bytes JMP 0000000100170670
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000766a3150 7 bytes JMP 0000000100170630
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!SetCursor 00000000766a41f6 5 bytes JMP 0000000100170530
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 00000000766a68ef 5 bytes JMP 0000000100170270
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 00000000766a77fa 5 bytes JMP 0000000100170230
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetTopWindow 00000000766a7887 7 bytes JMP 0000000100170730
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000766a8676 5 bytes JMP 00000001001700f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000766a8696 5 bytes JMP 0000000100170330
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000766a8e8d 5 bytes JMP 00000001001700b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!OpenClipboard 00000000766a8ecb 5 bytes JMP 0000000100170070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 00000000766ac17b 5 bytes JMP 0000000100170430
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 00000000766ac449 5 bytes JMP 00000001001701b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 00000000766ac468 5 bytes JMP 00000001001703f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 00000000766ac486 5 bytes JMP 00000001001701f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 00000000766ac4b6 5 bytes JMP 00000001001704b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 00000000766ad6c0 5 bytes JMP 00000001001704f0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 00000000766ae360 5 bytes JMP 0000000100170370
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!SetClipboardData 00000000766d8e57 5 bytes JMP 0000000100170170
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000766d9cfd 5 bytes JMP 0000000100170770
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000766d9f1d 5 bytes JMP 0000000100170030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!EmptyClipboard 00000000766f7cb9 5 bytes JMP 0000000100170130
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000766f8111 5 bytes JMP 0000000100170470
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000766f832f 5 bytes JMP 00000001001703b0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\ole32.dll!OleSetClipboard 00000000764b0045 5 bytes JMP 0000000100190030
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000764b36b2 5 bytes JMP 0000000100190070
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe[3500] C:\Windows\syswow64\ole32.dll!OleGetClipboard 00000000764dfdcd 5 bytes JMP 00000001001900b0
    ? C:\Windows\system32\mssprxy.dll [3352] entry point in ".rdata" section 000000006c3571e6
    .text C:\Users\Owner\Downloads\HijackThis.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076441465 2 bytes [44, 76]
    .text C:\Users\Owner\Downloads\HijackThis.exe[3352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764414bb 2 bytes [44, 76]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\System32\svchost.exe [940:404] 000007fefc30f2f4
    Thread C:\Windows\System32\svchost.exe [940:352] 000007fefc056204
    Thread C:\Windows\System32\svchost.exe [940:1164] 000007fefb142070
    Thread C:\Windows\System32\svchost.exe [940:1188] 000007fefb045428
    Thread C:\Windows\System32\svchost.exe [940:780] 000007fefdbfc608
    Thread C:\Windows\System32\svchost.exe [940:6044] 000007fef5b36b8c
    Thread C:\Windows\System32\svchost.exe [940:6048] 000007fef5b31d88
    Thread C:\Windows\System32\svchost.exe [940:4668] 000007fef9ca5fd0
    Thread C:\Windows\System32\svchost.exe [940:1136] 000007fefb043118
    Thread C:\Windows\system32\svchost.exe [1320:3512] 000007fef3615f1c
    Thread C:\Windows\system32\svchost.exe [1320:5708] 000007fef29d8470
    Thread C:\Windows\system32\svchost.exe [1320:5712] 000007fef29e2418
    Thread C:\Windows\system32\svchost.exe [1320:5844] 000007fef0bcf130
    Thread C:\Windows\system32\svchost.exe [1320:5280] 000007fef0bc4734
    Thread C:\Windows\system32\svchost.exe [1320:4732] 000007fef0bc4734
    Thread C:\Windows\System32\svchost.exe [4280:5492] 000007fef4555170
    Thread C:\Windows\System32\svchost.exe [4280:5180] 000007fef7b99874

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234dee4856
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234dee4856 (not active ControlSet)

    ---- EOF - GMER 2.1 ----

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:21:16 PM, on 2/18/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
    C:\Users\Owner\AppData\Local\Workspace\workspaceupdate.exe
    C:\Users\Owner\AppData\Local\Workspace\wben.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
    C:\Users\Owner\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
    O4 - HKCU\..\Run: [Starfield Updater] "C:\Users\Owner\AppData\Local\Workspace\WorkspaceUpdate.exe"
    O4 - HKCU\..\Run: [wben] "C:\Users\Owner\AppData\Local\Workspace\wben.exe"
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe -update plugin
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
    O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: File Backup Service (File Backup) - Starfield Technologies - C:\Program Files (x86)\Workspace\offSyncService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

    --
    End of file - 10784 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.5.1
    Run by Owner at 13:47:47 on 2013-02-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3054.1522 [GMT -8:00]
    .
    AV: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
    SP: Trend Micro Titanium Internet Security 2012 *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Workspace\offSyncService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rpcnet.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
    C:\Users\Owner\AppData\Local\Workspace\workspaceupdate.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Users\Owner\AppData\Local\Workspace\wben.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Users\Owner\Downloads\HijackThis.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.ca/
    mWinlogon: Userinit = userinit.exe
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
    uRun: [Starfield Updater] "C:\Users\Owner\AppData\Local\Workspace\WorkspaceUpdate.exe"
    uRun: [wben] "C:\Users\Owner\AppData\Local\Workspace\wben.exe"
    uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe -update plugin
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
    TCP: NameServer = 64.59.144.17 64.59.150.133
    TCP: Interfaces\{C55BE79D-937C-4F91-9217-60F73F7CF140} : DHCPNameServer = 64.59.144.17 64.59.150.133
    TCP: Interfaces\{C55BE79D-937C-4F91-9217-60F73F7CF140}\836464142364 : DHCPNameServer = 64.59.144.18 64.59.144.19 64.59.150.133
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Run: [nwiz] nwiz.exe /install
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll
    x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/search.aspx?s=D2Gb&q=
    FF - prefs.js: browser.search.selectedEngine - Speedbit Search
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/search.aspx?s=D2Gb&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]\plugins\npLMI64.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]\plugins\npRACtrl.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npoff.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npoff.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npoff64.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npoff64.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npwbe.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npwbe.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npwbe64.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npwbe64.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-5-18 77184]
    R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-5-18 275912]
    R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2012-10-5 1181408]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-5-11 375728]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-4-2 15928]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-5-18 72216]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-9-13 103472]
    R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-5-18 578264]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2006-12-21 300032]
    R3 LenovoRd;LenovoRd;C:\Windows\System32\drivers\LenovoRd.sys [2009-5-11 118016]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2012-5-18 67344]
    R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2012-5-18 210704]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
    S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-8-10 155320]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-18 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-02-18 06:16:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\PC Utility Kit
    2013-02-18 06:16:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\DriverCure
    2013-02-18 06:16:20 -------- d-----w- C:\Program Files (x86)\Common Files\PC Utility Kit
    2013-02-18 06:16:18 -------- d-----w- C:\ProgramData\PC Utility Kit
    2013-02-18 06:16:18 -------- d-----w- C:\Program Files (x86)\PC Utility Kit
    2013-02-17 01:47:20 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
    2013-02-16 21:34:40 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
    2013-02-16 16:28:02 -------- d-----w- C:\Users\Owner\AppData\Roaming\EQATEC Analytics
    2013-02-16 16:27:07 -------- d-----w- C:\ProgramData\SpeedBit
    2013-02-16 16:27:03 -------- d-----w- C:\Program Files (x86)\DAP
    2013-02-16 16:26:14 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedBit
    2013-02-16 06:23:24 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2013-02-16 06:22:58 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2013-02-16 06:22:47 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2013-02-16 06:22:39 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2013-02-15 06:54:50 -------- d-----w- C:\Program Files (x86)\MediaCrawler
    2013-02-15 06:48:58 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-15 06:48:58 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 07:07:55 -------- d-----w- C:\Users\Owner\AppData\Roaming\GoforFiles
    2013-02-14 05:29:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    2013-02-14 05:29:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
    2013-02-14 05:29:59 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
    2013-02-14 05:29:56 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2013-02-13 00:55:42 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-02-13 00:55:41 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-02-13 00:55:40 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-02-13 00:55:27 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-02-13 00:55:24 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-02-13 00:55:24 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-02-13 00:55:23 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-02-13 00:55:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-02-13 00:55:23 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-02-13 00:55:21 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-02-13 00:55:17 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-02-13 00:55:17 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-02-12 11:06:52 91264 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
    2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2013-01-22 05:04:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    .
    ==================== Find3M ====================
    .
    2013-02-18 20:02:38 17408 ----a-w- C:\Windows\System32\rpcnetp.exe
    2013-02-16 22:30:57 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
    2013-02-07 23:25:13 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-07 23:25:13 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-12 11:30:18 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    .
    ============= FINISH: 13:48:12.25 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/17/2012 5:30:19 PM
    System Uptime: 2/18/2013 2:12:06 AM (11 hours ago)
    .
    Motherboard: LENOVO | | 6457W7X
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | None | 2201/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 93 GiB total, 56.484 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP78: 2/16/2013 10:19:47 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 9.20
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.5)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Canon Easy-PhotoPrint EX
    Canon Easy-PhotoPrint Pro
    Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
    Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
    Canon Easy-WebPrint EX
    Canon MG6200 series MP Drivers
    Canon MG6200 series On-screen Manual
    Canon MP Navigator EX 5.0
    Canon My Printer
    Canon Solution Menu EX
    CCleaner
    Defraggler
    Java 7 Update 11
    Java 7 Update 7 (64-bit)
    Java Auto Updater
    JavaFX 2.1.1
    LogMeIn
    McAfee Security Scan Plus
    McAfee SiteAdvisor
    MediaCrawler (remove only)
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    NVIDIA Drivers
    Outlook Setup Tool
    Pandora Service
    PC Utility Kit
    PhotoPad Image Editor
    PhotoStage Slideshow Producer
    Pixillion Image Converter
    PVSonyDll
    QuickTime
    SAMSUNG Intelli-studio
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Sony Ericsson Update Engine
    Sony PC Companion 2.10.136
    StudioTax 2011
    The KMPlayer (remove only)
    ThinkPad Modem
    ThinkPad Power Management Driver
    ThinkPad UltraNav Driver
    Trend Micro Titanium
    Trend Micro Titanium Internet Security 2012
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Watchtower Library 2012 - English
    WinWatermark Photo Edition version v12.11.28
    Workspace Desktop
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/16/2013 9:21:50 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    2/16/2013 8:29:57 AM, Error: Service Control Manager [7030] - The VideoAcceleratorService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2/16/2013 1:38:30 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    2/16/2013 1:37:54 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/16/2013 1:37:54 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    2/13/2013 9:48:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2799494).
    2/13/2013 9:48:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2790655).
    2/13/2013 9:48:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2778344).
    2/13/2013 9:48:32 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2797052).
    .
    ==== End Of File ===========================
     
  2. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello white_tigress,

    Welcome to TSG.

    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy & Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
     
  3. white_tigress

    white_tigress Thread Starter

    Joined:
    Apr 6, 2011
    Messages:
    65
    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.19.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Owner :: OWNER-PC [administrator]

    Protection: Enabled

    2/19/2013 10:03:59 AM
    mbam-log-2013-02-19 (10-03-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 225292
    Time elapsed: 2 minute(s), 12 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Owner\Downloads\Super_Callanetics_-_4._Csipogyakorlatok.rar.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.

    (end)
     
  4. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello white_tigress,

    Bit to do in this post.;)

    Download RogueKiller to your desktop

    Note: This is a French tool so don't be surprised when you find the page displays with some French.

    • Quit all running programs
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • Wait until Prescan has finished...
    • Click on Scan

      [​IMG]
    • Wait for the scan to finish.
    • The report is created on your desktop.
    • Click on the Delete button

      [​IMG]
    • The report is created on your desktop.
    • Next click on the ShortcutsFix button.

      [​IMG]
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
    Please post the contents of all the RKreport.txt files from your desktop in your next Reply.

    Next

    Please download AdwCleaner from here to your desktop
    • Click on the green downward facing arrow on the right to commence download.
    • Run AdwCleaner and select Delete

    [​IMG]

    Once done it will ask to reboot, allow this.

    On reboot a log will be produced please post that back here.

    Finally in this post

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
     
  5. white_tigress

    white_tigress Thread Starter

    Joined:
    Apr 6, 2011
    Messages:
    65
    I apologize for the late response but my computer friend took my laptop and checked it out...he found nothing. I still have all the same problems so I'm coming back to you. Thank you so much for your help.


    RogueKiller V8.5.2 _x64_ [Mar 9 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Scan -- Date : 03/10/2013 21:09:44
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST9100821AS ATA Device +++++
    --- User ---
    [MBR] c3adc58aca47cc408af11e5fe4d973b6
    [BSP] f763384531b3da4ec5b64d6abb1c58af : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 95294 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1]_S_03102013_02d2109.txt >>
    RKreport[1]_S_03102013_02d2109.txt

    RogueKiller V8.5.2 _x64_ [Mar 9 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Remove -- Date : 03/10/2013 21:11:06
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST9100821AS ATA Device +++++
    --- User ---
    [MBR] c3adc58aca47cc408af11e5fe4d973b6
    [BSP] f763384531b3da4ec5b64d6abb1c58af : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 95294 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2]_D_03102013_02d2111.txt >>
    RKreport[1]_S_03102013_02d2109.txt ; RKreport[2]_D_03102013_02d2111.txt

    RogueKiller V8.5.2 _x64_ [Mar 9 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Shortcuts HJfix -- Date : 03/10/2013 21:14:00
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 1 / Fail 0
    Quick launch: Success 1 / Fail 0
    Programs: Success 16 / Fail 0
    Start menu: Success 1 / Fail 0
    User folder: Success 99 / Fail 0
    My documents: Success 3 / Fail 3
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 2 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 85 / Fail 0
    Backup: [NOT FOUND]
    Drives:
    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    Finished : << RKreport[3]_SC_03102013_02d2114.txt >>
    RKreport[1]_S_03102013_02d2109.txt ; RKreport[2]_D_03102013_02d2111.txt ; RKreport[3]_SC_03102013_02d2114.txt

    # AdwCleaner v2.114 - Logfile created 03/10/2013 at 21:21:31
    # Updated 05/03/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Owner\Downloads\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\searchplugins\speedbit.xml
    Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\ProgramData\Speedbit
    Folder Deleted : C:\ProgramData\Tarma Installer
    ***** [Registry] *****
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\SpeedBit
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16464
    [OK] Registry is clean.
    -\\ Mozilla Firefox v [Unable to get version]
    File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\prefs.js
    C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\user.js ... Deleted !
    Deleted : user_pref("browser.search.defaultenginename", "Speedbit Search");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.speedbit.com/search.aspx?s=D2Gb&q=");
    Deleted : user_pref("browser.search.order.1", "Speedbit Search");
    Deleted : user_pref("browser.search.selectedEngine", "Speedbit Search");
    Deleted : user_pref("browser.startup.homepage_override_url", "hxxp://search.speedbit.com/?s=D2Gb");
    Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7Bada4b710-8346-4b82-8199[...]
    Deleted : user_pref("extensions.toolbar.mindspark._14Members_.homepage", "hxxp://h.results.ask.com/home/index.[...]
    Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
    Deleted : user_pref("extentions.y2layers.installId", "89f07903-1761-42a2-b27a-37ce3a655281");
    Deleted : user_pref("keyword.URL", "hxxp://search.speedbit.com/search.aspx?s=D2Gb&q=");
    *************************
    AdwCleaner[S1].txt - [4597 octets] - [10/03/2013 21:21:31]
    ########## EOF - C:\AdwCleaner[S1].txt - [4657 octets] ##########

    OTL logfile created on: 3/10/2013 9:33:47 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.98 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 27.27% Memory free
    5.96 Gb Paging File | 2.45 Gb Available in Paging File | 41.09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 93.06 Gb Total Space | 51.05 Gb Free Space | 54.86% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Owner\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
    PRC - C:\Program Files (x86)\ASCOMP Software\BackUp Maker\bkmaker.exe (ASCOMP Software GmbH)
    PRC - C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
    SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\drivers\XAudio64.exe (Conexant Systems, Inc.)
    SRV - (rpcnet) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
    SRV - (File Backup) -- C:\Program Files (x86)\Workspace\offSyncService.exe (Starfield Technologies)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
    SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
    SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
    DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
    DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
    DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
    DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
    DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
    DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
    DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
    DRV:64bit: - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Lenovo)
    DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
    DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
    DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
    DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
    DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
    DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://s.results.ask.com/search/GGm...21819&st=sb&n=77ee8adb&searchfor={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E B2 75 B7 8D 34 CD 01 [binary data]
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://s.results.ask.com/search/GGm...21819&st=sb&n=77ee8adb&searchfor={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.ca/"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
    FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
    FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
    FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension

    [2012/11/12 22:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
    [2012/11/12 22:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2013/03/07 00:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions
    [2012/11/15 19:39:11 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
    [2012/10/06 08:03:45 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
    [2013/02/07 14:30:13 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
    [2012/12/19 11:49:34 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
    [2012/09/09 21:11:30 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
    [2013/03/07 00:17:49 | 000,021,489 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
    [2013/02/13 23:28:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/11/12 22:46:55 | 000,000,000 | ---D | M] (Workspace Email Zoom) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
    [2012/09/13 12:20:20 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

    O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
    O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.17 64.59.150.133
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C55BE79D-937C-4F91-9217-60F73F7CF140}: DhcpNameServer = 64.59.144.17 64.59.150.133
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{579351ad-138d-11e2-bcb2-00234dee4856}\Shell - "" = AutoRun
    O33 - MountPoints2\{579351ad-138d-11e2-bcb2-00234dee4856}\Shell\AutoRun\command - "" = E:\iStudio.exe
    O33 - MountPoints2\{5cdde997-dda8-11e1-8e21-00234dee4856}\Shell - "" = AutoRun
    O33 - MountPoints2\{5cdde997-dda8-11e1-8e21-00234dee4856}\Shell\AutoRun\command - "" = E:\Startme.exe
    O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/10 21:08:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
    [2013/03/10 09:12:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Backup
    [2013/03/10 09:03:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ASCOMP Software
    [2013/03/10 09:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASCOMP Software
    [2013/03/10 09:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASCOMP Software
    [2013/03/09 23:47:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\SyncFolder
    [2013/03/09 23:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JustCloud
    [2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\MFAData
    [2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
    [2013/03/08 00:05:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Avg2013
    [2013/03/05 10:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
    [2013/03/04 22:50:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Usenet.nl
    [2013/03/04 21:16:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate_files
    [2013/03/04 19:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/02/26 11:07:49 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
    [2013/02/26 11:07:49 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
    [2013/02/26 11:07:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
    [2013/02/26 11:07:49 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
    [2013/02/26 11:07:38 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
    [2013/02/26 11:07:38 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
    [2013/02/26 11:07:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/02/26 11:07:30 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/02/26 11:07:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/02/26 11:07:30 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/02/26 11:07:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/02/26 11:07:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/02/26 11:07:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/02/26 11:07:30 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/02/26 11:07:29 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2013/02/26 11:07:29 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2013/02/26 11:07:29 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2013/02/26 11:07:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2013/02/26 11:07:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/02/26 11:07:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/02/26 11:07:28 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2013/02/26 11:07:28 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
    [2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/02/26 11:07:28 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/02/26 11:07:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/02/26 11:07:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/02/26 11:07:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/02/26 11:07:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/02/26 11:07:27 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2013/02/26 11:07:27 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2013/02/26 11:07:27 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2013/02/26 11:07:27 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2013/02/26 11:07:27 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2013/02/26 11:07:27 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2013/02/26 11:07:27 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2013/02/26 11:07:26 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2013/02/26 11:07:26 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2013/02/26 11:07:26 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2013/02/26 11:07:26 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
    [2013/02/26 11:00:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2013/02/26 11:00:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2013/02/26 11:00:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2013/02/26 11:00:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2013/02/26 11:00:31 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
    [2013/02/26 11:00:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2013/02/26 11:00:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2013/02/26 11:00:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2013/02/26 11:00:29 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2013/02/26 11:00:28 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2013/02/26 11:00:28 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2013/02/26 11:00:28 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2013/02/26 11:00:28 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2013/02/26 11:00:28 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
    [2013/02/26 11:00:28 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2013/02/26 11:00:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2013/02/26 11:00:28 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2013/02/26 11:00:28 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2013/02/26 11:00:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2013/02/26 11:00:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2013/02/26 11:00:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2013/02/26 11:00:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2013/02/26 11:00:28 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2013/02/26 11:00:27 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2013/02/26 11:00:27 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2013/02/26 10:55:58 | 000,385,024 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAU.DLL
    [2013/02/26 10:54:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
    [2013/02/26 10:54:22 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
    [2013/02/26 10:54:21 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2013/02/25 16:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/02/25 16:19:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2013/02/25 16:19:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys
    [2013/02/25 10:44:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/02/19 11:03:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2013/02/19 11:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/02/19 11:02:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
    [2013/02/17 23:16:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PC Utility Kit
    [2013/02/17 23:16:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure
    [2013/02/17 23:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Utility Kit
    [2013/02/16 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
    [2013/02/16 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\EQATEC Analytics
    [2013/02/16 09:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2013/02/16 09:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAP
    [2013/02/14 23:59:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Facial_Exercise
    [2013/02/14 23:54:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCrawler
    [2013/02/14 23:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaCrawler
    [2013/02/14 00:07:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\GoforFiles
    [2013/02/13 22:30:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/02/13 22:30:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/02/13 22:30:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/02/13 22:30:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/02/13 22:30:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/02/13 22:30:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/02/13 22:30:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/02/13 22:30:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/02/13 22:30:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/02/13 22:30:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/02/13 22:30:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/02/13 22:30:03 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/02/13 22:30:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/02/13 22:30:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/02/13 22:30:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/02/12 17:55:42 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/02/12 17:55:41 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/02/12 17:55:40 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/02/12 17:55:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013/02/12 17:55:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/02/12 17:55:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/02/12 17:55:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/02/12 17:55:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/02/12 17:55:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/02/12 17:55:17 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
    [2013/02/11 14:03:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\3D
    [1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/03/10 21:37:14 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/03/10 21:37:14 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/03/10 21:25:36 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
    [2013/03/10 21:25:34 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
    [2013/03/10 21:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/03/10 21:25:17 | 2401,996,800 | -HS- | M] () -- C:\hiberfil.sys
    [2013/03/10 21:07:34 | 000,000,231 | ---- | M] () -- C:\Users\Owner\Desktop\Disk health - ERROR - Tech Support Guy Forums.url
    [2013/03/10 20:43:49 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/03/10 20:43:03 | 000,741,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/03/10 20:43:03 | 000,635,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/03/10 20:43:03 | 000,110,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/03/10 09:25:46 | 000,320,075 | ---- | M] () -- C:\Users\Owner\Desktop\100-best-freeware.zip
    [2013/03/10 09:02:51 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\BackUp Maker.lnk
    [2013/03/10 00:56:45 | 396,695,374 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/03/09 23:32:14 | 000,000,071 | R-S- | M] () -- C:\ProgramData\3002.xml
    [2013/03/08 23:40:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
    [2013/03/08 23:40:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
    [2013/03/08 23:17:26 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    [2013/03/08 14:55:32 | 000,147,456 | ---- | M] () -- C:\Users\Owner\Desktop\liberte.pdf
    [2013/03/07 23:55:45 | 000,000,258 | R-S- | M] () -- C:\ProgramData\ntuser.pol
    [2013/03/06 20:05:36 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
    [2013/03/05 10:28:21 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn.lnk
    [2013/03/04 21:16:43 | 000,062,940 | ---- | M] () -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate.htm
    [2013/02/26 20:25:13 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/02/26 20:25:13 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/02/26 18:17:23 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2013/02/26 18:17:08 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2013/02/16 14:34:42 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
    [2013/02/15 22:50:13 | 000,001,340 | ---- | M] () -- C:\Users\Owner\Desktop\Watchtower Library 2012 - English.lnk
    [2013/02/15 22:27:08 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/14 23:54:53 | 000,001,059 | ---- | M] () -- C:\Users\Owner\Desktop\MediaCrawler.lnk
    [2013/02/12 04:06:52 | 000,091,264 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
    [1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/03/10 21:07:33 | 000,000,231 | ---- | C] () -- C:\Users\Owner\Desktop\Disk health - ERROR - Tech Support Guy Forums.url
    [2013/03/10 09:25:44 | 000,320,075 | ---- | C] () -- C:\Users\Owner\Desktop\100-best-freeware.zip
    [2013/03/10 09:02:51 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\BackUp Maker.lnk
    [2013/03/10 00:56:45 | 396,695,374 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/03/08 23:40:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
    [2013/03/08 23:40:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
    [2013/03/08 14:54:53 | 000,147,456 | ---- | C] () -- C:\Users\Owner\Desktop\liberte.pdf
    [2013/03/05 10:28:21 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
    [2013/03/05 10:28:21 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn.lnk
    [2013/03/04 21:16:41 | 000,062,940 | ---- | C] () -- C:\Users\Owner\Desktop\My Favorite Items - My DHgate.htm
    [2013/02/16 14:34:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
    [2013/02/15 22:50:13 | 000,001,340 | ---- | C] () -- C:\Users\Owner\Desktop\Watchtower Library 2012 - English.lnk
    [2013/02/14 23:54:53 | 000,001,059 | ---- | C] () -- C:\Users\Owner\Desktop\MediaCrawler.lnk
    [2013/02/12 04:06:52 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
    [2012/12/20 00:01:21 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.sys.ini
    [2012/08/23 23:10:35 | 000,000,071 | R-S- | C] () -- C:\ProgramData\3002.xml
    [2012/06/06 01:32:02 | 000,011,904 | R-S- | C] () -- C:\ProgramData\3002.abs
    [2012/05/18 10:29:11 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
    [2012/05/17 17:48:18 | 001,514,016 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
    [2012/05/17 17:48:18 | 001,108,512 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
    [2012/05/17 17:24:51 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2012/05/17 17:23:58 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe

    ========== ZeroAccess Check ==========

    [2012/11/10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/03/10 09:03:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ASCOMP Software
    [2012/07/03 22:51:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
    [2013/02/17 23:16:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure
    [2013/02/16 09:28:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EQATEC Analytics
    [2013/02/14 00:08:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GoforFiles
    [2013/02/17 23:16:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PC Utility Kit
    [2012/05/23 11:43:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Watchtower
    [2012/12/20 00:50:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinWatermark

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:56E2E879
    < End of report >

    OTL Extras logfile created on: 3/10/2013 9:33:48 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.98 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 27.27% Memory free
    5.96 Gb Paging File | 2.45 Gb Available in Paging File | 41.09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 93.06 Gb Total Space | 51.05 Gb Free Space | 54.86% Space Free | Partition Type: NTFS

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0068F697-1F6D-477F-8165-EC4902F061B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1DE6629C-4245-436F-8E40-55CD72BEDF82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2039B9F2-B7EA-4789-A401-9D41C3D01D52}" = rport=445 | protocol=6 | dir=out | app=system |
    "{24880FB7-FAD8-4F12-B2DA-B9ABE108EDE4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{32481833-0A08-45F3-A2A9-4A0E2B87C423}" = rport=137 | protocol=17 | dir=out | app=system |
    "{3BC55205-3421-4A8B-88D5-02A8D5386FDA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{58BFF370-F08F-4AE8-9DEC-7CB64B93D57C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{59ED4C1A-C979-4813-9581-4E830A691288}" = lport=137 | protocol=17 | dir=in | app=system |
    "{60C16DB5-E9F9-4207-BA12-030B44B0E747}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6BD3B785-7A12-4746-BD97-60C2A718BB58}" = rport=139 | protocol=6 | dir=out | app=system |
    "{70F8D121-2C2F-4D3B-9C73-7154DBEC4AC7}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{74486334-0BFE-45AD-9AEE-FC9B5836056C}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{81B5CB4E-6839-45BB-969D-0889D4AC651F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{86D620DB-D1FC-40C6-834F-9E4EFA46E915}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{950A17F9-667D-44E3-9FC4-14785087E765}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{9F4EE2E7-A7ED-4486-A400-CA722AF68CDE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BF0F0B39-291A-4969-9520-EAB6F4310AE8}" = lport=445 | protocol=6 | dir=in | app=system |
    "{CB9914AB-9D09-4606-9C72-5DD0ADCED7BA}" = lport=138 | protocol=17 | dir=in | app=system |
    "{CF040E1D-B457-45A9-87A1-913D19EE8FB5}" = rport=138 | protocol=17 | dir=out | app=system |
    "{CFE3A26C-0575-45E3-8FB8-1BC39C72DE20}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{D0965798-B6C7-445F-8F51-1D4FFFA87859}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{EC00B931-B6C9-4B65-AEDB-FD26747AE9FD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FA56E5D6-00CB-46A2-8CA5-287FBC8A684F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{FEDD7667-117F-4613-8B89-4EE1A4227D0A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01463756-5E93-4441-A16D-1717614D16B9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{1973A64C-C5DC-4182-9753-50B71E5E83E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1D374C05-2E8F-4188-8E0F-21F81E831CD3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{202F9D7B-63BC-4BDA-9363-081C4FA7D868}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{21F85D81-F50C-4FBC-82B6-B61BB788CF0A}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
    "{28F45FE8-4E61-4333-A782-585CAFF0F8B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{35923AF9-6273-4202-82C6-1D98D5A14232}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{447033C6-60FE-42DA-8160-0AB2888EBD93}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{4D648C8B-C8B0-4D55-97C6-82C7AFEC7DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{5124D4D7-7168-4FFE-AD56-58FB789C6970}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{52ADD9F3-D0C7-462A-AE43-F554AD8BBDC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{56130748-C7AA-4230-A695-313F2D09EE27}" = protocol=1 | dir=out | [email protected],-28544 |
    "{5B8D4318-8714-4AE1-B808-E59781ADC090}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{6040DF2F-1370-4691-BEF3-651D8DEB88CC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{61A5F57E-4021-4044-A2A2-C17953746A60}" = protocol=58 | dir=out | [email protected],-28546 |
    "{6485024A-5785-4F85-8563-F97DE8C360C9}" = protocol=1 | dir=in | [email protected],-28543 |
    "{8AAAC348-A21E-4B15-A297-57DAC6B534AC}" = protocol=6 | dir=out | app=system |
    "{91BB3225-D7F0-4404-83CE-9DE1B598C644}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{AF1CBBF3-C273-4B9E-A377-C6938F1E8B62}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B484E5A4-D930-4430-AD4F-C684DB081B64}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C1CF7B14-84A5-4188-B719-175CCCF07DB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CB63DC7D-48A3-4B9E-98B1-305F1BF929E0}" = protocol=58 | dir=in | [email protected],-28545 |
    "{D4BED26E-319C-48A2-8153-5E8552E97EB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D94941CD-A3EE-4793-8B21-69B3F571972C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E0769B21-00A0-487A-AEF6-85EAE60B5DC3}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
    "{F93AC200-A434-4947-9D17-377B752DF901}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{3E0D9788-5BFF-4D16-9808-4110CABB35C1}C:\program files (x86)\mediacrawler\mediacrawler.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediacrawler\mediacrawler.exe |
    "TCP Query User{5D9CA340-5D9B-43FB-94F7-5E066B7B903C}C:\program files (x86)\winwatermark photo edition\winwatermark.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winwatermark photo edition\winwatermark.exe |
    "TCP Query User{94A4012D-6942-4B67-86E1-13CFA8126CA0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "UDP Query User{094F9BDD-6DCC-4918-B42B-2DC870F0BF49}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "UDP Query User{1828CCFB-1D67-4B6D-8AB7-5BD81D5E762C}C:\program files (x86)\mediacrawler\mediacrawler.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediacrawler\mediacrawler.exe |
    "UDP Query User{70FB1289-F259-4738-85CE-7B2FE48772A9}C:\program files (x86)\winwatermark photo edition\winwatermark.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winwatermark photo edition\winwatermark.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series" = Canon MG6200 series MP Drivers
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{5E4ADF05-F045-4F82-9E98-422B2FCB944C}" = StudioTax 2011
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
    "Defraggler" = Defraggler
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "Power Management Driver" = Lenovo Power Management Driver
    "SynTPDeinstKey" = ThinkPad UltraNav Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{11B5A3EB-8B76-46A9-A4B7-1C1FF5A3AAFD}" = Watchtower Library 2012 - English
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
    "{2D348C22-692B-4933-82DE-E4FEB5A7A591}_is1" = WinWatermark Photo Edition version v12.11.28
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{EE4CA5AF-4A55-418C-8CB8-74435814207B}" = LogMeIn
    "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.20
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "BackUp Maker_is1" = BackUp Maker
    "Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
    "Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
    "Canon MG6200 series On-screen Manual" = Canon MG6200 series On-screen Manual
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "ExpressBurn" = Express Burn
    "Intelli-studio" = SAMSUNG Intelli-studio
    "MediaCrawler" = MediaCrawler (remove only)
    "MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
    "outlookset" = Outlook Setup Tool
    "PhotoPad" = PhotoPad Image Editor
    "PhotoStage" = PhotoStage Slideshow Producer
    "Pixillion" = Pixillion Image Converter
    "PROR" = Microsoft Office Professional 2007
    "The KMPlayer" = The KMPlayer (remove only)
    "Update Engine" = Sony Ericsson Update Engine

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "workspacedesktop" = Workspace Desktop

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/10/2013 4:06:18 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 33618

    Error - 3/10/2013 4:06:18 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 33618

    Error - 3/10/2013 4:06:34 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/10/2013 4:06:34 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 49467

    Error - 3/10/2013 4:06:34 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 49467

    Error - 3/10/2013 4:06:50 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/10/2013 4:06:50 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 65068

    Error - 3/10/2013 4:06:50 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 65068

    Error - 3/10/2013 11:58:24 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: bac Start
    Time: 01ce1da688c5fcde Termination Time: 3500 Application Path: C:\Program Files
    (x86)\Internet Explorer\iexplore.exe Report Id:

    Error - 3/11/2013 12:27:05 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 2/25/2013 8:53:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/25/2013 8:56:45 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
    Description =

    Error - 2/25/2013 8:58:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/25/2013 8:58:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/25/2013 8:58:15 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/25/2013 9:00:21 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/25/2013 9:00:21 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/25/2013 9:00:21 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/25/2013 9:02:25 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
    Description = The Windows Search service terminated with service-specific error
    %%-1073473535.

    Error - 2/25/2013 9:02:25 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Search service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 30000 milliseconds:
    Restart the service.


    < End of report >
     
  6. white_tigress

    white_tigress Thread Starter

    Joined:
    Apr 6, 2011
    Messages:
    65
    Forgot to add that my computer freezes regularly whether I'm using Firefox or Explorer. I made a fresh post the other day describing all my problems and what I've done. Since my computer is acting up it would be easier if you looked up that post instead of me trying to rewrite as my puter will prob freeze again soon.
     
  7. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello again white_tigress,

    I see Spybot Search and Destroy items there. Please uninstall it as it will likely get in the way of our tools. You can reinstall it later if you want. I also see some items related to AVG although I don't see it running. Please also uninstall any AVG items you have until we are finished.

    Now

    Please run OTL.exe

    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about_:SecurityRisk
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about_:SecurityRisk
      IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://s.results.ask.com/search/GGmain.jhtml?p2=^YK^xdm014^S03853^ca&si=CPWrtufMo7QCFad_QgodqG0AvQ&ptb=D0A9A8F7-2921-40AF-ADF4-E92D10BAFD89&psa=&ind=2012121819&st=sb&n=77ee8adb&searchfor={searchTerms}
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E B2 75 B7 8D 34 CD 01  [binary data]
      IE - HKCU\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://s.results.ask.com/search/GGmain.jhtml?p2=^YK^xdm014^S03853^ca&si=CPWrtufMo7QCFad_QgodqG0AvQ&ptb=D0A9A8F7-2921-40AF-ADF4-E92D10BAFD89&psa=&ind=2012121819&st=sb&n=77ee8adb&searchfor={searchTerms}
      FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
      FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
      FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
      FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Owner\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
      [2013/03/07 00:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions
      [2012/11/15 19:39:11 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
      [2012/10/06 08:03:45 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
      [2013/02/07 14:30:13 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
      [2012/12/19 11:49:34 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
      [2012/09/09 21:11:30 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
      [2013/03/07 00:17:49 | 000,021,489 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
      [2013/02/13 23:28:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
      [2012/11/12 22:46:55 | 000,000,000 | ---D | M] (Workspace Email Zoom) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
      [2012/09/13 12:20:20 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
      O33 - MountPoints2\{579351ad-138d-11e2-bcb2-00234dee4856}\Shell - "" = AutoRun
      O33 - MountPoints2\{579351ad-138d-11e2-bcb2-00234dee4856}\Shell\AutoRun\command - "" = E:\iStudio.exe
      O33 - MountPoints2\{5cdde997-dda8-11e1-8e21-00234dee4856}\Shell - "" = AutoRun
      O33 - MountPoints2\{5cdde997-dda8-11e1-8e21-00234dee4856}\Shell\AutoRun\command - "" = E:\Startme.exe
      O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
      O34 - HKLM BootExecute: (autocheck autochk *)
      [2013/03/09 23:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JustCloud
      [2013/02/12 04:06:52 | 000,091,264 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
      [1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
      
      :Files
      c:\program files (x86)\mediacrawler
      ipconfig /flushdns /c
      
      :Commands
      [resethosts]
      [emptytemp]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
    After that

    Please download the latest version of TDSSKiller from here and save it to your Desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

      [​IMG]
    • Put a checkmark beside loaded modules.

      [​IMG]
    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.

      [​IMG]
    • Click the Start Scan button.

      [​IMG]
    • The scan should take no longer than 2 minutes.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      [​IMG]
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

      [​IMG]

      Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    When you return please post
    • OTL fix txt
    • log.txt from TDSSKiller
     
  8. white_tigress

    white_tigress Thread Starter

    Joined:
    Apr 6, 2011
    Messages:
    65
    I tried to find any AVG and Spybot items left but I couldn't. I deleted them and can't find them now. When I tried to run the OTL as told, it kept freezing and not responding. Should I try doing the rest of the tasks and leave OTL for now? My computer is fixable, right?
     
  9. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Try running it in Safe Mode. If that doesn't work, move on to the next actions.:)

    How to boot into Safe Mode:

    1) Restart your computer
    2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
    3) Instead of Windows loading as normal, a menu should appear
    4) Select the first option, to run Windows in Safe Mode.
     
  10. white_tigress

    white_tigress Thread Starter

    Joined:
    Apr 6, 2011
    Messages:
    65
    Ok, computer wouldn't allow anything to happen in safe mode. OTL wouldn't work and it took forever but I got your report from TDSSKILLER.

    16:17:09.0536 1268 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    16:17:10.0799 1268 ============================================================
    16:17:10.0799 1268 Current date / time: 2013/03/11 16:17:10.0799
    16:17:10.0799 1268 SystemInfo:
    16:17:10.0799 1268
    16:17:10.0799 1268 OS Version: 6.1.7601 ServicePack: 1.0
    16:17:10.0799 1268 Product type: Workstation
    16:17:10.0799 1268 ComputerName: OWNER-PC
    16:17:10.0799 1268 UserName: Owner
    16:17:10.0799 1268 Windows directory: C:\Windows
    16:17:10.0799 1268 System windows directory: C:\Windows
    16:17:10.0799 1268 Running under WOW64
    16:17:10.0799 1268 Processor architecture: Intel x64
    16:17:10.0799 1268 Number of processors: 2
    16:17:10.0799 1268 Page size: 0x1000
    16:17:10.0799 1268 Boot type: Normal boot
    16:17:10.0799 1268 ============================================================
    16:17:19.0332 1268 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
    16:17:19.0379 1268 ============================================================
    16:17:19.0379 1268 \Device\Harddisk0\DR0:
    16:17:19.0379 1268 MBR partitions:
    16:17:19.0379 1268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    16:17:19.0379 1268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xBA1F000
    16:17:19.0379 1268 ============================================================
    16:17:19.0442 1268 C: <-> \Device\Harddisk0\DR0\Partition2
    16:17:19.0520 1268 ============================================================
    16:17:19.0520 1268 Initialize success
    16:17:19.0520 1268 ============================================================
    16:17:55.0119 3936 Deinitialize success
     
  11. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello white_tigress,

    Please download ComboFix from one of this location:

    Link

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    • Double click on ComboFix.exe & follow the prompts.
    • Your desktop may go blank. This is normal.
    • ComboFix may reboot your machine. This is normal too.

    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
  12. white_tigress

    white_tigress Thread Starter

    Joined:
    Apr 6, 2011
    Messages:
    65
    I'm getting a message about security and shut down now too. I didn't write it down and don't remember what it said, sorry. Computer is still in really bad shape but I have faith in you!

    ComboFix 13-03-12.02 - Owner 03/12/2013 18:23:21.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3054.358 [GMT -7:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\programdata\3002.abs
    c:\programdata\3002.xml
    c:\users\Owner\Documents\~WRL0003.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-13 01:33 . 2013-03-13 01:33 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
    2013-03-13 01:33 . 2013-03-13 01:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-03-13 00:32 . 2012-10-23 14:04 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-03-13 00:32 . 2012-10-23 14:04 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{441E5F62-6218-4D00-B8F5-384E3B470FDA}\gapaengine.dll
    2013-03-13 00:15 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DDD4B7FD-EFBF-4CED-934D-52BBC56AD64A}\mpengine.dll
    2013-03-12 00:19 . 2013-02-17 08:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
    2013-03-12 00:18 . 2013-03-12 00:19 -------- d--h--w- c:\windows\msdownld.tmp
    2013-03-12 00:09 . 2013-03-12 00:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-03-11 23:45 . 2012-10-23 14:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E5135F7-C770-4DB7-913E-C50B2130A305}\gapaengine.dll
    2013-03-11 23:39 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-03-11 23:37 . 2013-03-11 23:37 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2013-03-11 23:37 . 2013-03-11 23:38 -------- d-----w- c:\program files\Microsoft Security Client
    2013-03-11 23:07 . 2013-03-11 23:07 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
    2013-03-11 22:16 . 2013-03-11 22:16 -------- d-----w- C:\_OTL
    2013-03-10 16:03 . 2013-03-10 16:03 -------- d-----w- c:\users\Owner\AppData\Roaming\ASCOMP Software
    2013-03-10 16:02 . 2013-03-10 16:02 -------- d-----w- c:\program files (x86)\ASCOMP Software
    2013-03-10 06:47 . 2013-03-10 06:47 -------- d-----w- c:\users\Owner\SyncFolder
    2013-03-10 06:46 . 2013-03-10 16:29 -------- d-----w- c:\program files (x86)\JustCloud
    2013-03-08 21:22 . 2013-02-19 11:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3CBC8F1-22F0-46A9-B2EA-063120353B72}\mpengine.dll
    2013-03-08 07:05 . 2013-03-08 07:23 -------- d-----w- c:\programdata\MFAData
    2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\users\Owner\AppData\Local\MFAData
    2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\users\Owner\AppData\Local\Avg2013
    2013-03-08 07:05 . 2013-03-08 07:05 -------- d-----w- c:\programdata\Common Files
    2013-02-26 18:00 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
    2013-02-26 17:55 . 2012-03-14 13:00 385024 ----a-w- c:\windows\system32\CNMLMAU.DLL
    2013-02-26 17:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2013-02-26 17:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2013-02-26 17:54 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-02-26 17:54 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-02-26 17:54 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
    2013-02-26 17:54 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
    2013-02-26 17:54 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2013-02-26 17:54 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2013-02-26 17:54 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2013-02-25 23:19 . 2013-02-26 00:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-02-25 23:19 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2013-02-25 23:19 . 2010-12-21 02:08 20952 ----a-w- c:\windows\SysWow64\drivers\mbam.sys
    2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
    2013-02-19 18:03 . 2013-02-25 23:18 -------- d-----w- c:\programdata\Malwarebytes
    2013-02-19 18:02 . 2013-02-19 18:02 -------- d-----w- c:\users\Owner\AppData\Local\Programs
    2013-02-18 06:16 . 2013-02-18 06:16 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Utility Kit
    2013-02-18 06:16 . 2013-02-18 06:16 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
    2013-02-18 06:16 . 2013-02-19 01:51 -------- d-----w- c:\programdata\PC Utility Kit
    2013-02-16 21:34 . 2013-02-16 21:34 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2013-02-16 16:28 . 2013-02-16 16:28 -------- d-----w- c:\users\Owner\AppData\Roaming\EQATEC Analytics
    2013-02-16 16:27 . 2013-02-16 21:36 -------- d-----w- c:\program files (x86)\DAP
    2013-02-16 06:23 . 2013-02-16 06:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2013-02-16 06:22 . 2013-02-16 06:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2013-02-16 06:22 . 2013-02-16 06:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2013-02-16 06:22 . 2013-02-16 06:22 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2013-02-15 06:54 . 2013-02-15 06:54 -------- d-----w- c:\program files (x86)\MediaCrawler
    2013-02-14 07:07 . 2013-02-14 07:08 -------- d-----w- c:\users\Owner\AppData\Roaming\GoforFiles
    2013-02-13 00:55 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-13 00:55 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-13 00:55 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-02-13 00:55 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-02-13 00:55 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-13 00:55 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-02-13 00:55 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-02-13 00:55 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-02-13 00:55 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-02-13 00:55 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-02-13 00:55 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-13 00:55 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-12 11:06 . 2013-02-12 11:06 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-13 00:26 . 2012-05-18 17:39 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-03-13 00:26 . 2012-05-18 17:39 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-13 00:08 . 2012-05-18 00:23 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2013-03-12 00:24 . 2012-05-18 00:37 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
    2013-03-07 03:05 . 2012-05-18 00:37 69792 ------w- c:\windows\SysWow64\rpcnet.exe
    2013-02-27 01:17 . 2012-05-18 00:24 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
    2013-02-27 01:17 . 2012-05-18 00:23 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
    2013-02-14 05:37 . 2012-05-18 10:03 70004024 ----a-w- c:\windows\system32\MRT.exe
    2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2013-01-12 11:30 . 2013-01-16 22:59 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-04 04:43 . 2013-02-13 00:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-12-16 17:11 . 2012-12-21 11:01 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 11:01 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 11:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 11:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-19 1314816]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-15 14448]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-05 155824]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1255736]
    S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2013-01-25 1181408]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-10 375728]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-12-21 300032]
    S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:26]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
    @="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
    [HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
    2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
    @="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
    [HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
    2012-11-13 05:51 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2009-08-27 1712672]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-06 16336488]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 64.59.144.17 64.59.150.133
    DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-35808286.sys
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-03-12 18:37:35
    ComboFix-quarantined-files.txt 2013-03-13 01:37
    .
    Pre-Run: 53,010,624,512 bytes free
    Post-Run: 52,776,267,776 bytes free
    .
    - - End Of File - - 4B98AB6166D09C43830859349D510E71
     
  13. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello white_tigress,

    Do you use the File Backup Service of Starfield Technologies or Just Cloud? Tell me when you return.

    For now

    Please run OTL.exe

    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://s.results.ask.com/search/GGmain.jhtml?p2=^YK^xdm014^S03853^ca&si=CPWrtufMo7QCFad_QgodqG0AvQ&ptb=D0A9A8F7-2921-40AF-ADF4-E92D10BAFD89&psa=&ind=2012121819&st=sb&n=77ee8adb&searchfor={searchTerms}
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0
      IE - HKCU\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://s.results.ask.com/search/GGmain.jhtml?p2=^YK^xdm014^S03853^ca&si=CPWrtufMo7QCFad_QgodqG0AvQ&ptb=D0A9A8F7-2921-40AF-ADF4-E92D10BAFD89&psa=&ind=2012121819&st=sb&n=77ee8adb&searchfor={searchTerms}
      
      [2013/03/07 00:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions
      [2013/03/07 00:17:49 | 000,021,489 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\[email protected]
      [2013/02/13 23:28:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mdnjokp5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
      [2012/09/13 12:20:20 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
      O33 - MountPoints2\{579351ad-138d-11e2-bcb2-00234dee4856}\Shell - "" = AutoRun
      O33 - MountPoints2\{579351ad-138d-11e2-bcb2-00234dee4856}\Shell\AutoRun\command - "" = E:\iStudio.exe
      O33 - MountPoints2\{5cdde997-dda8-11e1-8e21-00234dee4856}\Shell - "" = AutoRun
      O33 - MountPoints2\{5cdde997-dda8-11e1-8e21-00234dee4856}\Shell\AutoRun\command - "" = E:\Startme.exe
      O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
      O34 - HKLM BootExecute: (autocheck autochk *)
      [2013/02/12 04:06:52 | 000,091,264 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
      [1 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
      
      :Files
      c:\program files (x86)\mediacrawler
      ipconfig /flushdns /c
      
      :Commands
      [emptytemp]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
     
  14. white_tigress

    white_tigress Thread Starter

    Joined:
    Apr 6, 2011
    Messages:
    65
    OTL keeps not responding. I started Task Manager and closed all unnecessary programs that were running. Weird, but that TDSKiller (I know I got it wrong) was still running. Anyways, OTL still won't respond. I don't know who makes my backup program but it's called Backup Maker. Google isn't loading either. Is my computer getting worse? I have Logmein, do you fix computers that way? Please don't give up on me. I have no way of getting another laptop and I need this one badly for work, which is obviously not getting done now.
     
  15. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Please reboot you computer to stop that. You may need to pull the power plug and restart. That likely would have got in the way of the OTL fix but we will revisit that later.

    I do see Backup Maker there and I also see File Backup Service of Starfield Technologies and Just Cloud. These programs have caused problems on some computers. Starfield technologies should be okay but I have seen some complaints about it too.

    What would be good would be to see if removing Backup Maker (it may not be related to Starfield Technologies and Just Cloud... we will see) helps fix your machines problems.

    Firstly, see if you can uninstall Backup Maker, you can always reinstall it later if you want to.

    Also there is a program called mediacrawler showing on your machine. In some quarters that is seen as foistware. I have included it below for removal, if you don't want it removed tell me, otherwise go ahead with the instruction.

    Now

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    KillAll::
    
    Folder::
    c:\program files (x86)\mediacrawler
    C:\Program Files (x86)\JustCloud
    
    Reboot::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090087

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice