Root kit or virus?

Using Windows 7 and Avast IS. To the best of my knowledge most software is up-to-date.

I clicked on a link in an email message from a reliable source (CNET). When the link opened a webpage I received 4 warnings from Avast that a potentially dangerous script had been blocked. However, it appears the scripts were not actually blocked. I now have a corrupted system that I have removed from the network.

From the FileSystemShield.txt file there are entries referring to JS:Downloader-AIF and JS:Iframe-YX.

Symptoms I experience:

  • Windows 7 is reporting it is not genuine; attempts to re-register have been unsuccessful
  • Avast has been disabled; I cannot turn it on. When I boot to safe mode Avast will run but will not attempt any scans. I cannot schedule a boot time scan.
  • the usb ports no longer recognize any devices; I cannot boot from usb because system does not recognize the usb ports
  • the cdrom is not recognized; it doesn’t see any cd’s and is not recognised at boot time. Although I can reconfigure the bios to boot from CDrom the device does not spin up.

Brian

Are you able to run this programme

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

Ran OTL; logs as follows: (? posts?)

OTL.txt*
OTL logfile created on: 07/05/2013 7:56:45 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bunnb1\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.99 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 69.91% Memory free
15.98 Gb Paging File | 13.29 Gb Available in Paging File | 83.15% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107.03 Gb Total Space | 21.23 Gb Free Space | 19.84% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 75.76 Gb Free Space | 12.71% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 216.83 Gb Free Space | 23.28% Space Free | Partition Type: NTFS
Drive K: | 100.00 Mb Total Space | 70.11 Mb Free Space | 70.12% Space Free | Partition Type: NTFS

Computer Name: BUNNB1-I5 | User Name: bunnb1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/07 07:49:58 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Users\bunnb1\Desktop\OTL.exe
PRC - [2013/04/23 07:54:18 | 012,491,104 | ---- | M] (SugarSync, Inc.) – C:\Program Files (x86)\SugarSync\SugarSync.exe
PRC - [2013/03/19 09:20:27 | 000,256,600 | ---- | M] (Microsoft Corporation) – C:\Users\bunnb1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/03/12 01:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) – C:\Users\bunnb1\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/06 17:32:44 | 004,767,304 | ---- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 17:32:42 | 000,136,912 | ---- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/02/05 09:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) – C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/12/06 23:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) – C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/11/16 20:02:48 | 000,443,760 | ---- | M] (AnchorFree Inc.) – C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe
PRC - [2012/11/15 15:49:54 | 001,271,152 | ---- | M] (AnchorFree Inc.) – C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012/11/15 13:59:44 | 000,527,728 | ---- | M] (AnchorFree Inc.) – C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/11/14 21:03:24 | 000,389,488 | ---- | M] () – C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012/10/29 19:51:29 | 003,696,632 | ---- | M] (Acronis) – C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/09/19 22:02:24 | 000,363,752 | ---- | M] (BillP Studios) – C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/09/19 21:10:10 | 001,177,536 | R— | M] (Western Digital ) – C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/09/19 21:10:06 | 001,157,056 | R— | M] (Western Digital ) – C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/09/19 21:03:58 | 005,236,664 | R— | M] (Western Digital Technologies, Inc.) – C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/09/19 21:02:48 | 000,248,248 | R— | M] (Western Digital) – C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/08/23 01:09:34 | 000,403,328 | ---- | M] (Acronis) – C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012/08/23 01:08:50 | 006,010,264 | ---- | M] (Acronis) – C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012/08/18 21:18:30 | 007,017,888 | ---- | M] (Acronis) – C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/07/24 15:13:58 | 000,941,440 | ---- | M] (Acronis) – C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2012/07/10 12:51:16 | 000,026,016 | ---- | M] (Uniblue Systems Limited) – C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) – C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2012/03/07 15:33:00 | 001,122,848 | ---- | M] (Xmarks.com) – C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe
PRC - [2012/01/31 13:36:52 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) – C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011/11/13 23:36:08 | 000,354,416 | ---- | M] (VMware, Inc.) – C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011/11/13 23:36:06 | 000,433,264 | ---- | M] (VMware, Inc.) – C:\Windows\SysWOW64\vmnat.exe
PRC - [2011/11/13 23:35:56 | 000,103,536 | ---- | M] (VMware, Inc.) – C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011/11/13 22:55:18 | 011,839,488 | ---- | M] () – C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2011/11/13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) – C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) – D:\Program Files (x86)\Adobe\Photoshop Elements 10\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/08/30 13:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) – C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/07/14 12:40:28 | 000,029,552 | ---- | M] (Gladinet, INC) – C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
PRC - [2011/07/14 12:30:16 | 002,586,480 | ---- | M] (Gladinet, INC) – C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
PRC - [2011/07/01 01:07:24 | 000,607,592 | ---- | M] (Nuance Communications, Inc.) – C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe
PRC - [2011/06/28 08:18:36 | 000,605,032 | ---- | M] (Nuance Communications, Inc.) – C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
PRC - [2011/06/24 15:56:40 | 000,050,632 | ---- | M] (Pro-SoftNet Corp, U.S.A) – D:\IDrive\IDriveEBackground.exe
PRC - [2011/06/24 15:56:16 | 000,157,128 | ---- | M] (Pro Softnet Corporation) – D:\IDrive\IDriveE Service.exe
PRC - [2011/06/24 15:54:34 | 002,491,848 | ---- | M] (Pro Softnet Corp.) – D:\IDrive\IDriveETray.exe
PRC - [2011/06/08 19:04:20 | 000,267,688 | ---- | M] ( ) – D:\IDrive\IDrivePlugin.exe
PRC - [2011/05/28 13:40:40 | 000,127,488 | ---- | M] () – C:\Program Files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe
PRC - [2011/03/21 12:21:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) – C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/03/19 19:35:06 | 000,090,112 | ---- | M] () – C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2011/01/22 15:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) – D:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2011/01/22 15:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) – D:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2010/11/20 06:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) – C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/05/21 13:40:26 | 000,324,976 | ---- | M] (Flexera Software, Inc.) – C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) – C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/15 11:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) – C:\Program Files (x86)\TechSmith\Snagit 9\TscHelp.exe
PRC - [2009/10/15 11:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) – C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
PRC - [2009/10/15 11:06:46 | 007,168,328 | ---- | M] (TechSmith Corporation) – C:\Program Files (x86)\TechSmith\Snagit 9\SnagitEditor.exe
PRC - [2009/10/15 11:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) – C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
PRC - [2009/07/17 13:48:18 | 006,038,016 | ---- | M] () – C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) – C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) – C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) – C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/04/11 14:52:30 | 001,081,344 | ---- | M] (Pantone & X-Rite) – C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
PRC - [2007/03/08 09:36:28 | 000,057,344 | ---- | M] (AzureBay) – C:\Program Files (x86)\AzureBay\AzureBay Screen Saver\WPChanger.exe

OTL.txt* (2)
========== Modules (No Company Name) ==========

MOD - [2012/08/23 00:32:28 | 001,525,120 | ---- | M] () – C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
MOD - [2012/06/20 15:23:00 | 000,599,419 | ---- | M] () – C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/07/14 12:08:38 | 000,251,760 | ---- | M] () – C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSBr_nuance.dll
MOD - [2011/07/14 12:06:06 | 000,128,880 | ---- | M] () – C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui_En.dll
MOD - [2011/07/14 12:05:58 | 000,015,216 | ---- | M] () – C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui.dll
MOD - [2011/07/14 12:05:54 | 000,079,728 | ---- | M] () – C:\Program Files (x86)\Nuance\Nuance Cloud Connector\zlib125.dll
MOD - [2011/07/14 12:05:44 | 000,292,720 | ---- | M] () – C:\Program Files (x86)\Nuance\Nuance Cloud Connector\sqlite3.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () – C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () – C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 13:40:40 | 000,127,488 | ---- | M] () – C:\Program Files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe
MOD - [2011/03/19 19:35:06 | 000,024,576 | ---- | M] () – C:\Windows\SysWOW64\AsIO.dll
MOD - [2011/01/22 15:57:54 | 000,050,056 | ---- | M] () – D:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\CodeLog.dll
MOD - [2009/10/15 11:06:44 | 004,715,848 | R— | M] () – C:\Program Files (x86)\TechSmith\Snagit 9\PDFNetC.dll
MOD - [2009/07/17 13:48:18 | 006,038,016 | ---- | M] () – C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
MOD - [2009/04/22 20:20:00 | 000,179,712 | ---- | M] () – C:\Program Files (x86)\ASUS\EPU-6 Engine\AsusService.dll
MOD - [2009/04/20 13:55:34 | 000,565,248 | ---- | M] () – C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll
MOD - [2009/04/20 13:55:32 | 000,053,248 | ---- | M] () – C:\Program Files (x86)\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
MOD - [2008/08/27 16:32:36 | 000,619,816 | ---- | M] () – C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 09:55:08 | 000,013,096 | ---- | M] () – C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

OTL.txt* (3)
========== Services (SafeList) ==========

SRV:64bit: - [2013/03/06 17:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Stopped] – C:\Program Files\AVAST Software\Avast\AvastSvc.exe – (avast! Antivirus)
SRV:64bit: - [2013/03/06 17:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\AVAST Software\Avast\afwServ.exe – (avast! Firewall)
SRV:64bit: - [2012/09/07 20:54:54 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] – C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE – (!SASCORE)
SRV:64bit: - [2011/09/27 13:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] – C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe – (LBTServ)
SRV:64bit: - [2011/08/01 10:02:12 | 000,311,296 | ---- | M] (WDC) [Auto | Running] – C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe – (WDDMService)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] – C:\Windows\SysNative\atiesrxx.exe – (AMD External Events Utility)
SRV:64bit: - [2011/01/10 13:21:02 | 000,231,280 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe – (arXfrSvc)
SRV:64bit: - [2011/01/10 13:20:18 | 000,109,936 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Home Server\esClient.exe – (esClient)
SRV:64bit: - [2011/01/10 13:19:58 | 000,489,840 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Home Server\WHSConnector.exe – (WHSConnector)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Program Files\Windows Live\Mesh\wlcrasvc.exe – (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\appmgmts.dll – (AppMgmt)
SRV - [2013/04/25 19:16:52 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 09:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] – C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe – (McComponentHostService)
SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe – (AdobeARMservice)
SRV - [2012/12/06 23:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) [Auto | Running] – C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe – (ioloSystemService)
SRV - [2012/12/06 23:40:38 | 001,053,184 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] – C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe – (ioloFileInfoList)
SRV - [2012/11/16 20:02:48 | 000,443,760 | ---- | M] (AnchorFree Inc.) [Auto | Running] – C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe – (HssSrv)
SRV - [2012/11/15 13:59:44 | 000,527,728 | ---- | M] (AnchorFree Inc.) [Auto | Running] – C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe – (hshld)
SRV - [2012/11/14 21:03:24 | 000,389,488 | ---- | M] () [Auto | Running] – C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe – (HssWd)
SRV - [2012/11/14 19:40:58 | 000,078,072 | ---- | M] () [On_Demand | Stopped] – C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe – (HssTrayService)
SRV - [2012/11/10 06:47:37 | 000,147,888 | ---- | M] (LogMeIn, Inc.) [Auto | Running] – C:\Program Files (x86)\LogMeIn\x64\ramaint.exe – (LMIMaint)
SRV - [2012/11/10 06:47:28 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] – C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe – (LMIGuardianSvc)
SRV - [2012/10/29 19:51:29 | 003,696,632 | ---- | M] (Acronis) [Auto | Running] – C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe – (afcdpsrv)
SRV - [2012/09/19 21:10:10 | 001,177,536 | R— | M] (Western Digital ) [Auto | Running] – C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe – (WDRulesService)
SRV - [2012/09/19 21:10:06 | 001,157,056 | R— | M] (Western Digital ) [Auto | Running] – C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe – (WDBackup)
SRV - [2012/09/19 21:02:48 | 000,248,248 | R— | M] (Western Digital) [Auto | Running] – C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe – (WDDriveService)
SRV - [2012/08/23 01:11:48 | 001,126,888 | ---- | M] (Acronis) [Auto | Running] – C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe – (AcrSch2Svc)
SRV - [2012/08/18 21:18:30 | 007,017,888 | ---- | M] (Acronis) [Auto | Running] – C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe – (syncagentsrv)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] – C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE – (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] – C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE – (BBSvc)
SRV - [2012/06/08 12:06:24 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] – C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe – (LogMeIn)
SRV - [2012/01/31 13:36:52 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] – C:\Windows\SysWOW64\nlssrv32.exe – (nlsX86cc)
SRV - [2011/11/13 23:36:08 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] – C:\Windows\SysWOW64\vmnetdhcp.exe – (VMnetDHCP)
SRV - [2011/11/13 23:36:06 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] – C:\Windows\SysWOW64\vmnat.exe – (VMware NAT Service)
SRV - [2011/11/13 22:55:18 | 011,839,488 | ---- | M] () [Auto | Running] – C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe – (VMwareHostd)
SRV - [2011/11/13 21:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] – C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe – (VMAuthdService)
SRV - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] – D:\Program Files (x86)\Adobe\Photoshop Elements 10\Elements 10 Organizer\PhotoshopElementsFileAgent.exe – (AdobeActiveFileMonitor10.0)
SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] – C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe – (VMUSBArbService)
SRV - [2011/07/14 12:40:28 | 000,029,552 | ---- | M] (Gladinet, INC) [Auto | Running] – C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe – (GladFileMonSvc)
SRV - [2011/06/24 15:56:16 | 000,157,128 | ---- | M] (Pro Softnet Corporation) [Auto | Running] – D:\IDrive\IDriveE Service.exe – (IDriveE Service)
SRV - [2011/03/21 12:21:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] – C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)
SRV - [2011/03/19 19:35:06 | 000,090,112 | ---- | M] () [Auto | Running] – C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe – (AsSysCtrlService)
SRV - [2011/01/22 15:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] – D:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\Agent.exe – (EASEUS Agent)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] – C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL – (HPSLPSVC)
SRV - [2010/06/25 11:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] – C:\Program Files (x86)\WinPcap\rpcapd.exe – (rpcapd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe – (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] – C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe – (IAANTMON)

OTL.txt*** (4)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/06 17:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] – C:\Windows\SysNative\drivers\aswSnx.sys – (aswSnx)
DRV:64bit: - [2013/03/06 17:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswSP.sys – (aswSP)
DRV:64bit: - [2013/03/06 17:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\aswVmm.sys – (aswVmm)
DRV:64bit: - [2013/03/06 17:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswRdr2.sys – (aswRdr)
DRV:64bit: - [2013/03/06 17:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswTdi.sys – (aswTdi)
DRV:64bit: - [2013/03/06 17:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswRvrt.sys – (aswRvrt)
DRV:64bit: - [2013/03/06 17:33:20 | 000,263,096 | ---- | M] (AVAST Software) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswNdis2.sys – (aswNdis2)
DRV:64bit: - [2013/03/06 17:33:20 | 000,127,136 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswFW.sys – (aswFW)
DRV:64bit: - [2013/03/06 17:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\aswMonFlt.sys – (aswMonFlt)
DRV:64bit: - [2013/03/06 17:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\aswFsBlk.sys – (aswFsBlk)
DRV:64bit: - [2013/03/06 17:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswKbd.sys – (aswKbd)
DRV:64bit: - [2013/01/30 13:11:50 | 000,347,904 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\sscbfs3.sys – (SSCBFS3)
DRV:64bit: - [2012/11/14 19:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\taphss6.sys – (taphss6)
DRV:64bit: - [2012/11/14 19:33:20 | 000,042,248 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] – C:\Windows\SysNative\drivers\hssdrv6.sys – (HssDRV6)
DRV:64bit: - [2012/11/10 06:47:29 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] – C:\Windows\SysNative\LMIRfsClientNP.dll – (LMIRfsClientNP)
DRV:64bit: - [2012/10/29 19:51:29 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] – C:\Windows\SysNative\drivers\afcdp.sys – (afcdp)
DRV:64bit: - [2012/10/29 19:51:28 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\tdrpman.sys – (tdrpman)
DRV:64bit: - [2012/10/29 19:51:28 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\tib_mounter.sys – (tib_mounter)
DRV:64bit: - [2012/10/29 19:51:28 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\vididr.sys – (vididr)
DRV:64bit: - [2012/10/29 19:51:27 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\vidsflt.sys – (vidsflt)
DRV:64bit: - [2012/10/29 19:51:26 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\snapman.sys – (snapman)
DRV:64bit: - [2012/10/29 19:51:26 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\fltsrv.sys – (fltsrv)
DRV:64bit: - [2012/09/21 02:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswNdis.sys – (aswNdis)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\GEARAspiWDM.sys – (GEARAspiWDM)
DRV:64bit: - [2012/08/02 11:21:22 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\PDFsFilter.sys – (PDFsFilter)
DRV:64bit: - [2012/08/01 12:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\taphss.sys – (taphss)
DRV:64bit: - [2012/06/08 12:06:24 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\LMIRfsDriver.sys – (LMIRfsDriver)
DRV:64bit: - [2012/06/08 12:05:56 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\lmimirr.sys – (lmimirr)
DRV:64bit: - [2012/05/28 07:09:04 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\dc3d.sys – (dc3d)
DRV:64bit: - [2012/04/17 08:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] – C:\Windows\SysNative\drivers\ElRawDsk.sys – (ElRawDisk)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] – C:\Windows\SysNative\drivers\fs_rec.sys – (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\usbaapl64.sys – (USBAAPL64)
DRV:64bit: - [2011/11/13 23:36:54 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] – C:\Windows\SysNative\drivers\vmx86.sys – (vmx86)
DRV:64bit: - [2011/11/13 23:35:22 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] – C:\Windows\SysNative\drivers\vmnetuserif.sys – (VMnetuserif)
DRV:64bit: - [2011/11/13 21:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] – C:\Windows\SysNative\drivers\vmnetbridge.sys – (VMnetBridge)
DRV:64bit: - [2011/11/13 21:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\vmnetadapter.sys – (VMnetAdapter)
DRV:64bit: - [2011/09/02 00:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\LMouFilt.Sys – (LMouFilt)
DRV:64bit: - [2011/09/02 00:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\LHidFilt.Sys – (LHidFilt)
DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] – C:\Windows\SysNative\drivers\hcmon.sys – (hcmon)
DRV:64bit: - [2011/08/29 22:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\vmusb.sys – (vmusb)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\vmci.sys – (vmci)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\point64.sys – (Point64)

DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] – C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys – (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] – C:\Program Files\SUPERAntiSpyware\saskutil64.sys – (SASKUTIL)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\Rt64win7.sys – (RTL8167)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\atikmdag.sys – (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\atikmdag.sys – (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\atikmpag.sys – (amdkmdap)
DRV:64bit: - [2011/03/20 05:57:43 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\jraid.sys – (JRAID)
DRV:64bit: - [2011/03/19 19:37:54 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\ASACPI.sys – (MTsensor)
DRV:64bit: - [2011/03/19 19:26:40 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\viahduaa.sys – (VIAHdAudAddService)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\amdsata.sys – (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\amdxata.sys – (amdxata)
DRV:64bit: - [2011/01/22 15:58:24 | 000,026,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\eufs.sys – (EUFS)
DRV:64bit: - [2011/01/22 15:58:22 | 000,017,800 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] – C:\Windows\SysNative\drivers\eudskacs.sys – (EUDSKACS)
DRV:64bit: - [2011/01/22 15:58:20 | 000,036,232 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\eubakup.sys – (EUBAKUP)
DRV:64bit: - [2011/01/22 15:58:18 | 000,193,416 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\EuDisk.sys – (EuDisk)
DRV:64bit: - [2011/01/15 10:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\VClone.sys – (VClone)
DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] – C:\Windows\SysNative\drivers\ElbyCDIO.sys – (ElbyCDIO)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\HpSAMD.sys – (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\TsUsbFlt.sys – (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\rdpvideominiport.sys – (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 04:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] – C:\Windows\SysNative\drivers\rmcast.sys – (RMCAST)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\fssfltr.sys – (fssfltr)
DRV:64bit: - [2010/06/25 11:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] – C:\Windows\SysNative\drivers\npf.sys – (NPF)
DRV:64bit: - [2010/04/27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\nusb3xhc.sys – (nusb3xhc)
DRV:64bit: - [2010/04/27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\nusb3hub.sys – (nusb3hub)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\PxHlpa64.sys – (PxHlpa64)
DRV:64bit: - [2010/03/17 02:14:02 | 000,302,632 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\mv91xx.sys – (mv91xx)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\amdsbs.sys – (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\lsi_sas2.sys – (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\stexstor.sys – (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\serscan.sys – (StillCam)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\rootmdm.sys – (ROOTMODEM)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\evbda.sys – (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\bxvbda.sys – (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\b57nd60a.sys – (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\hcw85cir.sys – (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\iaStor.sys – (iaStor)
DRV:64bit: - [2009/03/09 14:00:34 | 000,034,048 | ---- | M] () [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\ustor2k.sys – (USTOR2K)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\RimSerial_AMD64.sys – (RimVSerPort)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\wdcsam64.sys – (WDC_SAM)
DRV - [2012/06/08 12:06:24 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] – C:\Program Files (x86)\LogMeIn\x64\rainfo.sys – (LMIInfo)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] – C:\Windows\SysWOW64\drivers\wimmount.sys – (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM..\SearchScopes{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: “URL” = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0E0EtD0AtN0D0Tzu0CtBzzzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=489756232
IE - HKLM..\URLSearchHook: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - C:\Program Files (x86)\Mapit_1\prxtbMapi.dll (Conduit Ltd.)
IE - HKLM..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM..\SearchScopes{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: “URL” = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0E0EtD0AtN0D0Tzu0CtBzzzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=489756232

IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-21-2136029548-1328334061-613265227-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2136029548-1328334061-613265227-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-2136029548-1328334061-613265227-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 35 44 43 1E 24 CE 01 [binary data]
IE - HKU\S-1-5-21-2136029548-1328334061-613265227-1001..\URLSearchHook: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - C:\Program Files (x86)\Mapit_1\prxtbMapi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2136029548-1328334061-613265227-1001..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2136029548-1328334061-613265227-1001..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2136029548-1328334061-613265227-1001..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2136029548-1328334061-613265227-1001..\SearchScopes{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: “URL” = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0E0EtD0AtN0D0Tzu0CtBzzzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=489756232
IE - HKU\S-1-5-21-2136029548-1328334061-613265227-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-21-2136029548-1328334061-613265227-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = 127.0.0.1;*.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/19 23:32:59 | 000,000,000 | —D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/19 23:32:59 | 000,000,000 | —D | M]

========== Chrome ==========

CHR - default_search_provider: Funmoods (Enabled)
CHR - default_search_provider: search_url = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDyDtDyDyC0CtDtDtDtDzz0E0EtD0AtN0D0Tzu0CtBzzzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=489756232
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Funmoods = C:\Users\bunnb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0
CHR - Extension: YouTube = C:\Users\bunnb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR - Extension: Google Search = C:\Users\bunnb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR - Extension: avast! WebRep = C:\Users\bunnb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0
CHR - Extension: avast! WebRep = C:\Users\bunnb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR - Extension: Gmail = C:\Users\bunnb1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/24 22:03:21 | 000,000,925 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.1.136 Alias.33 Alias.34 Alias.35 # WD SmartWare: uuid:73656761-7465-7375-636b-0090a9bd1e9b
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - No CLSID value found.
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - No CLSID value found.
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2136029548-1328334061-613265227-1001..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM…\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM…\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM…\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM…\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM…\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM…\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM…\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM…\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM…\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM…\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM…\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM…\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM…\Run: [EaseUs Watch] D:\Program Files (x86)\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM…\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM…\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM…\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM…\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM…\Run: [PDFCreHook] C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM…\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM…\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM…\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM…\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19…\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20…\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2136029548-1328334061-613265227-1001…\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2136029548-1328334061-613265227-1001…\Run: [IDriveE Startup] D:\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKU\S-1-5-21-2136029548-1328334061-613265227-1001…\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKU\S-1-5-21-2136029548-1328334061-613265227-1001…\Run: [PaperPortAnywhere] C:\Program Files (x86)\Nuance\PaperPort Anywhere\PaperPortAnywhere.exe (OfficeDrop)
O4 - HKU\S-1-5-21-2136029548-1328334061-613265227-1001…\Run: [SkyDrive] C:\Users\bunnb1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2136029548-1328334061-613265227-1001…\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSync.exe (SugarSync, Inc.)
O4 - HKU\S-1-5-21-2136029548-1328334061-613265227-1001…\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2136029548-1328334061-613265227-1001…\Run: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (Xmarks.com)
O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\bunnb1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\bunnb1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\bunnb1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk = D:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O4 - Startup: C:\Users\bunnb1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = C:\Program Files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
O9:64bit: - Extra ‘Tools’ menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{129E3145-D51F-4869-AAD8-9E2BDEF886DE}: DhcpNameServer = 172.16.1.254 192.168.1.1
O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2012 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2012 {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\osf - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysNative\SSCbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\SysNative\SSCbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2{119ec66b-5264-11e0-b8d1-806e6f6e6963}\Shell - “” = AutoRun
O33 - MountPoints2{119ec66b-5264-11e0-b8d1-806e6f6e6963}\Shell\AutoRun\command - “” = F:.\Bin\ASSETUP.exe
O33 - MountPoints2{5080dcdd-5281-11e0-9b4b-806e6f6e6963}\Shell - “” = AutoRun
O33 - MountPoints2{5080dcdd-5281-11e0-9b4b-806e6f6e6963}\Shell\AutoRun\command - “” = F:\setup.exe
O35:64bit: - HKLM..comfile [open] – “%1” %*
O35:64bit: - HKLM..exefile [open] – “%1” %*
O35 - HKLM..comfile [open] – “%1” %*
O35 - HKLM..exefile [open] – “%1” %*
O37:64bit: - HKLM.…com [@ = comfile] – “%1” %*
O37:64bit: - HKLM.…exe [@ = exefile] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*
O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/07 07:49:58 | 000,602,112 | ---- | C] (OldTimer Tools) – C:\Users\bunnb1\Desktop\OTL.exe
[2013/04/30 10:44:30 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/04/30 10:16:18 | 000,000,000 | —D | C] – C:\ProgramData\McAfee Security Scan
[2013/04/30 10:16:10 | 000,000,000 | —D | C] – C:\Program Files (x86)\McAfee Security Scan
[2013/04/29 09:48:03 | 000,000,000 | -HSD | C] – D:\Users\bunnb1\My Documents\SearchVerity
[2013/04/28 12:38:11 | 000,000,000 | —D | C] – C:\Users\bunnb1\Desktop\Taxes
[2013/04/28 05:33:19 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AzureBay Screen Saver
[2013/04/28 05:33:08 | 000,000,000 | —D | C] – C:\Program Files (x86)\AzureBay
[2013/04/26 21:08:31 | 000,000,000 | -H-D | C] – C:\SkyDriveTemp
[2013/04/26 21:08:31 | 000,000,000 | -H-D | C] – \SkyDriveTemp
[2013/04/26 05:18:24 | 000,225,024 | ---- | C] (EldoS Corporation) – C:\Windows\SysWow64\SSCbFsNetRdr3.dll
[2013/04/26 05:18:24 | 000,192,256 | ---- | C] (EldoS Corporation) – C:\Windows\SysNative\SSCbFsMntNtf3.dll
[2013/04/26 05:18:24 | 000,159,488 | ---- | C] (EldoS Corporation) – C:\Windows\SysWow64\SSCbFsMntNtf3.dll
[2013/04/26 05:18:24 | 000,143,104 | ---- | C] (EldoS Corporation) – C:\Windows\SysNative\SSCbFsNetRdr3.dll
[2013/04/26 05:18:07 | 000,347,904 | ---- | C] (EldoS Corporation) – C:\Windows\SysNative\drivers\sscbfs3.sys
[2013/04/10 03:00:50 | 000,391,168 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\ieui.dll
[2013/04/10 03:00:49 | 000,526,336 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\ieui.dll
[2013/04/10 03:00:49 | 000,051,712 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\ie4uinit.exe
[2013/04/10 03:00:48 | 000,603,136 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\msfeeds.dll
[2013/04/10 03:00:48 | 000,136,704 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\iesysprep.dll
[2013/04/10 03:00:48 | 000,109,056 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\iesysprep.dll
[2013/04/10 03:00:48 | 000,089,600 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/10 03:00:48 | 000,071,680 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/10 03:00:48 | 000,067,072 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\iesetup.dll
[2013/04/10 03:00:48 | 000,061,440 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\iesetup.dll
[2013/04/10 03:00:48 | 000,039,936 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\iernonce.dll
[2013/04/10 03:00:48 | 000,033,280 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\iernonce.dll
[2013/04/10 03:00:45 | 003,958,784 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\jscript9.dll
[2013/04/10 03:00:45 | 000,855,552 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\jscript.dll
[2013/04/10 03:00:45 | 000,690,688 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\jscript.dll
[2013/04/09 22:22:00 | 003,717,632 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\mstscax.dll
[2013/04/09 22:21:59 | 003,217,408 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\mstscax.dll
[2013/04/09 22:21:59 | 000,158,720 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\aaclient.dll
[2013/04/09 22:21:59 | 000,131,584 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\aaclient.dll
[2013/04/09 22:21:59 | 000,044,032 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\tsgqec.dll
[2013/04/09 22:21:59 | 000,036,864 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\tsgqec.dll
[2013/04/09 22:21:52 | 005,550,424 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\ntoskrnl.exe
[2013/04/09 22:21:51 | 003,968,856 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/09 22:21:51 | 003,913,560 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/09 22:21:50 | 000,112,640 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\smss.exe
[2013/04/09 22:21:50 | 000,043,520 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\csrsrv.dll
[2013/04/09 22:21:50 | 000,006,656 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\apisetschema.dll
[1 C:\Users\bunnb1*.tmp files → C:\Users\bunnb1*.tmp → ]

========== Files - Modified Within 30 Days ==========

[2013/05/07 07:55:56 | 000,783,562 | ---- | M] () – C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/07 07:55:56 | 000,667,254 | ---- | M] () – C:\Windows\SysNative\perfh009.dat
[2013/05/07 07:55:56 | 000,126,516 | ---- | M] () – C:\Windows\SysNative\perfc009.dat
[2013/05/07 07:51:00 | 000,000,830 | ---- | M] () – C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/07 07:49:58 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Users\bunnb1\Desktop\OTL.exe
[2013/05/07 07:48:50 | 000,001,109 | ---- | M] () – C:\Users\bunnb1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk
[2013/05/07 07:48:18 | 000,000,474 | ---- | M] () – C:\Windows\tasks\SDMsgUpdate (TE).job
[2013/05/07 07:47:58 | 000,000,894 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/07 07:47:57 | 000,000,342 | ---- | M] () – C:\Windows\tasks\DriverScanner.job
[2013/05/07 07:47:57 | 000,000,326 | ---- | M] () – C:\Windows\tasks\GlaryInitialize.job
[2013/05/07 07:47:40 | 000,067,584 | --S- | M] () – C:\Windows\bootstat.dat
[2013/05/07 06:56:26 | 000,005,776 | -H-- | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 06:56:26 | 000,005,776 | -H-- | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 06:33:05 | 006,220,854 | ---- | M] () – C:\Users\bunnb1\AppData\Local\ssprep.bmp
[2013/05/07 06:33:04 | 000,000,652 | ---- | M] () – C:\Users\bunnb1\AppData\Local\ScreenSaver.ini
[2013/05/07 06:11:22 | 000,000,898 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/07 06:04:02 | 006,220,854 | ---- | M] () – C:\Users\bunnb1\AppData\Local\AzureBay.bmp
[2013/05/07 06:04:02 | 000,279,798 | ---- | M] () – C:\Users\bunnb1\AppData\Local\cal.bmp
[2013/05/07 06:04:01 | 002,359,350 | ---- | M] () – C:\Users\bunnb1\AppData\Local\sswpprep.bmp
[2013/05/07 06:02:53 | 000,000,648 | RHS- | M] () – C:\ProgramData\ntuser.pol
[2013/04/30 11:56:43 | 000,002,111 | ---- | M] () – C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/30 10:44:30 | 000,002,046 | ---- | M] () – C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/04/30 10:44:30 | 000,002,046 | ---- | M] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/04/30 05:23:08 | 000,006,640 | -H-- | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0.bak
[2013/04/30 05:23:08 | 000,006,640 | -H-- | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0.bak
[2013/04/29 10:33:40 | 000,001,052 | ---- | M] () – C:\Users\bunnb1\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/04/28 09:45:02 | 000,113,302 | ---- | M] () – D:\Users\bunnb1\My Documents\20130428-Shoppers Drug Prescription Refill.pdf
[2013/04/28 05:38:03 | 000,002,103 | ---- | M] () – C:\Users\bunnb1\AppData\Local\AzureBay.ini
[2013/04/28 05:33:19 | 000,002,080 | ---- | M] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wallpaper Changer.lnk
[2013/04/27 05:07:43 | 000,014,534 | ---- | M] () – D:\Users\bunnb1\My Documents\PayBills3.pdf
[2013/04/27 05:03:22 | 000,013,390 | ---- | M] () – D:\Users\bunnb1\My Documents\20130427-CIBC PLC Transfer.pdf
[2013/04/26 06:38:03 | 000,014,321 | ---- | M] () – D:\Users\bunnb1\My Documents\20130426-TD Visa Payment.pdf
[2013/04/25 19:16:52 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/25 19:16:52 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/11 12:12:05 | 000,002,183 | ---- | M] () – C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/10 03:33:57 | 000,510,856 | ---- | M] () – C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/08 18:17:26 | 000,001,051 | ---- | M] () – C:\Users\bunnb1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[1 C:\Users\bunnb1*.tmp files → C:\Users\bunnb1*.tmp → ]

Hi you could attach the file :slight_smile:

========== Files Created - No Company Name ==========

[2013/05/06 15:27:35 | 000,002,529 | ---- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
[2013/05/06 15:27:35 | 000,002,152 | ---- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk
[2013/05/06 15:27:35 | 000,002,099 | ---- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013/05/06 15:27:35 | 000,002,080 | ---- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wallpaper Changer.lnk
[2013/05/06 15:27:35 | 000,002,046 | ---- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/05/06 15:27:35 | 000,002,035 | ---- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 9.lnk
[2013/05/06 15:27:35 | 000,001,346 | ---- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
[2013/05/06 15:27:35 | 000,001,123 | ---- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hueyPROTray.lnk
[2013/05/06 15:27:35 | 000,001,109 | ---- | C] () – C:\Users\bunnb1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk
[2013/05/06 15:27:35 | 000,001,051 | ---- | C] () – C:\Users\bunnb1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/05/06 15:27:35 | 000,000,615 | ---- | C] () – C:\Users\bunnb1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk
[2013/04/30 10:16:18 | 000,002,046 | ---- | C] () – C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/04/28 09:45:02 | 000,113,302 | ---- | C] () – D:\Users\bunnb1\My Documents\20130428-Shoppers Drug Prescription Refill.pdf
[2013/04/28 05:58:32 | 006,220,854 | ---- | C] () – C:\Users\bunnb1\AppData\Local\ssprep.bmp
[2013/04/28 05:41:36 | 006,220,854 | ---- | C] () – C:\Users\bunnb1\AppData\Local\AzureBay.bmp
[2013/04/28 05:41:36 | 002,359,350 | ---- | C] () – C:\Users\bunnb1\AppData\Local\sswpprep.bmp
[2013/04/28 05:41:36 | 000,279,798 | ---- | C] () – C:\Users\bunnb1\AppData\Local\cal.bmp
[2013/04/28 05:38:03 | 000,002,103 | ---- | C] () – C:\Users\bunnb1\AppData\Local\AzureBay.ini
[2013/04/27 05:07:43 | 000,014,534 | ---- | C] () – D:\Users\bunnb1\My Documents\PayBills3.pdf
[2013/04/27 05:03:22 | 000,013,390 | ---- | C] () – D:\Users\bunnb1\My Documents\20130427-CIBC PLC Transfer.pdf
[2013/04/26 06:38:03 | 000,014,321 | ---- | C] () – D:\Users\bunnb1\My Documents\20130426-TD Visa Payment.pdf
[2013/04/26 05:18:25 | 000,001,913 | ---- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync.lnk
[2012/12/28 16:03:53 | 000,038,426 | ---- | C] () – C:\Users\bunnb1\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012/10/16 09:52:53 | 000,031,465 | ---- | C] () – C:\Users\bunnb1\AppData\Local\funmoods.crx
[2012/08/10 06:13:28 | 000,074,703 | ---- | C] () – C:\Windows\SysWow64\mfc45.dat
[2012/05/08 19:54:01 | 000,060,304 | ---- | C] () – C:\Users\bunnb1\g2mdlhlpx.exe
[2012/02/27 13:44:48 | 000,326,144 | ---- | C] () – C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2012/02/22 21:26:34 | 000,326,144 | ---- | C] () – C:\Windows\SysWow64\Viveza2FC32.dll
[2012/02/06 19:45:30 | 000,326,144 | ---- | C] () – C:\Windows\SysWow64\HDREfexProFC32.dll
[2012/01/31 13:36:50 | 000,326,144 | ---- | C] () – C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2011/11/19 23:31:16 | 000,220,546 | ---- | C] () – C:\Windows\hpoins35.dat
[2011/11/19 23:31:16 | 000,000,778 | ---- | C] () – C:\Windows\hpomdl35.dat
[2011/09/22 11:15:17 | 000,031,232 | ---- | C] () – C:\Users\bunnb1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/12 10:59:55 | 000,026,032 | ---- | C] () – C:\Windows\SysWow64\IDriveEXceedCryReg.exe
[2011/09/12 10:59:54 | 000,055,808 | ---- | C] () – C:\Windows\SysWow64\zlib1.dll
[2011/05/23 21:41:28 | 000,000,000 | ---- | C] () – C:\Users\bunnb1\AppData\Local{DCD314F4-B50E-4B3A-8C46-2939D07E1646}
[2011/05/16 13:31:44 | 000,008,592 | ---- | C] () – C:\Windows\SysWow64\ractrlkeyhook.dll
[2011/03/20 19:01:15 | 000,001,024 | ---- | C] () – .rnd
[2011/03/20 13:23:46 | 000,000,648 | RHS- | C] () – C:\ProgramData\ntuser.pol
[2003/07/17 13:23:28 | 000,000,652 | ---- | C] () – C:\Users\bunnb1\AppData\Local\ScreenSaver.ini

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
“” = C:\Windows\SysNative\shell32.dll – [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
“” = %SystemRoot%\system32\shell32.dll – [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
“” = C:\Windows\SysNative\wbem\fastprox.dll – [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
“” = %systemroot%\system32\wbem\fastprox.dll – [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
“” = C:\Windows\SysNative\wbem\wbemess.dll – [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\aelupsvc.dll – (AeLookupSvc)
SRV:64bit: - [2010/11/20 07:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\appinfo.dll – (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\alg.exe – (ALG)
SRV:64bit: - [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\qmgr.dll – (BITS)
SRV:64bit: - [2010/11/20 07:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\BFE.DLL – (BFE)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\lsass.exe – (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\es.dll – (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\es.dll – (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\browser.dll – (Browser)
SRV:64bit: - [2012/06/01 23:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\cryptsvc.dll – (CryptSvc)
SRV - [2012/06/01 22:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\cryptsvc.dll – (CryptSvc)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\rpcss.dll – (DcomLaunch)
SRV:64bit: - [2010/11/20 07:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\dhcpcore.dll – (Dhcp)
SRV - [2010/11/20 06:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\dhcpcore.dll – (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\dnsrslvr.dll – (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\eapsvc.dll – (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\hidserv.dll – (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysWOW64\hidserv.dll – (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\SysNative\ipnathlp.dll – (SharedAccess)
SRV:64bit: - [2010/11/20 07:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\IPSECSVC.DLL – (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\swprv.dll – (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\SysNative\mmcss.dll – (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\netman.dll – (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\netprofm.dll – (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysWOW64\netprofm.dll – (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\nlasvc.dll – (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\nsisvc.dll – (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\umpnpmgr.dll – (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\spoolsv.exe – (Spooler)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\lsass.exe – (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\rasauto.dll – (RasAuto)
SRV:64bit: - [2010/11/20 07:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\rasmans.dll – (RasMan)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\rpcss.dll – (RpcSs)
SRV:64bit: - [2010/11/20 07:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\seclogon.dll – (seclogon)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\lsass.exe – (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wscsvc.dll – (wscsvc)
SRV:64bit: - [2010/11/20 07:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\srvsvc.dll – (LanmanServer)
SRV:64bit: - [2010/11/20 07:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\shsvcs.dll – (ShellHWDetection)
SRV - [2010/11/20 06:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\shsvcs.dll – (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 07:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\schedsvc.dll – (Schedule)
SRV:64bit: - [2010/11/20 07:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\tapisrv.dll – (TapiSrv)
SRV - [2010/11/20 06:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysWOW64\tapisrv.dll – (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\themeservice.dll – (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\profsvc.dll – (ProfSvc)
SRV:64bit: - [2010/11/20 07:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\VSSVC.exe – (VSS)
SRV:64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\audiosrv.dll – (AudioSrv)
SRV:64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\audiosrv.dll – (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 07:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\sdrsvc.dll – (SDRSVC)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
SRV:64bit: - [2010/11/20 07:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wevtsvc.dll – (eventlog)
SRV:64bit: - [2010/11/20 07:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\MPSSVC.dll – (MpsSvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wiaservc.dll – (stisvc)
SRV:64bit: - [2010/11/20 07:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\msiexec.exe – (msiserver)
SRV - [2010/11/20 06:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysWow64\msiexec.exe – (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\wbem\WMIsvc.dll – (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wuaueng.dll – (wuauserv)
SRV:64bit: - [2010/11/20 07:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\dot3svc.dll – (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\wlansvc.dll – (Wlansvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wkssvc.dll – (LanmanWorkstation)

< %SYSTEMDRIVE%*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 – C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E – C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2011/09/05 15:02:36 | 002,196,933 | ---- | M] () MD5=ADF611E9C0517EBCCD6EBA2E8B7FB5D3 – C:\Program Files\Wireshark\services
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 – C:\Windows\winsxs\amd64_microsoft-windows-w…nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.BMP >
[2011/11/10 13:16:38 | 000,005,030 | ---- | M] () MD5=FDBB222415C2E2A4129C60B3133C2E0E – C:\ProgramData\Intuit\Quicken\Hpbiz\services.bmp
[2011/11/10 13:16:38 | 000,005,030 | ---- | M] () MD5=FDBB222415C2E2A4129C60B3133C2E0E – C:\Users\All Users\Intuit\Quicken\Hpbiz\services.bmp

< MD5 for: SERVICES.CFG >
[2012/12/18 08:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D – C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R— | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E – C:\Windows\Installer$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB – C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB – C:\Windows\winsxs\amd64_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 – C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 – C:\Windows\winsxs\amd64_microsoft-windows-s…ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.HTML >
[2008/04/16 10:29:04 | 000,004,166 | ---- | M] () MD5=DB0CABD236311DDEB186C9B8A13F39A6 – C:\Program Files (x86)\BillP Studios\WinPatrol\services.html

< MD5 for: SERVICES.JS >
[2011/06/13 14:29:02 | 000,018,691 | ---- | M] () MD5=A29A268BD513B6BC07270653DD48774C – C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\HTML\js\services.js

< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 – C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.LOG >
[2011/03/24 15:36:27 | 000,062,844 | ---- | M] () MD5=9EE7489FA9524246825454F7B546B69B – C:\ProgramData\HP\Installer\Temp\services.log
[2011/03/24 15:36:27 | 000,062,844 | ---- | M] () MD5=9EE7489FA9524246825454F7B546B69B – C:\Users\All Users\HP\Installer\Temp\services.log

< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 – C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 – C:\Windows\winsxs\amd64_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysNative\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysWOW64\services.msc
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\amd64_microsoft-windows-s…cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\x86_microsoft-windows-s…cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 – C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 – C:\Windows\winsxs\amd64_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 – C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 – C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D – C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D – C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 – C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 – C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 – C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE – C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 – C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 – C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 – C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 – C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A – C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE – C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A – C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 223 bytes → C:\ProgramData\TEMP:3440EB47
@Alternate Data Stream - 194 bytes → C:\ProgramData\TEMP:01C66DD9
@Alternate Data Stream - 186 bytes → C:\ProgramData\TEMP:FD9CE1F3
@Alternate Data Stream - 178 bytes → C:\ProgramData\TEMP:527B6DAD
@Alternate Data Stream - 141 bytes → C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 133 bytes → C:\ProgramData\TEMP:0888F409

< End of report >

OTL Extras logfile created on: 07/05/2013 7:57:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bunnb1\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.99 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 69.91% Memory free
15.98 Gb Paging File | 13.29 Gb Available in Paging File | 83.15% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107.03 Gb Total Space | 21.23 Gb Free Space | 19.84% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 75.76 Gb Free Space | 12.71% Space Free | Partition Type: NTFS
Drive E: | 931.50 Gb Total Space | 216.83 Gb Free Space | 23.28% Space Free | Partition Type: NTFS
Drive K: | 100.00 Mb Total Space | 70.11 Mb Free Space | 70.12% Space Free | Partition Type: NTFS

Computer Name: BUNNB1-I5 | User Name: bunnb1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]
.html[@ = htmlfile] – C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] – C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]
.cpl [@ = cplfile] – C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] – C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes<key>\shell[command]\command]
batfile [open] – “%1” %*
cmdfile [open] – “%1” %*
comfile [open] – “%1” %*
exefile [open] – “%1” %*
helpfile [open] – Reg Error: Key error.
htmlfile [edit] – Reg Error: Key error.
htmlfile [open] – “C:\Program Files\Internet Explorer\iexplore.exe” %1 (Microsoft Corporation)
htmlfile [opennew] – “C:\Program Files\Internet Explorer\iexplore.exe” %1 (Microsoft Corporation)
htmlfile [print] – Reg Error: Key error.
http [open] – “C:\Program Files\Internet Explorer\iexplore.exe” %1 (Microsoft Corporation)
https [open] – “C:\Program Files\Internet Explorer\iexplore.exe” %1 (Microsoft Corporation)
inffile [install] – %SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation)
InternetShortcut [open] – “C:\Windows\System32\rundll32.exe” “C:\Windows\System32\ieframe.dll”,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] – “C:\Windows\System32\rundll32.exe” “C:\Windows\System32\mshtml.dll”,PrintHTML “%1” (Microsoft Corporation)
piffile [open] – “%1” %*
regfile [merge] – Reg Error: Key error.
scrfile [config] – “%1”
scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] – Reg Error: Key error.
Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] – cmd.exe /s /k pushd “%V” (Microsoft Corporation)
Directory [Digital Photo Professional] – C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path “%1” (CANON INC.)
Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] – Reg Error: Value error.
Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] – “C:\Program Files\Internet Explorer\iexplore.exe” %1 (Microsoft Corporation)
CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] – “C:\Program Files\Internet Explorer\iexplore.exe” (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<key>\shell[command]\command]
batfile [open] – “%1” %*
cmdfile [open] – “%1” %*
comfile [open] – “%1” %*
cplfile [cplopen] – %SystemRoot%\System32\control.exe “%1”,%* (Microsoft Corporation)
exefile [open] – “%1” %*
helpfile [open] – Reg Error: Key error.
htmlfile [edit] – Reg Error: Key error.
htmlfile [open] – “C:\Program Files\Internet Explorer\iexplore.exe” %1 (Microsoft Corporation)
htmlfile [opennew] – “C:\Program Files\Internet Explorer\iexplore.exe” %1 (Microsoft Corporation)
htmlfile [print] – Reg Error: Key error.
http [open] – “C:\Program Files\Internet Explorer\iexplore.exe” %1 (Microsoft Corporation)
https [open] – “C:\Program Files\Internet Explorer\iexplore.exe” %1 (Microsoft Corporation)
inffile [install] – %SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation)
piffile [open] – “%1” %*
regfile [merge] – Reg Error: Key error.
scrfile [config] – “%1”
scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] – Reg Error: Key error.
Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] – cmd.exe /s /k pushd “%V” (Microsoft Corporation)
Directory [Digital Photo Professional] – C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path “%1” (CANON INC.)
Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] – Reg Error: Value error.
Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] – “C:\Program Files\Internet Explorer\iexplore.exe” %1 (Microsoft Corporation)
CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] – Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“cval” = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
“VistaSp1” = 28 4D B2 76 41 04 CA 01 [binary data]
“AntiVirusOverride” = 0
“AntiSpywareOverride” = 0
“FirewallOverride” = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“DisableNotifications” = 0
“EnableFirewall” = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“DisableNotifications” = 0
“EnableFirewall” = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
“DisableNotifications” = 0
“EnableFirewall” = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
“C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe” = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe::Enabled:Logitech Harmony Remote Software 7 – ()
“C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe” = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:
:Enabled:Logitech Harmony Remote Software 7 – ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe” = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe::Enabled:Logitech Harmony Remote Software 7 – ()
“C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe” = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:
:Enabled:Logitech Harmony Remote Software 7 – ()