Solved Multiple MS explorer.exe problems!

[Resolved] Multiple MS explorer.exe problems!

I was asked to run some diagnostic tools to see if I can provide more info on my computer issues. You can see the full description of my problem in your forum page:
http://www.windowsbbs.com/windows-7/102410-i-need-help-ms-explorer-exe-problems.html

I've done the best I can here are the results in the order asked:
-----
Malwarebytes (MBAM)

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.17.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
john :: ROCCO-WIN7-X64 [administrator]

Protection: Enabled

4/17/2012 8:30:27 PM
mbam-log-2012-04-17 (20-30-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223968
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
===============================
GMER

I ran it twice & it produced no report or results of errors. gmer.log file was blank.
===============================

MBRCheck

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-18 03:38:36
-----------------------------
03:38:36.961 OS Version: Windows x64 6.1.7601 Service Pack 1
03:38:36.961 Number of processors: 2 586 0x170A
03:38:36.962 ComputerName: ROCCO-WIN7-X64 UserName: john
03:38:37.501 Initialze error C000010E - driver not loaded
03:38:37.687 AVAST engine defs: 12041701
03:38:46.012 Service scanning
03:39:26.764 Modules scanning
03:39:26.764 Disk 0 trace - called modules:
03:39:26.765
03:39:27.257 AVAST engine scan C:\Windows
03:39:29.925 AVAST engine scan C:\Windows\system32
03:42:42.880 AVAST engine scan C:\Windows\system32\drivers
03:42:56.177 AVAST engine scan C:\Users\john.IBC1
03:56:41.113 AVAST engine scan C:\ProgramData
04:00:33.975 Scan finished successfully
10:12:34.022 The log file has been saved successfully to "C:\Users\john.IBC1\Desktop\aswMBR.txt "

================================
DDS(2 logs)

I ran it 3 times & it seemed to be progressing. The (#) progress bar was moving. The bar always stopped at the same point & never produced a log or opened a window like I was expecting.
=======================================

A friend told me he doesn't think it has anything to do with malware or viruses he thinks its probably a memory or hard drive problem. He didn't know what I can do to try & determine if its a hardware issue. I did the Memory Diagnostic tool test & it didn't find anything.

 

Hi Broni! I did what you asked. I ran aswMBR again. Actually twice. It never seems to want to launch the 1st time. I have the log below:
==================
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-19 02:23:14
-----------------------------
02:23:14.952 OS Version: Windows x64 6.1.7601 Service Pack 1
02:23:14.953 Number of processors: 2 586 0x170A
02:23:14.954 ComputerName: ROCCO-WIN7-X64 UserName: john
02:23:15.848 Initialze error C000010E - driver not loaded
02:23:15.984 AVAST engine defs: 12041802
02:23:20.070 Service scanning
02:24:01.789 Modules scanning
02:24:01.789 Disk 0 trace - called modules:
02:24:01.790
02:24:02.317 AVAST engine scan C:\Windows
02:24:04.929 AVAST engine scan C:\Windows\system32
02:27:22.360 AVAST engine scan C:\Windows\system32\drivers
02:27:35.703 AVAST engine scan C:\Users\john.IBC1
02:42:38.682 AVAST engine scan C:\ProgramData
02:44:50.583 Scan finished successfully
03:01:19.982 The log file has been saved successfully to "C:\Users\john.IBC1\Desktop\aswMBR#3.txt "
================
As you can see it started at 2:23am & finished 2:44am. I didn't see the process light running anymore but I left it alone. At 3:01am nothing had changes so I saved the log. I'll runn it again before bed & leave it alone for hours to see if it makes a difference.
======================
Here is the log for the Bootkit remover:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000021`04a83200

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

=======================
Does that mean I have a rootkit virus!!! The 2 lines that are highlighted were highlighted in the program log. Top was red. The bottom was gold. I don't know if that means anything.
Let me know what else I can do. Thanks!

 

After reading about rootkits I decided to run MBRCheck. Here is what it found:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5738
Logical Drives Mask: 0x0000023c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000021`04a83200 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000002`ee102000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
Press ENTER to exit...

 

I did the aswMBR scan again & left it alone for hours.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-19 03:52:18
-----------------------------
03:52:18.545 OS Version: Windows x64 6.1.7601 Service Pack 1
03:52:18.545 Number of processors: 2 586 0x170A
03:52:18.545 ComputerName: ROCCO-WIN7-X64 UserName: john
03:52:19.887 Initialze error C000010E - driver not loaded
03:52:20.027 AVAST engine defs: 12041802
03:52:33.989 Service scanning
03:53:08.123 Modules scanning
03:53:08.123 Disk 0 trace - called modules:
03:53:08.123
03:53:09.044 AVAST engine scan C:\Windows
03:53:11.727 AVAST engine scan C:\Windows\system32
03:56:26.417 AVAST engine scan C:\Windows\system32\drivers
03:56:40.192 AVAST engine scan C:\Users\john.IBC1
04:13:30.350 AVAST engine scan C:\ProgramData
04:15:55.726 Scan finished successfully
10:21:50.181 The log file has been saved successfully to "C:\Users\john.IBC1\Desktop\Fix Programs\Logs\aswMBR#4.txt "
----------------------
As you can see I started it at 3:52 am & it finished 4:15am. I left it alone until recently at 10:21am. I hope this is helpful.
-So if I have a Rootkit virus what's the best way to kill it?

 

I ran TDDSSkiller & it found no threats. I tried to post the report to this thread but the system says its too long. "133209 characters" too large. Would you like me to cut it into 2-3 parts & post?

 

ListParts by Farbar Version: 12-03-2012 03
Ran by john (administrator) on 19-04-2012 at 17:27:52
Windows 7 (X64)
Running From: C:\Users\john.IBC1\Desktop\Fix Programs
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 46%
Total physical RAM: 4024.93 MB
Available physical RAM: 2149.98 MB
Total Pagefile: 12072.97 MB
Available Pagefile: 10114.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:100.81 GB) (Free:11.39 GB) NTFS
2 Drive d: (ACER) (Fixed) (Total:120.35 GB) (Free:37.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive j: () (Removable) (Total:14.96 GB) (Free:14.95 GB) FAT32
6 Drive q: (Accounting) (Network) (Total:403.8 GB) (Free:377.95 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 1024 KB
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 11 GB 1024 KB
Partition 2 Primary 120 GB 11 GB
Partition 3 Primary 100 GB 132 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 PQSERVICE FAT32 Partition 11 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D ACER NTFS Partition 120 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 100 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4096 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 J FAT32 Removable 14 GB Healthy

======================================================================================================

****** End Of Log ******

 

I don't know if I'm doing something wrong but when I ran FixTDSS.exe no scan or process that I could tell was running. I ran it twice to be sure.
(btw:I'm running Win7 Pro x64)

I double click on the program. It launches a window TDSS Fix Tool EULA. Its a license window. I click accept. I see TDSS Fix tool 2.1.3 "This tool will scan & remove TDSS from your system. Once you click proceed your system will be prepared for Restart. After the restart, this toll will be launched automatically to display the results... "
My Laptop restarts. It restarts to the point I see my Desktop Icons. Then a window pops up asking me if I want to allow the scan to run, I accept. A few moments later I get the results. I never see a program running a scan or anything. The window closes & a few moments later I get the result window say..
----------------
Suspicious use of kernel callback but MBR appears in tact. Repair not done.
No infection were found
----------------

 

ComboFix 12-04-19.02 - john 04/19/2012 20:56:18.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4025.2772 [GMT -4:00]
Running from: c:\downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\users\john.IBC1\AppData\Roaming\Mozilla\Firefox\Profiles\k4bd1r1m.default\searchplugins\bing-zugo.xml
c:\windows\ST6UNST.000
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\Nagasoft
c:\windows\SysWow64\Nagasoft\Codecs\asyncflt.ax
c:\windows\SysWow64\Nagasoft\Codecs\atrc.dll
c:\windows\SysWow64\Nagasoft\Codecs\cook.dll
c:\windows\SysWow64\Nagasoft\Codecs\drvc.dll
c:\windows\SysWow64\Nagasoft\Codecs\raac.dll
c:\windows\SysWow64\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\SysWow64\Nagasoft\Codecs\WMFDemux.dll
c:\windows\SysWow64\Nagasoft\GifShower.dll
c:\windows\SysWow64\Nagasoft\vjocx.dll
c:\windows\UA000106.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 01:05 . 2012-04-20 01:05 -------- d-----w- c:\users\JOHN~1~IBC\AppData\Local\temp
2012-04-20 01:05 . 2012-04-20 01:05 -------- d-----w- c:\users\John\AppData\Local\temp
2012-04-20 01:05 . 2012-04-20 01:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-19 16:05 . 2010-11-20 13:26 381440 ----a-w- c:\windows\system32\mfds.dll.bak
2012-04-19 14:59 . 2012-04-19 16:06 -------- d-----w- c:\users\john.IBC1\AppData\Roaming\Win7codecs
2012-04-19 14:59 . 2012-04-19 14:59 -------- d-----w- c:\program files (x86)\Win7codecs
2012-04-19 06:53 . 2012-04-19 16:06 -------- d-----w- c:\programdata\Win7codecs
2012-04-18 00:03 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6F66C72-1C9C-4BAA-B745-8CCA20C6AA42}\mpengine.dll
2012-04-17 06:21 . 2012-04-17 06:34 3602521 ----a-w- C:\regdll.bat
2012-04-12 23:08 . 2012-04-12 23:08 -------- d-----w- c:\users\john.IBC1\AppData\Local\ElevatedDiagnostics
2012-04-12 22:57 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 22:57 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 22:57 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 22:50 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 22:50 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 22:50 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 22:50 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 22:50 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 22:50 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 22:50 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 16:32 . 2012-04-09 16:32 -------- d-----w- c:\programdata\Freemake
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 13:39 . 2012-04-03 13:39 -------- d-----w- c:\program files\iPod
2012-04-03 13:39 . 2012-04-03 13:40 -------- d-----w- c:\program files\iTunes
2012-04-03 13:39 . 2012-04-03 13:39 -------- d-----w- c:\program files (x86)\iTunes
2012-03-30 17:42 . 2012-03-30 17:42 -------- d-----w- c:\users\john.IBC1\AppData\Roaming\FastStone
2012-03-30 17:40 . 2012-03-30 17:40 -------- d-----w- c:\program files (x86)\FastStone Image Viewer
2012-03-30 04:27 . 2012-04-14 17:27 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 03:40 . 2012-04-14 17:27 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-22 23:00 . 2012-03-22 23:00 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2012-03-21 13:44 . 2012-03-21 13:44 -------- d-----w- c:\users\john.IBC1\AppData\Roaming\SUPERAntiSpyware.com
2012-03-21 08:21 . 2012-03-21 08:21 -------- d-----w- c:\users\john.IBC1\AppData\Roaming\Malwarebytes
2012-03-21 08:21 . 2012-03-21 08:21 -------- d-----w- c:\programdata\Malwarebytes
2012-03-21 08:21 . 2012-04-18 00:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-21 08:21 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 17:27 . 2011-05-17 16:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-15 11:40 . 2012-03-15 11:40 4826112 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-03-05 21:06 . 2010-04-19 14:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 14:18 . 2010-01-26 16:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 18:02 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 18:02 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 18:02 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 18:02 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:00 . 2012-02-15 15:00 1287168 ----a-w- c:\windows\SysWow64\VSFilter.dll
2012-02-10 06:36 . 2012-03-14 18:01 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 18:01 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 18:01 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 19:21 . 2012-01-25 19:21 913920 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-01-25 06:38 . 2012-03-13 18:02 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 18:02 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 18:02 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier "= "c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"LManager "= "c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157640]
"Google Desktop Search "= "c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-01 30192]
"APSDaemon "= "c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"EnableLinkedConnections "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
R2 ASTUSB2;POLYMATH Astar2200 series USB2.0 Driver (Ast2200u.sys);c:\windows\system32\Drivers\AST2200u.sys [2011-04-20 67624]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-01 30192]
R3 HitachiBackupService;Hitachi Backup Service;c:\program files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe [2011-01-06 56832]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]
R3 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-15 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-07-30 402432]
R4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-07-30 1048576]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys [x]
S1 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-03-24 117256]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
S3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif "= "c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"itype "= "c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"PLFSetI "= "c:\windows\PLFSetI.exe" [2010-02-05 200704]
"combofix "= "c:\combofix\CF5147.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs "=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={090EAFFA-CB63-4399-AE9C-8104093AF1B8}&mid=54135626aa8147d08d85d15650732158-8d9fe92e443fd0b1251281228e6ffc2f6e655618&lang=en&ds=is015&pr=sa&d=2012-03-22 20:56&v=10.2.0.3&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.15.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files (x86)\Intuit\QuickBooks Enterprise Solutions 10.0\HelpAsyncPluggableProtocol.dll
DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} - hxxp://ibcoffice.dnsalias.net:81/AVC_AX_742.cab
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://bygollys.dnsalias.net/DvrOcx.cab
FF - ProfilePath - c:\users\john.IBC1\AppData\Roaming\Mozilla\Firefox\Profiles\k4bd1r1m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1f529c22-0c82-49ab-891c-bbb5018f8118%7D&mid=54135626aa8147d08d85d15650732158-8d9fe92e443fd0b1251281228e6ffc2f6e655618&ds=is015&v=10.2.0.3&lang=en&pr=sa&d=2012-03-22%2020%3A56%3A49&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Smart Defrag 2_is1 - c:\program files (x86)\IObit\Smart Defrag 2\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3852137769-1796420447-4257946896-1148\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\T*V* ]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"Order "=hex:08,00,00,00,02,00,00,00,ce,06,00,00,01,00,00,00,09,00,00,00,7c,00,
00,00,08,00,00,00,6e,00,32,00,8a,00,00,00,3d,3f,99,96,20,00,42,59,47,4f,4c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.11 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution "= "{36eb6792-3a29-43b3-8cd0-f67d266fb426} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key "= "ActionsPane "
"Location "= "c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-04-19 21:29:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-20 01:29
.
Pre-Run: 12,084,269,056 bytes free
Post-Run: 13,500,739,584 bytes free
.
- - End Of File - - 0A98BD1855CE40D66C0EDF343C01D3A7

 

I do not notice any change after running ComboFix. The laptop still has all the same issues. It never shuts down cleanly. I always have to hold the power button down to turn it off soIi can reboot. I unplugged everything except the power cable. I rebooted 3 time. This is crazy, it seems like after a reboot it might have all the icons at the bottom right. It boots up super fast (under 3 mins). I can click on empty space & the window comes up without any issue. I still get an explorer.exe error if I double click personalize. All the annoying problems seem to still all be there however. I then restart. Of course I have to hold the power down to shut it down. It reboots & this time the process takes longer. When the desktop appears I'm missing Icons on the bottom right corner. I click on the empty desktop space & it caused explorer.exe to crash. It restarts but it's worthless I can not launch most of the programs. I'm forced to reboot. Upon the next reboot I tend to get the Good Reboot like I described before.
Other notes:
-When I go to all Programs & double click Windows Update it asks like its going to launch but it very does.
-What does the yellow circle in the wifi signal meter icon mean? Here at home I always have it. But when I travel to different places i sometime see the circle & sometimes I don't. Just thought I'd ask.

I ran the OTL & will post the logs next. I have not rebooted since I ran the OTL scan.

 

OTL is too big for 1 post. I'm cutting in 2 parts
==============================================
OTL logfile created on: 4/19/2012 11:08:32 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\john.IBC1\Desktop\Fix Programs
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 72.02% Memory free
11.79 Gb Paging File | 10.62 Gb Available in Paging File | 90.08% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.81 Gb Total Space | 12.69 Gb Free Space | 12.59% Space Free | Partition Type: NTFS
Drive D: | 120.35 Gb Total Space | 41.96 Gb Free Space | 34.86% Space Free | Partition Type: NTFS
Drive J: | 14.96 Gb Total Space | 14.95 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Computer Name: ROCCO-WIN7-X64 | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 22:40:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\john.IBC1\Desktop\Fix Programs\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/14 11:19:46 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/19 22:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2010/02/05 12:10:17 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/08/18 18:42:34 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/23 20:51:32 | 000,117,256 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/05 12:10:17 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/30 10:35:54 | 001,048,576 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2009/07/30 10:16:40 | 000,402,432 | ---- | M] (Red Bend Ltd.) [Disabled | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/27 19:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/04/14 13:27:08 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/14 11:19:46 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/14 23:12:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/19 22:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 22:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/01/06 12:13:00 | 000,056,832 | ---- | M] (Hitachi GST) [On_Demand | Stopped] -- C:\Program Files (x86)\Hitachi\Hitachi Backup\HitachiBackupService.exe -- (HitachiBackupService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/03/23 20:51:32 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/09/07 22:09:04 | 000,142,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt58.sys -- (vidsflt58) Acronis Disk Storage Filter (58)
DRV:64bit: - [2011/09/07 22:08:54 | 000,132,704 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/09 20:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2011/04/20 13:51:58 | 000,067,624 | ---- | M] (PEFIS Co.,Ltd) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\AST2200u.sys -- (ASTUSB2) POLYMATH Astar2200 series USB2.0 Driver (Ast2200u.sys)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/14 10:53:42 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/15 04:42:12 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/09/15 04:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/08/31 12:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/07/28 10:19:28 | 000,067,584 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2010/07/28 10:19:28 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2010/03/15 08:45:28 | 000,145,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/10/22 15:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/10/22 15:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/30 10:05:36 | 000,070,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum) Intel(R)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/06/10 16:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/06 18:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/12/02 15:01:42 | 000,068,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
DRV - [2010/09/15 04:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/10/11 03:00:00 | 000,012,928 | ---- | M] (Philips Semiconductors) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Ast2200u.SYS -- (ASTUSB2) POLYMATH Astar2200 series USB2.0 Driver (Ast2200u.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{44475ACF-AC79-4352-B49B-5C569BA1927D}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}: "URL" = http://www.live.com/?q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={090EAFFA-CB63-4399-AE9C-8104093AF1B8}&mid=54135626aa8147d08d85d15650732158-8d9fe92e443fd0b1251281228e6ffc2f6e655618&lang=en&ds=is015&pr=sa&d=2012-03-22 20:56:49&v=10.2.0.3&sap=hp
IE - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 63 9E 77 98 5E CB 01 [binary data]
IE - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\..\SearchScopes\{51FD6F31-C0A7-440B-FB7E-82A5FFE11EEA}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z017&form=ZGAIDF
IE - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=mvMOzvA9CykSl2gGpSORYje3sZ4?q={searchTerms}
IE - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={090EAFFA-CB63-4399-AE9C-8104093AF1B8}&mid=54135626aa8147d08d85d15650732158-8d9fe92e443fd0b1251281228e6ffc2f6e655618&lang=en&ds=is015&pr=sa&d=2012-03-22 20:56:49&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\..\SearchScopes\{C86609C6-D809-43CD-B6BA-B6C05C2C92E4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ANT&o=102821&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=4N&apn_dtid=YYYYYYYYUS&apn_uid=3ba874f7-26f6-4801-a03d-e5d22cc50425&apn_sauid=E0C4DC07-DF99-487D-8C3A-A719281EC4FA
IE - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com "
FF - prefs.js..browser.search.defaultenginename: "Ask.com "
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q= "
FF - prefs.js..browser.search.order.1: "Ask.com "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.myway.com/ "
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:1.1.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.19
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.98.20110322
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:4.0.0
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B1f529c22-0c82-49ab-891c-bbb5018f8118%7D&mid=54135626aa8147d08d85d15650732158-8d9fe92e443fd0b1251281228e6ffc2f6e655618&ds=is015&v=10.2.0.3&lang=en&pr=sa&d=2012-03-22%2020%3A56%3A49&sap=ku&q= "
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.16: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.16: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/04/09 12:32:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/18 18:36:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 15:24:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/15 10:55:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/04/12 15:24:44 | 000,000,000 | ---D | M]

[2010/02/09 12:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john.IBC1\AppData\Roaming\mozilla\Extensions
[2010/02/09 12:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john.IBC1\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/19 12:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john.IBC1\AppData\Roaming\mozilla\Firefox\Profiles\k4bd1r1m.default\extensions
[2011/12/09 11:00:01 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\john.IBC1\AppData\Roaming\mozilla\Firefox\Profiles\k4bd1r1m.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/02/13 13:12:08 | 000,000,000 | ---D | M] (References.TV Community Toolbar) -- C:\Users\john.IBC1\AppData\Roaming\mozilla\Firefox\Profiles\k4bd1r1m.default\extensions\{4b897551-0a2b-4159-99e7-3cd721caec78}
[2012/03/30 09:56:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\john.IBC1\AppData\Roaming\mozilla\Firefox\Profiles\k4bd1r1m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/01 22:01:30 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\john.IBC1\AppData\Roaming\mozilla\Firefox\Profiles\k4bd1r1m.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/04/12 11:25:08 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\john.IBC1\AppData\Roaming\mozilla\Firefox\Profiles\k4bd1r1m.default\extensions\engine@conduit.com
[2010/02/06 23:32:02 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\john.IBC1\AppData\Roaming\mozilla\Firefox\Profiles\k4bd1r1m.default\extensions\firefox@tvunetworks.com
[2012/01/03 11:17:38 | 000,000,000 | ---D | M] ( "Xmarks ") -- C:\Users\john.IBC1\AppData\Roaming\mozilla\Firefox\Profiles\k4bd1r1m.default\extensions\foxmarks@kei.com
[2011/03/22 20:34:34 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\john.IBC1\AppData\Roaming\mozilla\Firefox\Profiles\k4bd1r1m.default\extensions\ietab@ip.cn
[2011/03/19 14:40:55 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\john.IBC1\AppData\Roaming\mozilla\Firefox\Profiles\k4bd1r1m.default\extensions\searchtoolbar@zugo.com
[2010/09/18 22:56:05 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\john.IBC1\AppData\Roaming\mozilla\Firefox\Profiles\k4bd1r1m.default\extensions\vshareus@toolbar
[2012/04/19 11:01:02 | 000,002,325 | ---- | M] () -- C:\Users\john.IBC1\AppData\Roaming\Mozilla\Firefox\Profiles\k4bd1r1m.default\searchplugins\askcom.xml
[2010/03/04 11:46:16 | 000,001,819 | ---- | M] () -- C:\Users\john.IBC1\AppData\Roaming\Mozilla\Firefox\Profiles\k4bd1r1m.default\searchplugins\bing.xml
[2012/03/18 18:37:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/17 09:38:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\JOHN.IBC1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K4BD1R1M.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\JOHN.IBC1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K4BD1R1M.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JOHN.IBC1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K4BD1R1M.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
[2012/03/18 18:36:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/05 17:06:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/22 20:56:44 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/03 13:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 10:33:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/19 21:23:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {1BD0BEFE-F697-4eee-B7E1-76B849A5CB84} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Reg Error: Value error.) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3852137769-1796420447-4257946896-1148\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} http://ibcoffice.dnsalias.net:81/AVC_AX_742.cab (AMCCtrl Class)
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} http://bygollys.dnsalias.net/DvrOcx.cab (DvrOcx Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ibc1.ibcbiometrics.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{265498E7-17C5-4F32-BAF0-8F51578684E7}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{396ABDBE-4640-4B82-B353-20177B32E9B6}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 10.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/07 19:56:20 | 000,000,000 | RHSD | M] - J:\AUTORUN -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.aacacm - AACACM.acm (fccHandler)
Drivers32:64bit: msacm.ac3acm - ac3acm.acm (fccHandler)
Drivers32:64bit: msacm.ac3filter - ac3filter.acm ()
Drivers32:64bit: msacm.avis - ff_acm.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.l3pacm - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32:64bit: vidc.x264 - x264vfw.dll ()
Drivers32: msacm.aacacm - C:\Windows\SysWow64\AACACM.acm (fccHandler)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3pacm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 21:30:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/19 21:30:05 | 000,000,000 | ---D | C] -- C:\Users\john.IBC1\AppData\Local\temp
[2012/04/19 21:23:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/04/19 20:44:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/19 20:44:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/19 20:44:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/19 20:43:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/19 20:43:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/19 20:43:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/19 11:03:36 | 000,000,000 | ---D | C] -- C:\Users\john.IBC1\AppData\Roaming\Shark007
[2012/04/19 11:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Shark007
[2012/04/19 11:03:31 | 001,575,936 | ---- | C] (MPC-HC Team) -- C:\Windows\SysNative\VSFilter.dll
[2012/04/19 11:03:31 | 000,360,960 | ---- | C] (fccHandler) -- C:\Windows\SysNative\aacacm.acm
[2012/04/19 11:03:31 | 000,180,224 | ---- | C] (fccHandler) -- C:\Windows\SysNative\ac3acm.acm
[2012/04/19 11:03:31 | 000,124,909 | ---- | C] (Open Source Software community project) -- C:\Windows\SysNative\pthreadGC2.dll
[2012/04/19 11:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\Shark007
[2012/04/19 10:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
[2012/04/19 10:59:24 | 000,000,000 | ---D | C] -- C:\Users\john.IBC1\AppData\Roaming\Win7codecs
[2012/04/19 10:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Win7codecs
[2012/04/19 02:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Win7codecs
[2012/04/12 19:08:08 | 000,000,000 | ---D | C] -- C:\Users\john.IBC1\AppData\Local\ElevatedDiagnostics
[2012/04/09 12:32:32 | 000,000,000 | ---D | C] -- C:\Users\john.IBC1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/04/09 12:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012/04/06 15:56:58 | 000,000,000 | ---D | C] -- C:\Users\john.IBC1\AppData\Local\{1986FC31-91F6-4D2F-9832-10EF87B4AD42}
[2012/04/06 15:55:33 | 000,000,000 | ---D | C] -- C:\Users\john.IBC1\Desktop\Lutefisk
[2012/04/06 15:55:06 | 000,000,000 | ---D | C] -- C:\Users\john.IBC1\Desktop\Convert US Mortise to 1Touch Install Vids
[2012/04/03 09:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/03 09:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/03 09:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/03 09:39:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/30 13:44:23 | 000,000,000 | ---D | C] -- C:\Users\john.IBC1\Desktop\converted
[2012/03/30 13:42:13 | 000,000,000 | ---D | C] -- C:\Users\john.IBC1\AppData\Roaming\FastStone
[2012/03/30 13:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
[2012/03/30 13:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Image Viewer
[2012/03/21 09:44:38 | 000,000,000 | ---D | C] -- C:\Users\john.IBC1\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/21 09:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/21 04:21:49 | 000,000,000 | ---D | C] -- C:\Users\john.IBC1\AppData\Roaming\Malwarebytes
[2012/03/21 04:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/21 04:21:32 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/21 04:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2012/04/19 23:06:01 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 23:06:01 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 22:58:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/19 22:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/19 21:23:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/19 20:39:24 | 000,000,936 | ---- | M] () -- C:\Users\john.IBC1\Desktop\ComboFix - Shortcut.lnk
[2012/04/18 19:26:30 | 025,438,859 | ---- | M] () -- C:\Users\john.IBC1\Desktop\Battery pack issue on 2012 XL_1.mp4
[2012/04/17 22:14:58 | 639,913,196 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/17 20:07:36 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/17 02:34:04 | 003,602,521 | ---- | M] () -- C:\regdll.bat
[2012/04/13 10:36:20 | 001,639,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/13 10:36:20 | 000,463,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/13 10:36:20 | 000,006,386 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/13 10:34:57 | 000,001,065 | ---- | M] () -- C:\Users\john.IBC1\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/09 22:35:03 | 000,006,554 | ---- | M] () -- C:\Users\john.IBC1\0
[2012/04/09 12:32:32 | 000,001,324 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2012/04/06 17:07:09 | 000,000,111 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/04 10:57:48 | 000,018,944 | ---- | M] () -- C:\Users\john.IBC1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/03 09:40:01 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/30 13:40:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2012/03/30 00:05:24 | 001,715,029 | ---- | M] () -- C:\Users\john.IBC1\Desktop\fingerprint-door-lock-trinity-788.pdf
[2012/03/22 19:04:36 | 000,092,160 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll
[2012/03/22 19:03:40 | 000,053,760 | ---- | M] () -- C:\Windows\SysNative\ff_acm.acm
[2012/03/22 19:00:40 | 000,048,128 | ---- | M] () -- C:\Windows\SysWow64\ff_acm.acm

========== Files Created - No Company Name ==========

[2012/04/19 20:44:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/19 20:44:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/19 20:44:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/19 20:44:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/19 20:44:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/19 20:39:24 | 000,000,936 | ---- | C] () -- C:\Users\john.IBC1\Desktop\ComboFix - Shortcut.lnk
[2012/04/19 11:03:31 | 004,587,008 | ---- | C] () -- C:\Windows\SysNative\x264vfw.dll
[2012/04/19 11:03:31 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2012/04/19 11:03:31 | 000,580,096 | ---- | C] () -- C:\Windows\SysNative\ac3filter.acm
[2012/04/19 11:03:31 | 000,205,824 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2012/04/19 11:03:31 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2012/04/19 11:03:31 | 000,092,160 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2012/04/19 11:03:31 | 000,053,760 | ---- | C] () -- C:\Windows\SysNative\ff_acm.acm
[2012/04/18 19:22:21 | 025,438,859 | ---- | C] () -- C:\Users\john.IBC1\Desktop\Battery pack issue on 2012 XL_1.mp4
[2012/04/17 20:07:36 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/17 02:21:56 | 003,602,521 | ---- | C] () -- C:\regdll.bat
[2012/04/09 22:35:00 | 000,006,554 | ---- | C] () -- C:\Users\john.IBC1\0
[2012/04/03 09:40:01 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/30 13:40:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2012/03/30 00:05:24 | 001,715,029 | ---- | C] () -- C:\Users\john.IBC1\Desktop\fingerprint-door-lock-trinity-788.pdf
[2012/03/29 23:40:58 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/22 19:00:40 | 000,048,128 | ---- | C] () -- C:\Windows\SysWow64\ff_acm.acm
[2012/03/15 07:40:28 | 004,826,112 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012/03/14 14:07:31 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\VPN.dll
[2012/01/09 20:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/10/17 11:57:53 | 000,161,985 | ---- | C] () -- C:\Users\john.IBC1\AppData\Local\census.cache
[2011/10/17 11:57:47 | 000,132,169 | ---- | C] () -- C:\Users\john.IBC1\AppData\Local\ars.cache
[2011/10/17 11:50:42 | 000,000,036 | ---- | C] () -- C:\Users\john.IBC1\AppData\Local\housecall.guid.cache
[2011/08/19 22:26:28 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
[2011/08/19 22:26:28 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2011/08/19 22:26:28 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\Gsw32.exe.config
[2011/08/17 11:33:28 | 000,007,648 | ---- | C] () -- C:\Users\john.IBC1\AppData\Local\resmon.resmoncfg
[2011/05/20 01:26:53 | 000,000,241 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/05/20 01:26:53 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/05/20 01:26:11 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/05/20 01:26:11 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7340.DAT
[2011/05/20 01:21:36 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/05/20 01:21:35 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/05/20 01:21:35 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/05/20 01:21:14 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/05/20 01:21:05 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/05/20 01:18:25 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/03/24 14:42:09 | 000,038,433 | ---- | C] () -- C:\Users\john.IBC1\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/10/02 20:48:15 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/03 21:15:37 | 000,000,008 | RHS- | C] () -- C:\ProgramData\067B910D7E.sys
[2010/08/03 21:15:36 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== LOP Check ==========

[2010/01/30 18:08:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2010/02/02 13:38:26 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2011/09/07 22:11:27 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\Acronis
[2010/02/05 13:50:53 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/19 17:11:55 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\Cyberduck
[2010/04/29 18:21:17 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\DiskAid
[2011/07/18 17:39:49 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\FileZilla
[2010/10/08 03:54:29 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\FrostWire
[2010/09/17 23:47:29 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\GrabPro
[2011/03/25 03:46:47 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\HandBrake
[2010/04/06 16:50:34 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\ImgBurn
[2011/10/10 21:22:59 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\IObit
[2011/06/14 12:03:44 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\JAM Software
[2011/11/07 15:31:16 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\Kayako
[2010/03/08 19:50:40 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\MusicBrainz
[2012/04/09 19:37:18 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\Orbit
[2012/03/30 13:38:55 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\PhotoScape
[2010/09/17 23:45:18 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\ProgSense
[2010/11/04 04:30:50 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\Samsung
[2012/04/19 12:05:08 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\Shark007
[2010/04/29 22:22:49 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\StreamTorrent
[2010/07/15 18:38:28 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\SystemRequirementsLab
[2011/11/17 13:06:36 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\TeamViewer
[2010/02/09 12:13:59 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\Thunderbird
[2010/04/20 12:14:21 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\Trillian
[2011/07/15 13:17:20 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\Ulead Systems
[2012/03/27 10:06:30 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\uTorrent
[2012/04/19 12:06:37 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\Win7codecs
[2010/10/21 14:36:09 | 000,000,000 | ---D | M] -- C:\Users\john.IBC1\AppData\Roaming\Windows Live Writer
[2011/03/19 17:12:04 | 000,000,000 | -HSD | M] -- C:\Users\john.IBC1\AppData\Roaming\wyUpdate AU
[2012/04/17 22:30:18 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

 

duplicate

 

duplicate

 

I have no idea why that last post got sent twice I only did it once. I also seem to be in a new thread. Here is part 2 of the OTL.txt
==============================================


========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.* >
[2010/10/02 16:04:13 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2012/04/19 21:29:56 | 000,021,977 | ---- | M] () -- C:\ComboFix.txt
[2011/09/02 17:14:45 | 000,000,022 | ---- | M] () -- C:\DebugTraceAP.log
[2012/04/19 22:58:15 | 4220,440,576 | -HS- | M] () -- C:\pagefile.sys
[2010/03/01 13:01:35 | 000,001,024 | ---- | M] () -- C:\PaypalHeader.htm
[2012/04/17 02:34:04 | 003,602,521 | ---- | M] () -- C:\regdll.bat
[2012/04/19 12:16:39 | 000,002,138 | ---- | M] () -- C:\TDSSKiller.2.7.29.0_19.04.2012_12.16.36_log.txt
[2012/04/19 13:05:57 | 000,002,138 | ---- | M] () -- C:\TDSSKiller.2.7.29.0_19.04.2012_13.05.54_log.txt
[2012/04/19 13:52:26 | 000,266,506 | ---- | M] () -- C:\TDSSKiller.2.7.29.0_19.04.2012_13.34.37_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/12 10:48:28 | 000,000,221 | -HS- | M] () -- C:\Users\john.IBC1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/08/08 13:57:22 | 000,723,712 | ---- | M] (Reincubate) -- C:\Users\john.IBC1\Desktop\iPhoneBackupExtractor.exe
[2009/05/19 14:33:26 | 000,315,392 | ---- | M] (Polymath) -- C:\Users\john.IBC1\Desktop\ThumblockReset.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/04/19 22:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/19 22:58:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/04/17 22:30:18 | 000,032,580 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/04/11 04:02:43 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/04/11 04:02:43 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2012/04/10 11:31:30 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2012/04/10 11:31:30 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/15 11:13:45 | 000,000,402 | -HS- | M] () -- C:\Users\john.IBC1\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/08/03 21:15:37 | 000,000,008 | RHS- | M] () -- C:\ProgramData\067B910D7E.sys
[2011/07/06 14:54:39 | 000,005,642 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/10/02 20:48:15 | 000,000,133 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/02 13:45:01 | 000,002,412 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2012/02/24 14:52:51 | 000,000,000 | ---D | M](C:\Users\john.IBC1\Favorites\TV?) -- C:\Users\john.IBC1\Favorites\TV​

< End of report >

 

EXTRA.txt
========================
OTL Extras logfile created on: 4/19/2012 11:08:34 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\john.IBC1\Desktop\Fix Programs
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 72.02% Memory free
11.79 Gb Paging File | 10.62 Gb Available in Paging File | 90.08% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.81 Gb Total Space | 12.69 Gb Free Space | 12.59% Space Free | Partition Type: NTFS
Drive D: | 120.35 Gb Total Space | 41.96 Gb Free Space | 34.86% Space Free | Partition Type: NTFS
Drive J: | 14.96 Gb Total Space | 14.95 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

Computer Name: ROCCO-WIN7-X64 | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3852137769-1796420447-4257946896-1148\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BioStar\Console\BioStar.exe" = C:\Program Files (x86)\BioStar\Console\BioStar.exe:*:Enabled:BioStar -- (Suprema)
"C:\Program Files (x86)\BioStar\Console\BioStar.exe" = C:\Program Files (x86)\BioStar\Console\BioStar.exe:*:Enabled:BioStar -- (Suprema)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\BioStar\Console\BioStar.exe" = C:\Program Files (x86)\BioStar\Console\BioStar.exe:*:Enabled:BioStar -- (Suprema)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\BioStar\Console\BioStar.exe" = C:\Program Files (x86)\BioStar\Console\BioStar.exe:*:Enabled:BioStar -- (Suprema)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{23170F69-40C1-2702-0915-000001000000}" = 7-Zip 9.15 (x64 edition)
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007D-0409-1000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
"{95140000-007F-0409-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bit
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAE224AF-B15E-448B-88FA-1839A7570CF8}" = Intel® PROSet/Wireless WiMAX Software
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"x64 Components_is1" = x64 Components v3.6.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0a45f664-3557-48b6-808d-79e58eed5153}" = Nero 9 Lite
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{243E10D8-64EA-427F-AB50-595A54CA12F3}" = QuickBooks Enterprise Solutions 12.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294EA84A-B5AA-4C41-90EF-144A2A7EAA16}" = QuickBooks
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7340
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55268C00-5CC6-4471-808A-4768A86D903E}" = ThumbLock Management (PCMU)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C8AE145-C9F7-4883-9750-7ECD2B41CCCA}" = QuickVPN Client
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9CA9F4-882C-4507-8557-5B576463A162}" = Hitachi LifeStudio 1.0.5.741 & Hitachi Backup 1.0.5.57
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84513125-0BC7-46F8-BE1E-309263B79AE2}" = Xmarks Thumbnails for IE
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BC4ED93-2FCA-4938-8FF0-F56B73E3C82D}" = BioStar 1.36 Client
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B282226A-5BCB-4458-808B-9AC7CD7DC6BE}" = BioStar VideoPhone
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C4C91E02-D4E2-481E-BCBA-7D90CC8D43E1}" = LiveZilla
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"Adobe AIR" = Adobe AIR
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dips64" = Desktop Icon Position Saver (64-bit)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FileZilla Client" = FileZilla Client 3.5.0
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.2
"Google Desktop" = Google Desktop
"Graboid Video" = Graboid Video 1.71
"HandBrake" = HandBrake 0.9.5
"ImgBurn" = ImgBurn
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{8BC4ED93-2FCA-4938-8FF0-F56B73E3C82D}" = BioStar 1.36 Client
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"LiveResponse" = Kayako Desktop
"LiveZilla" = LiveZilla
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Open record" = Open record
"OpenSSL_is1" = OpenSSL 0.9.8d
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"Smart Defrag 2_is1" = Smart Defrag 2
"SopCast" = SopCast 3.2.4
"StreamTorrent 1.0" = StreamTorrent 1.0
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.16
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/19/2012 7:42:01 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions
12.0 ": DB error -101 ErrorMessage:'Not connected to a database' from file:'.\.\src\DMSQLTransaction.cpp'
at line 175 from function:'DBMgr::SADMTransaction:BSQLCommi

Error - 4/19/2012 7:45:20 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/19/2012 7:52:52 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/19/2012 8:37:38 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/19/2012 8:54:10 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = System Restore | ID = 8193
Description =

Error - 4/19/2012 9:21:33 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/19/2012 9:39:45 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/19/2012 10:45:54 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/19/2012 10:53:55 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 4/19/2012 10:59:01 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 3/7/2010 4:29:07 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = MCUpdate | ID = 0
Description = 3:29:05 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 3/24/2010 10:28:29 AM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = MCUpdate | ID = 0
Description = 10:28:19 AM - Failed to retrieve Directory (Error: The operation has
timed out)

Error - 3/25/2010 9:49:21 AM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = MCUpdate | ID = 0
Description = 9:48:35 AM - Error connecting to the internet. 9:49:16 AM - Unable
to contact server..

Error - 4/9/2010 9:14:56 AM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = MCUpdate | ID = 0
Description = 9:14:56 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 4/21/2010 9:26:22 AM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = MCUpdate | ID = 0
Description = 9:26:16 AM - Failed to retrieve SportsV2 (Error: The operation has
timed out)

Error - 5/10/2010 3:21:43 AM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = MCUpdate | ID = 0
Description = 3:21:10 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

[ System Events ]
Error - 4/19/2012 10:56:42 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = TermService | ID = 1067
Description =

Error - 4/19/2012 10:56:52 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Service Control Manager | ID = 7024
Description = The Dritek WMI Service service terminated with service-specific error
%%0.

Error - 4/19/2012 10:58:28 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Service Control Manager | ID = 7000
Description = The POLYMATH Astar2200 series USB2.0 Driver (Ast2200u.sys) service
failed to start due to the following error: %%577

Error - 4/19/2012 10:58:32 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 4/19/2012 10:58:48 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Microsoft-Windows-Time-Service | ID = 46
Description = The time service encountered an error and was forced to shut down.
The error was: 0x80070700: An attempt was made to logon, but the network logon
service was not started.

Error - 4/19/2012 10:58:48 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error: %%1792

Error - 4/19/2012 10:58:55 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Microsoft-Windows-Time-Service | ID = 46
Description = The time service encountered an error and was forced to shut down.
The error was: 0x80070700: An attempt was made to logon, but the network logon
service was not started.

Error - 4/19/2012 10:58:55 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Service Control Manager | ID = 7023
Description = The Windows Time service terminated with the following error: %%1792

Error - 4/19/2012 10:59:40 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 4/19/2012 11:01:54 PM | Computer Name = ROCCO-WIN7-X64.ibc1.ibcbiometrics.com | Source = TermService | ID = 1067
Description =


< End of report >