Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google Redirect Virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 Treefarn

Treefarn

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 29 September 2011 - 02:44 PM

I seem to have a google redirect virus. I had previous posted here: http://www.bleepingcomputer.com/forums/topic420082.html

I was told to open another thread on this forum, so here it is.

I physically removed the entire folder for 'Rosetta Stone' as requested in the other thread. It should be noted that that folder, that download, has never been accessed on this computer. That was downloaded on a previous computer. When we got a new computer, I copied over what I thought were important personal folders onto this new computer. No one has ever touched anything in that folder on this computer. I copied over that folder to this computer about 8 months ago, but the google redirect issue started about 2 weeks ago, so I am not certain this is the cause.

As for my issue, my links on a google or yahoo search page are redirecting elsewhere. It does not affect any searches on encrypted.google.com.

My dds log is below, my attach.txt file is attached. The GMER tool did not allow me to check or uncheck any options, so I ran with the defaults (there were 5 checks: c:, services, registry, files and ADS). It did not produce a log, but said that it did not find any modifications.

I thank you in advance for your assistance.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Run by neil at 14:45:49 on 2011-09-29
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3894.1737 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\CTsvcCDA.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\neil\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orblauncher.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\OrbjetManager.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\AwesomiumProcess.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\AwesomiumProcess.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://mail.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {0ea42554-1f15-43de-8fd7-498ed2c5a5c2} - C:\Users\neil\AppData\Local\SecuritySys32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {167D9323-F7CC-48F5-948A-6F012831A69F} - No File
uRun: [Google Update] "C:\Users\neil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"
uRun: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Eye-Fi Update] C:\Users\neil\AppData\Local\Eye-Fi\Eye-FiUpdate\Eye-Fiupdt32.exe
uRun: [WindowsTrayVerifier] rundll32.exe "C:\ProgramData\WindowsTrayVerifier.dll",DllRegisterServer
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Eye-Fi Update] C:\Users\neil\AppData\Local\Eye-Fi\Eye-FiUpdate\Eye-Fiupdt32.exe
StartupFolder: C:\Users\neil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\neil\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\neil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://rwa.webex.com/client/T26L10NSP49EP30/support/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{13BF5874-5776-4FDD-AAEA-C54EDB71E252} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6d980bc7-33a9-4048-95f3-ca52f91e8268} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6d980bc7-33a9-4048-95f3-ca52f91e8268}\27564727561647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6d980bc7-33a9-4048-95f3-ca52f91e8268}\37475696E686F6D656 : DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{6d980bc7-33a9-4048-95f3-ca52f91e8268}\74E4536303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6d980bc7-33a9-4048-95f3-ca52f91e8268}\8365337583 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6d980bc7-33a9-4048-95f3-ca52f91e8268}\84F4D454 : DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{6d980bc7-33a9-4048-95f3-ca52f91e8268}\84F4D454D224443483 : DhcpNameServer = 68.87.64.150 68.87.75.198
TCP: Interfaces\{6d980bc7-33a9-4048-95f3-ca52f91e8268}\E4544574541425 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Users\neil\AppData\Local\SecuritySys32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {167D9323-F7CC-48F5-948A-6F012831A69F} - No File
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-20c577f966e441d9\NPRobloxProxy.dll
FF - plugin: C:\Users\neil\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\neil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-19 98208]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-5-3 20376]
R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-6-24 72192]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-20 1153368]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-3 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-3 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-10 174440]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2011-09-29 10:58:05 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F946BDC-9ED5-407E-AF09-8F4772CF1028}\offreg.dll
2011-09-29 01:34:08 -------- d-----w- C:\Program Files (x86)\KalemSoft
2011-09-27 10:30:23 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F946BDC-9ED5-407E-AF09-8F4772CF1028}\mpengine.dll
2011-09-23 00:59:24 90112 ----a-w- C:\Windows\SysWow64\srrstr.dll
2011-09-21 18:37:06 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-09-20 18:54:41 257024 ----a-w- C:\Users\neil\AppData\Local\SecuritySys32.dll
2011-09-19 02:02:33 -------- d-----w- C:\ProgramData\OrbNetworks
2011-09-19 02:01:55 -------- d-----w- C:\Program Files (x86)\Orb Networks
2011-09-19 00:53:32 -------- d-----w- C:\Users\neil\AppData\Roaming\Jason Robitaille
2011-09-19 00:52:56 -------- d-----w- C:\Program Files\Palm, Inc
2011-09-17 12:35:33 -------- d-----w- C:\Users\neil\Calibre Library
2011-09-17 12:35:30 -------- d-----w- C:\Users\neil\AppData\Roaming\calibre
2011-09-17 12:35:10 -------- d-----w- C:\Program Files (x86)\Calibre2
2011-09-15 21:11:41 -------- d-----w- C:\Users\neil\AppData\Local\LEGO Software
2011-09-15 21:05:25 -------- d-----w- C:\Users\neil\AppData\Local\Chromium
2011-09-15 21:05:12 -------- d-----w- C:\Program Files (x86)\LEGO Software
2011-09-15 21:03:36 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-09-15 21:03:36 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
.
==================== Find3M ====================
.
2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-27 23:59:27 415408 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:30:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 14:47:05.80 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:03 AM

Posted 04 October 2011 - 05:08 AM

Hi Treefarn!

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Treefarn

Treefarn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 04 October 2011 - 06:22 AM

One other thing to note. Recently, about the same time I deleted the 'Rosetta Stone' folder, I started getting an error when I first turn on my computer. Not sure if its releated, but the error is "There was a problem starting C:\ProgramData\WindowsTrayVerifier.dll. The specified module could not be found." When I ran the MBAM below and restarted the computer, it did NOT occur.

Here is the MBAM log. The other logs will follow:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7864

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/4/2011 7:21:16 AM
mbam-log-2011-10-04 (07-21-16).txt

Scan type: Quick scan
Objects scanned: 202409
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0EA42554-1F15-43DE-8FD7-498ED2C5A5C2} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EA42554-1F15-43DE-8FD7-498ED2C5A5C2} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EA42554-1F15-43DE-8FD7-498ED2C5A5C2} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EA42554-1F15-43DE-8FD7-498ED2C5A5C2} (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Eye-Fi Update (Trojan.SHarpro.PGen) -> Value: Eye-Fi Update -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsTrayVerifier (Trojan.SHarpro.PGen) -> Value: WindowsTrayVerifier -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\neil\local settings\application data\securitysys32.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.
c:\Users\neil\AppData\Local\securitysys32.dll (Trojan.SHarpro.Gen) -> Quarantined and deleted successfully.

Edited by Treefarn, 04 October 2011 - 06:39 AM.


#4 Treefarn

Treefarn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 04 October 2011 - 06:39 AM

OTL logfile created on: 10/4/2011 7:27:06 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\neil\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 62.30% Memory free
7.60 Gb Paging File | 6.06 Gb Available in Paging File | 79.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 198.62 Gb Free Space | 42.65% Space Free | Partition Type: NTFS
Drive Z: | 465.66 Gb Total Space | 198.62 Gb Free Space | 42.65% Space Free | Partition Type: NTFS

Computer Name: NEIL-PC | User Name: neil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/04 07:26:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\neil\Downloads\OTL.exe
PRC - [2011/09/07 22:23:00 | 000,652,248 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbjetManager.exe
PRC - [2011/09/07 22:22:56 | 001,099,736 | ---- | M] (Orb Networks) -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbLauncher.exe
PRC - [2011/09/07 22:21:50 | 000,539,648 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\neil\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/03 12:47:13 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2011/04/25 08:20:26 | 000,669,040 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/04/16 09:06:46 | 003,817,080 | ---- | M] (Eye-Fi, Inc.) -- C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
PRC - [2011/02/18 16:39:54 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2009/03/05 20:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 19:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/03/07 21:47:02 | 000,843,776 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [1999/12/13 13:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTSVCCDA.EXE


========== Modules (No Company Name) ==========

MOD - [2011/09/23 16:55:38 | 000,250,368 | ---- | M] () -- C:\ProgramData\OrbNetworks\Orbjets\downloaded\com.orbnetworks.orb.orbjets.pandorarpc\PandoraRpc.dll
MOD - [2011/09/21 12:03:49 | 000,199,680 | ---- | M] () -- C:\ProgramData\OrbNetworks\Orbjets\downloaded\com.orbnetworks.orb.orbjets.sirius\Sirius.dll
MOD - [2011/09/07 22:23:00 | 000,652,248 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbjetManager.exe
MOD - [2011/09/07 22:22:52 | 002,569,728 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\QtCore4.dll
MOD - [2011/09/07 22:22:52 | 000,306,688 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\imageformats\qtiff4.dll
MOD - [2011/09/07 22:22:52 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\imageformats\qmng4.dll
MOD - [2011/09/07 22:22:52 | 000,206,336 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\imageformats\qjpeg4.dll
MOD - [2011/09/07 22:22:52 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\imageformats\qico4.dll
MOD - [2011/09/07 22:22:52 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\imageformats\qgif4.dll
MOD - [2011/09/07 22:22:50 | 009,078,784 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\QtGui4.dll
MOD - [2011/09/07 22:22:48 | 001,090,048 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\QtNetwork4.dll
MOD - [2011/09/07 22:22:34 | 003,342,336 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\QtXmlPatterns4.dll
MOD - [2011/09/07 22:22:34 | 000,382,976 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\QtXml4.dll
MOD - [2011/09/07 22:22:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\libexpat.dll
MOD - [2011/09/07 22:22:30 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\libupnp.dll
MOD - [2011/09/07 22:22:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\boost_filesystem-vc90-mt-1_35.dll
MOD - [2011/09/07 22:22:30 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\zlib1.dll
MOD - [2011/09/07 22:22:30 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\boost_system-vc90-mt-1_35.dll
MOD - [2011/09/07 22:22:28 | 000,478,208 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\sqlite3.dll
MOD - [2011/09/07 22:22:16 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\PuckInterface.dll
MOD - [2011/09/07 22:22:12 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\Orbjets\com.orbnetworks.orb.orbjets.netflix\Netflix.dll
MOD - [2011/09/07 22:22:12 | 000,175,104 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\Orbjets\com.orbnetworks.orb.orbjets.internetradios\InternetRadios.dll
MOD - [2011/09/07 22:22:10 | 000,377,856 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\usGrabber\TVGrabber.dll
MOD - [2011/09/07 22:22:10 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\lua51.dll
MOD - [2011/09/07 22:22:10 | 000,113,152 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\lua51-lanes.dll
MOD - [2011/09/07 22:22:00 | 000,203,264 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbStats.dll
MOD - [2011/09/07 22:21:58 | 000,561,664 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbPVR.dll
MOD - [2011/09/07 22:21:58 | 000,269,824 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbRTSPServer.dll
MOD - [2011/09/07 22:21:58 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbRemoteLogger.dll
MOD - [2011/09/07 22:21:56 | 000,459,264 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\taglib.dll
MOD - [2011/09/07 22:21:54 | 001,867,776 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbMedia.dll
MOD - [2011/09/07 22:21:54 | 000,476,160 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbImageProcessing.dll
MOD - [2011/09/07 22:21:50 | 000,864,256 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbDMS.dll
MOD - [2011/09/07 22:21:50 | 000,735,232 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbAPI.dll
MOD - [2011/09/07 22:21:48 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\CabClient.dll
MOD - [2011/09/07 22:21:48 | 000,265,728 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\CabDirectory.dll
MOD - [2011/04/16 08:54:52 | 000,209,408 | ---- | M] () -- C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
MOD - [2011/04/16 08:53:28 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
MOD - [2011/03/21 17:30:06 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/17 17:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/11/17 17:16:34 | 000,324,896 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libtidy.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/03/07 21:47:02 | 000,843,776 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
MOD - [2006/10/19 13:27:06 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncRs.crl


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/24 21:16:58 | 000,072,192 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
SRV:64bit: - [2010/06/24 19:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/18 14:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/03 12:47:13 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2011/04/25 08:20:26 | 000,669,040 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 19:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [1999/12/13 13:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/25 07:59:18 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/19 14:29:36 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/09/14 06:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/31 13:09:30 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/14 08:42:58 | 007,821,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mail.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 8D 78 1F 07 B8 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 54 25 A4 0E 15 1F DE 43 8F D7 49 8E D2 C5 A5 C2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-9d8ee47fdc21422e\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\neil\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\neil\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\neil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 05:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/27 21:57:56 | 000,000,000 | ---D | M]

[2011/01/19 14:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\neil\AppData\Roaming\Mozilla\Extensions
[2011/09/25 08:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions
[2011/09/24 12:05:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{0171facc-33a5-451a-b932-44d4eca8ebee}
[2011/09/07 16:54:19 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
[2011/09/22 16:44:52 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{232435d9-91ad-4d82-bdc4-7766cf37a668}
[2011/09/23 20:25:33 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{5bfaac70-54d0-4e87-8d19-23cede356352}
[2011/09/21 06:51:03 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{8650e9e4-c882-4431-8563-7abda00b33c5}
[2011/01/21 09:04:25 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/09/22 21:06:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{d0d80fa1-9c73-4a71-a2df-5911bd0d762d}
[2011/10/03 19:45:29 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{eb64461e-32d4-4304-a299-4d7b313b7472}
[2011/05/05 18:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/26 18:53:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/10/01 05:56:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/11/09 17:10:22 | 000,079,440 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2007/11/09 17:10:24 | 000,075,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2007/11/09 17:10:50 | 000,034,384 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\logging.dll
[2011/06/21 09:14:19 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2011/01/26 18:53:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/11/09 17:11:08 | 000,333,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2007/11/09 17:11:38 | 000,030,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2011/05/05 19:06:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/01/20 09:42:22 | 000,002,280 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\neil\AppData\Local\Google\Chrome\Application\15.0.874.58\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\neil\AppData\Local\Google\Chrome\Application\15.0.874.58\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\neil\AppData\Local\Google\Chrome\Application\15.0.874.58\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files (x86)\Roblox\Versions\version-20c577f966e441d9\\NPRobloxProxy.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\neil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\

O1 HOSTS File: ([2011/09/14 22:04:26 | 000,000,909 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {167D9323-F7CC-48F5-948A-6F012831A69F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [Eye-Fi] C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe (Eye-Fi, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\neil\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://rwa.webex.com/client/T26L10NSP49EP30/support/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13BF5874-5776-4FDD-AAEA-C54EDB71E252}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6d980bc7-33a9-4048-95f3-ca52f91e8268}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/29 14:51:31 | 000,000,000 | ---D | C] -- C:\Users\neil\Desktop\gmer
[2011/09/28 21:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KalemSoft Media Streamer
[2011/09/28 21:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KalemSoft
[2011/09/22 20:59:24 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
[2011/09/21 14:37:06 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/21 14:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/09/18 22:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/09/18 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/09/18 22:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\OrbNetworks
[2011/09/18 22:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orb Networks
[2011/09/18 22:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orb Networks
[2011/09/18 20:53:32 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\Jason Robitaille
[2011/09/18 20:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/09/18 20:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Palm, Inc
[2011/09/17 08:35:33 | 000,000,000 | ---D | C] -- C:\Users\neil\Calibre Library
[2011/09/17 08:35:30 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\calibre
[2011/09/17 08:35:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2011/09/17 08:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2011/09/15 17:11:41 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Local\LEGO Software
[2011/09/15 17:05:25 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Local\Chromium
[2011/09/15 17:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Software
[2011/09/15 17:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Software
[2011/09/15 17:03:36 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2011/09/15 05:24:06 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2011/09/08 17:57:30 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[3 C:\Users\neil\Desktop\*.tmp files -> C:\Users\neil\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/04 07:31:19 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 07:31:19 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 07:26:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-166646584-2440772593-2375907263-1000UA.job
[2011/10/04 07:24:11 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/04 07:23:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/04 07:23:42 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/03 22:47:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/03 20:04:20 | 000,729,969 | ---- | M] () -- C:\Users\neil\Desktop\NakbaNonsense.pdf
[2011/10/02 20:26:41 | 000,002,354 | ---- | M] () -- C:\Users\neil\Desktop\Google Chrome.lnk
[2011/10/01 06:26:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-166646584-2440772593-2375907263-1000Core.job
[2011/10/01 05:57:04 | 000,002,052 | ---- | M] () -- C:\Users\neil\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/29 19:51:48 | 001,001,665 | ---- | M] () -- C:\Users\neil\Desktop\Reg and Ins.jpg
[2011/09/29 14:48:01 | 000,294,216 | ---- | M] () -- C:\Users\neil\Desktop\gmer.zip
[2011/09/29 14:45:02 | 000,000,000 | ---- | M] () -- C:\Users\neil\defogger_reenable
[2011/09/28 21:34:09 | 000,001,262 | ---- | M] () -- C:\Users\Public\Desktop\KSMediaStreamer.exe.lnk
[2011/09/28 18:50:04 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/28 18:50:04 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/28 18:50:04 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/24 14:37:26 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/24 14:37:26 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/22 22:09:25 | 000,001,282 | ---- | M] () -- C:\Users\neil\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/22 22:09:25 | 000,001,258 | ---- | M] () -- C:\Users\neil\Desktop\Spybot - Search & Destroy.lnk
[2011/09/21 14:37:06 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/21 12:50:07 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/20 14:54:41 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
[2011/09/18 22:02:45 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Orb Caster.lnk
[2011/09/18 22:02:01 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Orb Mini Controller.lnk
[2011/09/18 20:53:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2011/09/17 08:35:24 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011/09/15 17:05:14 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\LEGO Universe.lnk
[2011/09/15 17:03:36 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2011/09/15 05:24:06 | 000,001,019 | ---- | M] () -- C:\Users\neil\Desktop\Handbrake.lnk
[2011/09/14 17:16:54 | 000,002,004 | -H-- | M] () -- C:\Users\neil\Documents\Default.rdp
[2011/09/11 09:09:10 | 000,002,170 | ---- | M] () -- C:\Users\neil\Application Data\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk
[2011/09/11 09:09:10 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\LEGO Digital Designer.lnk
[3 C:\Users\neil\Desktop\*.tmp files -> C:\Users\neil\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/03 20:04:20 | 000,729,969 | ---- | C] () -- C:\Users\neil\Desktop\NakbaNonsense.pdf
[2011/09/29 19:51:48 | 001,001,665 | ---- | C] () -- C:\Users\neil\Desktop\Reg and Ins.jpg
[2011/09/29 14:51:15 | 000,294,216 | ---- | C] () -- C:\Users\neil\Desktop\gmer.zip
[2011/09/29 14:45:02 | 000,000,000 | ---- | C] () -- C:\Users\neil\defogger_reenable
[2011/09/28 21:34:09 | 000,001,262 | ---- | C] () -- C:\Users\Public\Desktop\KSMediaStreamer.exe.lnk
[2011/09/24 13:07:01 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/24 13:07:01 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/18 22:02:45 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Orb Caster.lnk
[2011/09/18 22:02:01 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\Orb Mini Controller.lnk
[2011/09/18 20:53:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2011/09/17 08:35:24 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011/09/15 17:05:14 | 000,002,346 | ---- | C] () -- C:\Users\Public\Desktop\LEGO Universe.lnk
[2011/09/15 05:24:06 | 000,001,019 | ---- | C] () -- C:\Users\neil\Desktop\Handbrake.lnk
[2011/08/27 19:59:40 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2011/08/14 11:21:22 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/08/07 20:00:08 | 000,003,149 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011/06/18 12:29:47 | 000,000,026 | ---- | C] () -- C:\Windows\MINIvue.INI
[2011/06/11 16:10:48 | 000,186,460 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/02 07:25:53 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/30 20:54:10 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2011/02/15 07:00:43 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/02/15 07:00:43 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/02/15 07:00:19 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/15 07:00:19 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/02/15 06:59:29 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/02/15 06:59:29 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/02/15 06:59:29 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/01/23 11:16:11 | 000,007,630 | ---- | C] () -- C:\Users\neil\AppData\Local\Resmon.ResmonCfg
[2011/01/21 09:44:33 | 000,018,432 | ---- | C] () -- C:\Users\neil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/20 09:54:02 | 000,003,417 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Shorten Codec.dat
[2011/01/20 09:53:41 | 000,002,993 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/01/20 09:52:35 | 000,010,105 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/01/20 09:52:34 | 000,415,408 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/01/20 09:52:34 | 000,014,057 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/01/19 14:33:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/31 13:09:24 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/31 13:09:24 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/31 13:09:24 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/31 13:09:20 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/31 13:09:18 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/09/25 09:01:55 | 000,001,567 | ---- | M] () -- C:\aaw7boot.log
[2011/10/04 07:23:42 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/24 13:04:22 | 000,001,073 | ---- | M] () -- C:\mbam-log-2011-09-24 (13-03-30).txt
[2011/10/04 07:23:46 | 4083,007,488 | -HS- | M] () -- C:\pagefile.sys
[2011/09/24 12:55:00 | 000,076,994 | ---- | M] () -- C:\TDSSKiller.2.6.0.0_24.09.2011_12.53.20_log.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

---------------------------------------------------------------------------------------------------------------------------------
OTL Extras logfile created on: 10/4/2011 7:27:06 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\neil\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 62.30% Memory free
7.60 Gb Paging File | 6.06 Gb Available in Paging File | 79.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 198.62 Gb Free Space | 42.65% Space Free | Partition Type: NTFS
Drive Z: | 465.66 Gb Total Space | 198.62 Gb Free Space | 42.65% Space Free | Partition Type: NTFS

Computer Name: NEIL-PC | User Name: neil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 beta 4 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09F32959-18D6-48AD-9A71-177016CD34CF}" = Eye-Fi Helper 3.3
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{3D0ED490-BFAB-46F8-9AFB-0DAE0C90AC9E}" = calibre
"{42ACCB45-3363-47E0-94E9-F0074CC8BC56}" = Citrix Presentation Server Client
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-490CW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAF36706-E01C-40A7-9F78-7264B0C74916}" = KalemSoft Media Streamer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D9D2AD-8CDC-C248-3AA5-5DCCFE4AAB8C}" = Eye-Fi Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"8461-7759-5462-8226" = Vuze
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Shorten Codec" = dBpoweramp Shorten Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DVDFab 8_is1" = DVDFab 8.0.7.2 (26/01/2011)
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"fi.eye.center.E430518E652B889A80EC0E8A6E532C09FF36DF62.1" = Eye-Fi Center
"HandBrake" = HandBrake 0.9.5
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"New LEGO Digital Designer" = LEGO Digital Designer
"Orb" = Orb
"Orb Mini Controller" = Orb Mini Controller
"Picasa 3" = Picasa 3
"Spotify" = Spotify
"ZEN Vision:M Series Media Explorer" = ZEN Vision:M Series Media Explorer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2011 7:43:40 PM | Computer Name = neil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16839,
time stamp: 0x4e0015ef Faulting module name: SecuritySys32.dll, version: 6.1.7600.16385,
time stamp: 0x4e725057 Exception code: 0xc00000fd Fault offset: 0x00036827 Faulting
process id: 0x117c Faulting application start time: 0x01cc7e385591735a Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Users\neil\AppData\Local\SecuritySys32.dll Report Id: b0c366db-ea2b-11e0-82cd-68b599632355

Error - 9/29/2011 7:49:28 AM | Computer Name = neil-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 9/29/2011 12:57:06 PM | Computer Name = neil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16839,
time stamp: 0x4e0015ef Faulting module name: SecuritySys32.dll, version: 6.1.7600.16385,
time stamp: 0x4e725057 Exception code: 0xc00000fd Fault offset: 0x00036827 Faulting
process id: 0x1410 Faulting application start time: 0x01cc7ec81df33bd4 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Users\neil\AppData\Local\SecuritySys32.dll Report Id: 0f31dfb9-eabc-11e0-828f-68b599632355

Error - 9/29/2011 12:57:31 PM | Computer Name = neil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16839,
time stamp: 0x4e0015ef Faulting module name: SecuritySys32.dll, version: 6.1.7600.16385,
time stamp: 0x4e725057 Exception code: 0xc00000fd Fault offset: 0x00036827 Faulting
process id: 0xee8 Faulting application start time: 0x01cc7ec8d6461361 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Users\neil\AppData\Local\SecuritySys32.dll Report Id: 1e9b426e-eabc-11e0-828f-68b599632355

Error - 9/29/2011 1:00:37 PM | Computer Name = neil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16839,
time stamp: 0x4e0015ef Faulting module name: SecuritySys32.dll, version: 6.1.7600.16385,
time stamp: 0x4e725057 Exception code: 0xc00000fd Fault offset: 0x00036827 Faulting
process id: 0x1450 Faulting application start time: 0x01cc7ebb289af72b Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Users\neil\AppData\Local\SecuritySys32.dll Report Id: 8d2f754e-eabc-11e0-828f-68b599632355

Error - 9/30/2011 7:45:35 AM | Computer Name = neil-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/1/2011 7:34:47 AM | Computer Name = neil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WizardGraphicalClient.exe, version: 0.0.0.0,
time stamp: 0x4e617a06 Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7ab86 Exception code: 0xc0000005 Fault offset: 0x0002df00 Faulting
process id: 0x1ab0 Faulting application start time: 0x01cc802d5dd347e7 Faulting application
path: C:\ProgramData\KingsIsle Entertainment\Wizard101\Bin\WizardGraphicalClient.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 5d377f24-ec21-11e0-9ee3-68b599632355

Error - 10/2/2011 9:48:19 PM | Computer Name = neil-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/3/2011 8:16:55 AM | Computer Name = neil-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/3/2011 5:37:27 PM | Computer Name = neil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16839,
time stamp: 0x4e0015ef Faulting module name: SecuritySys32.dll, version: 6.1.7600.16385,
time stamp: 0x4e725057 Exception code: 0xc00000fd Fault offset: 0x00036827 Faulting
process id: 0x608 Faulting application start time: 0x01cc81c8eb706790 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Users\neil\AppData\Local\SecuritySys32.dll Report Id: e34a3468-ee07-11e0-973e-68b599632355

[ System Events ]
Error - 9/5/2011 3:09:30 AM | Computer Name = neil-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 9/8/2011 8:06:02 PM | Computer Name = neil-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 9/8/2011 8:06:33 PM | Computer Name = neil-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 9/11/2011 8:25:30 AM | Computer Name = neil-PC | Source = DCOM | ID = 10010
Description =

Error - 9/11/2011 9:50:42 PM | Computer Name = neil-PC | Source = DCOM | ID = 10010
Description =

Error - 9/14/2011 8:37:10 PM | Computer Name = neil-PC | Source = DCOM | ID = 10010
Description =

Error - 9/22/2011 12:00:41 AM | Computer Name = neil-PC | Source = DCOM | ID = 10010
Description =

Error - 9/22/2011 4:43:35 PM | Computer Name = neil-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RtVOsdService service.

Error - 10/2/2011 11:06:36 PM | Computer Name = neil-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 10/2/2011 11:13:45 PM | Computer Name = neil-PC | Source = DCOM | ID = 10010
Description =


< End of report >

#5 Treefarn

Treefarn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 04 October 2011 - 06:41 AM

OTL logfile created on: 10/4/2011 7:27:06 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\neil\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 62.30% Memory free
7.60 Gb Paging File | 6.06 Gb Available in Paging File | 79.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 198.62 Gb Free Space | 42.65% Space Free | Partition Type: NTFS
Drive Z: | 465.66 Gb Total Space | 198.62 Gb Free Space | 42.65% Space Free | Partition Type: NTFS

Computer Name: NEIL-PC | User Name: neil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/04 07:26:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\neil\Downloads\OTL.exe
PRC - [2011/09/07 22:23:00 | 000,652,248 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbjetManager.exe
PRC - [2011/09/07 22:22:56 | 001,099,736 | ---- | M] (Orb Networks) -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbLauncher.exe
PRC - [2011/09/07 22:21:50 | 000,539,648 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\neil\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/03 12:47:13 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2011/04/25 08:20:26 | 000,669,040 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/04/16 09:06:46 | 003,817,080 | ---- | M] (Eye-Fi, Inc.) -- C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
PRC - [2011/02/18 16:39:54 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2009/03/05 20:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 19:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/03/07 21:47:02 | 000,843,776 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [1999/12/13 13:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTSVCCDA.EXE


========== Modules (No Company Name) ==========

MOD - [2011/09/23 16:55:38 | 000,250,368 | ---- | M] () -- C:\ProgramData\OrbNetworks\Orbjets\downloaded\com.orbnetworks.orb.orbjets.pandorarpc\PandoraRpc.dll
MOD - [2011/09/21 12:03:49 | 000,199,680 | ---- | M] () -- C:\ProgramData\OrbNetworks\Orbjets\downloaded\com.orbnetworks.orb.orbjets.sirius\Sirius.dll
MOD - [2011/09/07 22:23:00 | 000,652,248 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbjetManager.exe
MOD - [2011/09/07 22:22:52 | 002,569,728 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\QtCore4.dll
MOD - [2011/09/07 22:22:52 | 000,306,688 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\imageformats\qtiff4.dll
MOD - [2011/09/07 22:22:52 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\imageformats\qmng4.dll
MOD - [2011/09/07 22:22:52 | 000,206,336 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\imageformats\qjpeg4.dll
MOD - [2011/09/07 22:22:52 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\imageformats\qico4.dll
MOD - [2011/09/07 22:22:52 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\imageformats\qgif4.dll
MOD - [2011/09/07 22:22:50 | 009,078,784 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\QtGui4.dll
MOD - [2011/09/07 22:22:48 | 001,090,048 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\QtNetwork4.dll
MOD - [2011/09/07 22:22:34 | 003,342,336 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\QtXmlPatterns4.dll
MOD - [2011/09/07 22:22:34 | 000,382,976 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\QtXml4.dll
MOD - [2011/09/07 22:22:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\libexpat.dll
MOD - [2011/09/07 22:22:30 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\libupnp.dll
MOD - [2011/09/07 22:22:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\boost_filesystem-vc90-mt-1_35.dll
MOD - [2011/09/07 22:22:30 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\zlib1.dll
MOD - [2011/09/07 22:22:30 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\boost_system-vc90-mt-1_35.dll
MOD - [2011/09/07 22:22:28 | 000,478,208 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\sqlite3.dll
MOD - [2011/09/07 22:22:16 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\PuckInterface.dll
MOD - [2011/09/07 22:22:12 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\Orbjets\com.orbnetworks.orb.orbjets.netflix\Netflix.dll
MOD - [2011/09/07 22:22:12 | 000,175,104 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\Orbjets\com.orbnetworks.orb.orbjets.internetradios\InternetRadios.dll
MOD - [2011/09/07 22:22:10 | 000,377,856 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\usGrabber\TVGrabber.dll
MOD - [2011/09/07 22:22:10 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\lua51.dll
MOD - [2011/09/07 22:22:10 | 000,113,152 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\lua51-lanes.dll
MOD - [2011/09/07 22:22:00 | 000,203,264 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbStats.dll
MOD - [2011/09/07 22:21:58 | 000,561,664 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbPVR.dll
MOD - [2011/09/07 22:21:58 | 000,269,824 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbRTSPServer.dll
MOD - [2011/09/07 22:21:58 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbRemoteLogger.dll
MOD - [2011/09/07 22:21:56 | 000,459,264 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\taglib.dll
MOD - [2011/09/07 22:21:54 | 001,867,776 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbMedia.dll
MOD - [2011/09/07 22:21:54 | 000,476,160 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbImageProcessing.dll
MOD - [2011/09/07 22:21:50 | 000,864,256 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbDMS.dll
MOD - [2011/09/07 22:21:50 | 000,735,232 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbAPI.dll
MOD - [2011/09/07 22:21:48 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\CabClient.dll
MOD - [2011/09/07 22:21:48 | 000,265,728 | ---- | M] () -- C:\Program Files (x86)\Orb Networks\Orb\bin\CabDirectory.dll
MOD - [2011/04/16 08:54:52 | 000,209,408 | ---- | M] () -- C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
MOD - [2011/04/16 08:53:28 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
MOD - [2011/03/21 17:30:06 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/17 17:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/11/17 17:16:34 | 000,324,896 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libtidy.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/03/07 21:47:02 | 000,843,776 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
MOD - [2006/10/19 13:27:06 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncRs.crl


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/24 21:16:58 | 000,072,192 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
SRV:64bit: - [2010/06/24 19:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/18 14:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/03 12:47:13 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2011/04/25 08:20:26 | 000,669,040 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 19:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [1999/12/13 13:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/25 07:59:18 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/19 14:29:36 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/09/14 06:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/31 13:09:30 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/14 08:42:58 | 007,821,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mail.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 8D 78 1F 07 B8 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 54 25 A4 0E 15 1F DE 43 8F D7 49 8E D2 C5 A5 C2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-9d8ee47fdc21422e\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\neil\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\neil\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\neil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/01 05:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/27 21:57:56 | 000,000,000 | ---D | M]

[2011/01/19 14:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\neil\AppData\Roaming\Mozilla\Extensions
[2011/09/25 08:48:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions
[2011/09/24 12:05:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{0171facc-33a5-451a-b932-44d4eca8ebee}
[2011/09/07 16:54:19 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
[2011/09/22 16:44:52 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{232435d9-91ad-4d82-bdc4-7766cf37a668}
[2011/09/23 20:25:33 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{5bfaac70-54d0-4e87-8d19-23cede356352}
[2011/09/21 06:51:03 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{8650e9e4-c882-4431-8563-7abda00b33c5}
[2011/01/21 09:04:25 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/09/22 21:06:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{d0d80fa1-9c73-4a71-a2df-5911bd0d762d}
[2011/10/03 19:45:29 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{eb64461e-32d4-4304-a299-4d7b313b7472}
[2011/05/05 18:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/26 18:53:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/10/01 05:56:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/11/09 17:10:22 | 000,079,440 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2007/11/09 17:10:24 | 000,075,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2007/11/09 17:10:50 | 000,034,384 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\logging.dll
[2011/06/21 09:14:19 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2011/01/26 18:53:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/11/09 17:11:08 | 000,333,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2007/11/09 17:11:38 | 000,030,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2011/05/05 19:06:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/01/20 09:42:22 | 000,002,280 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\neil\AppData\Local\Google\Chrome\Application\15.0.874.58\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\neil\AppData\Local\Google\Chrome\Application\15.0.874.58\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\neil\AppData\Local\Google\Chrome\Application\15.0.874.58\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files (x86)\Roblox\Versions\version-20c577f966e441d9\\NPRobloxProxy.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\neil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\

O1 HOSTS File: ([2011/09/14 22:04:26 | 000,000,909 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {167D9323-F7CC-48F5-948A-6F012831A69F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [Eye-Fi] C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe (Eye-Fi, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\neil\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://rwa.webex.com/client/T26L10NSP49EP30/support/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13BF5874-5776-4FDD-AAEA-C54EDB71E252}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6d980bc7-33a9-4048-95f3-ca52f91e8268}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/29 14:51:31 | 000,000,000 | ---D | C] -- C:\Users\neil\Desktop\gmer
[2011/09/28 21:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KalemSoft Media Streamer
[2011/09/28 21:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KalemSoft
[2011/09/22 20:59:24 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
[2011/09/21 14:37:06 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/21 14:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/09/18 22:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/09/18 22:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/09/18 22:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\OrbNetworks
[2011/09/18 22:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orb Networks
[2011/09/18 22:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orb Networks
[2011/09/18 20:53:32 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\Jason Robitaille
[2011/09/18 20:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/09/18 20:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Palm, Inc
[2011/09/17 08:35:33 | 000,000,000 | ---D | C] -- C:\Users\neil\Calibre Library
[2011/09/17 08:35:30 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\calibre
[2011/09/17 08:35:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2011/09/17 08:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2011/09/15 17:11:41 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Local\LEGO Software
[2011/09/15 17:05:25 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Local\Chromium
[2011/09/15 17:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Software
[2011/09/15 17:05:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LEGO Software
[2011/09/15 17:03:36 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2011/09/15 05:24:06 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2011/09/08 17:57:30 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[3 C:\Users\neil\Desktop\*.tmp files -> C:\Users\neil\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/04 07:31:19 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 07:31:19 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 07:26:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-166646584-2440772593-2375907263-1000UA.job
[2011/10/04 07:24:11 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/04 07:23:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/04 07:23:42 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/03 22:47:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/03 20:04:20 | 000,729,969 | ---- | M] () -- C:\Users\neil\Desktop\NakbaNonsense.pdf
[2011/10/02 20:26:41 | 000,002,354 | ---- | M] () -- C:\Users\neil\Desktop\Google Chrome.lnk
[2011/10/01 06:26:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-166646584-2440772593-2375907263-1000Core.job
[2011/10/01 05:57:04 | 000,002,052 | ---- | M] () -- C:\Users\neil\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/29 19:51:48 | 001,001,665 | ---- | M] () -- C:\Users\neil\Desktop\Reg and Ins.jpg
[2011/09/29 14:48:01 | 000,294,216 | ---- | M] () -- C:\Users\neil\Desktop\gmer.zip
[2011/09/29 14:45:02 | 000,000,000 | ---- | M] () -- C:\Users\neil\defogger_reenable
[2011/09/28 21:34:09 | 000,001,262 | ---- | M] () -- C:\Users\Public\Desktop\KSMediaStreamer.exe.lnk
[2011/09/28 18:50:04 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/28 18:50:04 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/28 18:50:04 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/24 14:37:26 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/24 14:37:26 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/22 22:09:25 | 000,001,282 | ---- | M] () -- C:\Users\neil\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/22 22:09:25 | 000,001,258 | ---- | M] () -- C:\Users\neil\Desktop\Spybot - Search & Destroy.lnk
[2011/09/21 14:37:06 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/09/21 12:50:07 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/20 14:54:41 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
[2011/09/18 22:02:45 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Orb Caster.lnk
[2011/09/18 22:02:01 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Orb Mini Controller.lnk
[2011/09/18 20:53:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2011/09/17 08:35:24 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011/09/15 17:05:14 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\LEGO Universe.lnk
[2011/09/15 17:03:36 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2011/09/15 05:24:06 | 000,001,019 | ---- | M] () -- C:\Users\neil\Desktop\Handbrake.lnk
[2011/09/14 17:16:54 | 000,002,004 | -H-- | M] () -- C:\Users\neil\Documents\Default.rdp
[2011/09/11 09:09:10 | 000,002,170 | ---- | M] () -- C:\Users\neil\Application Data\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk
[2011/09/11 09:09:10 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\LEGO Digital Designer.lnk
[3 C:\Users\neil\Desktop\*.tmp files -> C:\Users\neil\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/03 20:04:20 | 000,729,969 | ---- | C] () -- C:\Users\neil\Desktop\NakbaNonsense.pdf
[2011/09/29 19:51:48 | 001,001,665 | ---- | C] () -- C:\Users\neil\Desktop\Reg and Ins.jpg
[2011/09/29 14:51:15 | 000,294,216 | ---- | C] () -- C:\Users\neil\Desktop\gmer.zip
[2011/09/29 14:45:02 | 000,000,000 | ---- | C] () -- C:\Users\neil\defogger_reenable
[2011/09/28 21:34:09 | 000,001,262 | ---- | C] () -- C:\Users\Public\Desktop\KSMediaStreamer.exe.lnk
[2011/09/24 13:07:01 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/24 13:07:01 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/18 22:02:45 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Orb Caster.lnk
[2011/09/18 22:02:01 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\Orb Mini Controller.lnk
[2011/09/18 20:53:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2011/09/17 08:35:24 | 000,000,960 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011/09/15 17:05:14 | 000,002,346 | ---- | C] () -- C:\Users\Public\Desktop\LEGO Universe.lnk
[2011/09/15 05:24:06 | 000,001,019 | ---- | C] () -- C:\Users\neil\Desktop\Handbrake.lnk
[2011/08/27 19:59:40 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2011/08/14 11:21:22 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/08/07 20:00:08 | 000,003,149 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011/06/18 12:29:47 | 000,000,026 | ---- | C] () -- C:\Windows\MINIvue.INI
[2011/06/11 16:10:48 | 000,186,460 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/02 07:25:53 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/30 20:54:10 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2011/02/15 07:00:43 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/02/15 07:00:43 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/02/15 07:00:19 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/15 07:00:19 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/02/15 06:59:29 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/02/15 06:59:29 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/02/15 06:59:29 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/01/23 11:16:11 | 000,007,630 | ---- | C] () -- C:\Users\neil\AppData\Local\Resmon.ResmonCfg
[2011/01/21 09:44:33 | 000,018,432 | ---- | C] () -- C:\Users\neil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/20 09:54:02 | 000,003,417 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Shorten Codec.dat
[2011/01/20 09:53:41 | 000,002,993 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/01/20 09:52:35 | 000,010,105 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/01/20 09:52:34 | 000,415,408 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/01/20 09:52:34 | 000,014,057 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/01/19 14:33:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/31 13:09:24 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/31 13:09:24 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/31 13:09:24 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/31 13:09:20 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/31 13:09:18 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/09/25 09:01:55 | 000,001,567 | ---- | M] () -- C:\aaw7boot.log
[2011/10/04 07:23:42 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/24 13:04:22 | 000,001,073 | ---- | M] () -- C:\mbam-log-2011-09-24 (13-03-30).txt
[2011/10/04 07:23:46 | 4083,007,488 | -HS- | M] () -- C:\pagefile.sys
[2011/09/24 12:55:00 | 000,076,994 | ---- | M] () -- C:\TDSSKiller.2.6.0.0_24.09.2011_12.53.20_log.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

---------------------------------------------------------------------------------------------------------------------------------
OTL Extras logfile created on: 10/4/2011 7:27:06 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\neil\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 62.30% Memory free
7.60 Gb Paging File | 6.06 Gb Available in Paging File | 79.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 198.62 Gb Free Space | 42.65% Space Free | Partition Type: NTFS
Drive Z: | 465.66 Gb Total Space | 198.62 Gb Free Space | 42.65% Space Free | Partition Type: NTFS

Computer Name: NEIL-PC | User Name: neil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 beta 4 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09F32959-18D6-48AD-9A71-177016CD34CF}" = Eye-Fi Helper 3.3
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{3D0ED490-BFAB-46F8-9AFB-0DAE0C90AC9E}" = calibre
"{42ACCB45-3363-47E0-94E9-F0074CC8BC56}" = Citrix Presentation Server Client
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-490CW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAF36706-E01C-40A7-9F78-7264B0C74916}" = KalemSoft Media Streamer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D9D2AD-8CDC-C248-3AA5-5DCCFE4AAB8C}" = Eye-Fi Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"8461-7759-5462-8226" = Vuze
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Shorten Codec" = dBpoweramp Shorten Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DVDFab 8_is1" = DVDFab 8.0.7.2 (26/01/2011)
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"fi.eye.center.E430518E652B889A80EC0E8A6E532C09FF36DF62.1" = Eye-Fi Center
"HandBrake" = HandBrake 0.9.5
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"New LEGO Digital Designer" = LEGO Digital Designer
"Orb" = Orb
"Orb Mini Controller" = Orb Mini Controller
"Picasa 3" = Picasa 3
"Spotify" = Spotify
"ZEN Vision:M Series Media Explorer" = ZEN Vision:M Series Media Explorer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2011 7:43:40 PM | Computer Name = neil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16839,
time stamp: 0x4e0015ef Faulting module name: SecuritySys32.dll, version: 6.1.7600.16385,
time stamp: 0x4e725057 Exception code: 0xc00000fd Fault offset: 0x00036827 Faulting
process id: 0x117c Faulting application start time: 0x01cc7e385591735a Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Users\neil\AppData\Local\SecuritySys32.dll Report Id: b0c366db-ea2b-11e0-82cd-68b599632355

Error - 9/29/2011 7:49:28 AM | Computer Name = neil-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 9/29/2011 12:57:06 PM | Computer Name = neil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16839,
time stamp: 0x4e0015ef Faulting module name: SecuritySys32.dll, version: 6.1.7600.16385,
time stamp: 0x4e725057 Exception code: 0xc00000fd Fault offset: 0x00036827 Faulting
process id: 0x1410 Faulting application start time: 0x01cc7ec81df33bd4 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Users\neil\AppData\Local\SecuritySys32.dll Report Id: 0f31dfb9-eabc-11e0-828f-68b599632355

Error - 9/29/2011 12:57:31 PM | Computer Name = neil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16839,
time stamp: 0x4e0015ef Faulting module name: SecuritySys32.dll, version: 6.1.7600.16385,
time stamp: 0x4e725057 Exception code: 0xc00000fd Fault offset: 0x00036827 Faulting
process id: 0xee8 Faulting application start time: 0x01cc7ec8d6461361 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Users\neil\AppData\Local\SecuritySys32.dll Report Id: 1e9b426e-eabc-11e0-828f-68b599632355

Error - 9/29/2011 1:00:37 PM | Computer Name = neil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16839,
time stamp: 0x4e0015ef Faulting module name: SecuritySys32.dll, version: 6.1.7600.16385,
time stamp: 0x4e725057 Exception code: 0xc00000fd Fault offset: 0x00036827 Faulting
process id: 0x1450 Faulting application start time: 0x01cc7ebb289af72b Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Users\neil\AppData\Local\SecuritySys32.dll Report Id: 8d2f754e-eabc-11e0-828f-68b599632355

Error - 9/30/2011 7:45:35 AM | Computer Name = neil-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/1/2011 7:34:47 AM | Computer Name = neil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WizardGraphicalClient.exe, version: 0.0.0.0,
time stamp: 0x4e617a06 Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7ab86 Exception code: 0xc0000005 Fault offset: 0x0002df00 Faulting
process id: 0x1ab0 Faulting application start time: 0x01cc802d5dd347e7 Faulting application
path: C:\ProgramData\KingsIsle Entertainment\Wizard101\Bin\WizardGraphicalClient.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 5d377f24-ec21-11e0-9ee3-68b599632355

Error - 10/2/2011 9:48:19 PM | Computer Name = neil-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/3/2011 8:16:55 AM | Computer Name = neil-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/3/2011 5:37:27 PM | Computer Name = neil-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16839,
time stamp: 0x4e0015ef Faulting module name: SecuritySys32.dll, version: 6.1.7600.16385,
time stamp: 0x4e725057 Exception code: 0xc00000fd Fault offset: 0x00036827 Faulting
process id: 0x608 Faulting application start time: 0x01cc81c8eb706790 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Users\neil\AppData\Local\SecuritySys32.dll Report Id: e34a3468-ee07-11e0-973e-68b599632355

[ System Events ]
Error - 9/5/2011 3:09:30 AM | Computer Name = neil-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 9/8/2011 8:06:02 PM | Computer Name = neil-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 9/8/2011 8:06:33 PM | Computer Name = neil-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 9/11/2011 8:25:30 AM | Computer Name = neil-PC | Source = DCOM | ID = 10010
Description =

Error - 9/11/2011 9:50:42 PM | Computer Name = neil-PC | Source = DCOM | ID = 10010
Description =

Error - 9/14/2011 8:37:10 PM | Computer Name = neil-PC | Source = DCOM | ID = 10010
Description =

Error - 9/22/2011 12:00:41 AM | Computer Name = neil-PC | Source = DCOM | ID = 10010
Description =

Error - 9/22/2011 4:43:35 PM | Computer Name = neil-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RtVOsdService service.

Error - 10/2/2011 11:06:36 PM | Computer Name = neil-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 10/2/2011 11:13:45 PM | Computer Name = neil-PC | Source = DCOM | ID = 10010
Description =


< End of report >

#6 Treefarn

Treefarn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 04 October 2011 - 06:48 AM

Still getting the redirect. Doesn't seem with as much frequency, but its still there.

Edited by Treefarn, 04 October 2011 - 06:50 AM.


#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:03 AM

Posted 04 October 2011 - 07:42 AM

Hi again Treefarn!!.. :)

Not sure if its releated, but the error is "There was a problem starting C:\ProgramData\WindowsTrayVerifier.dll. The specified module could not be found." When I ran the MBAM below and restarted the computer, it did NOT occur.

The file was not present, while the entry in Registry still existed, hence the error was appearing... MBAM removed the orphaned entry:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsTrayVerifier (Trojan.SHarpro.PGen) -> Value: WindowsTrayVerifier -> Quarantined and deleted successfully.

Still getting the redirect. Doesn't seem with as much frequency, but its still there.

Yep, MBAM removed one infection, but there are still malicious Add-ons for Firefox visible in the logs... They should be removed with the script below...

Please do the following:

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
    FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}"
    [2011/09/24 12:05:09 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{0171facc-33a5-451a-b932-44d4eca8ebee}
    [2011/09/07 16:54:19 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
    [2011/09/22 16:44:52 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{232435d9-91ad-4d82-bdc4-7766cf37a668}
    [2011/09/23 20:25:33 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{5bfaac70-54d0-4e87-8d19-23cede356352}
    [2011/09/21 06:51:03 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{8650e9e4-c882-4431-8563-7abda00b33c5}
    [2011/01/21 09:04:25 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    [2011/09/22 21:06:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{d0d80fa1-9c73-4a71-a2df-5911bd0d762d}
    [2011/10/03 19:45:29 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{eb64461e-32d4-4304-a299-4d7b313b7472}
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {167D9323-F7CC-48F5-948A-6F012831A69F} - No CLSID value found.
    [2011/09/22 20:59:24 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
I do not see an antivirus program running on your computer... Without an AV, you have no protection and risk being quickly re-infected... Please install an antivirus program of your choice, run a full system scan with it, and post a log (if possible)... You may want to install one of the antivirus applications I recommend on my site: link

Please note that most antivirus programs provide an anti-spyware protection as well, so I suggest you disable Spybot's TeaTimer once you install an antivirus... Instructions on disabling Spybot's TeaTimer can be found here: How to disable your security applications

Thirdly,
Please remove any old versions of Kaspersky's TDSSKiller from your computer and then download the newest version:
  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 Treefarn

Treefarn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 04 October 2011 - 09:30 PM

I ran OTL and there was a log created. But TDSS ended up requiring a reboot, and I don't know the name of the file created by OTL or where it is. If you can point me to it, I will run it.

Here is the log from TDSS:

22:19:19.0081 3812 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
22:19:19.0333 3812 ============================================================
22:19:19.0333 3812 Current date / time: 2011/10/04 22:19:19.0333
22:19:19.0333 3812 SystemInfo:
22:19:19.0333 3812
22:19:19.0334 3812 OS Version: 6.1.7600 ServicePack: 0.0
22:19:19.0334 3812 Product type: Workstation
22:19:19.0334 3812 ComputerName: NEIL-PC
22:19:19.0334 3812 UserName: neil
22:19:19.0334 3812 Windows directory: C:\Windows
22:19:19.0334 3812 System windows directory: C:\Windows
22:19:19.0334 3812 Running under WOW64
22:19:19.0334 3812 Processor architecture: Intel x64
22:19:19.0334 3812 Number of processors: 4
22:19:19.0334 3812 Page size: 0x1000
22:19:19.0334 3812 Boot type: Normal boot
22:19:19.0334 3812 ============================================================
22:19:20.0571 3812 Initialize success
22:19:23.0318 4820 ============================================================
22:19:23.0319 4820 Scan started
22:19:23.0319 4820 Mode: Manual;
22:19:23.0319 4820 ============================================================
22:19:24.0751 4820 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:19:24.0756 4820 1394ohci - ok
22:19:24.0949 4820 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:19:24.0954 4820 ACPI - ok
22:19:25.0215 4820 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:19:25.0216 4820 AcpiPmi - ok
22:19:25.0392 4820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:19:25.0398 4820 adp94xx - ok
22:19:25.0813 4820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:19:25.0820 4820 adpahci - ok
22:19:26.0147 4820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:19:26.0150 4820 adpu320 - ok
22:19:26.0317 4820 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
22:19:26.0323 4820 AFD - ok
22:19:26.0512 4820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:19:26.0513 4820 agp440 - ok
22:19:26.0735 4820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:19:26.0735 4820 aliide - ok
22:19:26.0816 4820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:19:26.0817 4820 amdide - ok
22:19:26.0925 4820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:19:26.0926 4820 AmdK8 - ok
22:19:27.0605 4820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:19:27.0606 4820 AmdPPM - ok
22:19:29.0148 4820 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
22:19:29.0150 4820 amdsata - ok
22:19:29.0561 4820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:19:29.0567 4820 amdsbs - ok
22:19:29.0693 4820 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
22:19:29.0694 4820 amdxata - ok
22:19:29.0828 4820 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:19:29.0829 4820 AppID - ok
22:19:30.0005 4820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:19:30.0006 4820 arc - ok
22:19:30.0118 4820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:19:30.0141 4820 arcsas - ok
22:19:30.0468 4820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:19:30.0469 4820 AsyncMac - ok
22:19:30.0588 4820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:19:30.0589 4820 atapi - ok
22:19:30.0721 4820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:19:30.0726 4820 b06bdrv - ok
22:19:30.0828 4820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:19:30.0832 4820 b57nd60a - ok
22:19:31.0020 4820 BCM43XX (810be94a9e42309b3f74217ac28bc6ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:19:31.0041 4820 BCM43XX - ok
22:19:31.0140 4820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:19:31.0141 4820 Beep - ok
22:19:31.0249 4820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:19:31.0250 4820 blbdrive - ok
22:19:31.0348 4820 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:19:31.0350 4820 bowser - ok
22:19:31.0486 4820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:19:31.0487 4820 BrFiltLo - ok
22:19:31.0505 4820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:19:31.0505 4820 BrFiltUp - ok
22:19:31.0544 4820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:19:31.0547 4820 Brserid - ok
22:19:31.0679 4820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:19:31.0680 4820 BrSerWdm - ok
22:19:31.0791 4820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:19:31.0792 4820 BrUsbMdm - ok
22:19:31.0869 4820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:19:31.0870 4820 BrUsbSer - ok
22:19:31.0949 4820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:19:31.0950 4820 BTHMODEM - ok
22:19:32.0042 4820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:19:32.0043 4820 cdfs - ok
22:19:32.0171 4820 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:19:32.0174 4820 cdrom - ok
22:19:32.0306 4820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:19:32.0308 4820 circlass - ok
22:19:32.0412 4820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:19:32.0422 4820 CLFS - ok
22:19:33.0572 4820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:19:33.0573 4820 CmBatt - ok
22:19:33.0675 4820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:19:33.0676 4820 cmdide - ok
22:19:33.0794 4820 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
22:19:33.0801 4820 CNG - ok
22:19:33.0907 4820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:19:33.0908 4820 Compbatt - ok
22:19:34.0012 4820 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:19:34.0014 4820 CompositeBus - ok
22:19:34.0126 4820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:19:34.0127 4820 crcdisk - ok
22:19:34.0251 4820 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
22:19:34.0261 4820 CSC - ok
22:19:34.0399 4820 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:19:34.0401 4820 DfsC - ok
22:19:35.0138 4820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:19:35.0139 4820 discache - ok
22:19:35.0837 4820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:19:35.0838 4820 Disk - ok
22:19:35.0958 4820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:19:35.0959 4820 drmkaud - ok
22:19:36.0097 4820 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
22:19:36.0098 4820 dsNcAdpt - ok
22:19:36.0245 4820 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:19:36.0251 4820 DXGKrnl - ok
22:19:37.0138 4820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:19:37.0246 4820 ebdrv - ok
22:19:37.0374 4820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:19:37.0384 4820 elxstor - ok
22:19:37.0469 4820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:19:37.0470 4820 ErrDev - ok
22:19:37.0612 4820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:19:37.0617 4820 exfat - ok
22:19:37.0712 4820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:19:37.0717 4820 fastfat - ok
22:19:37.0806 4820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:19:37.0808 4820 fdc - ok
22:19:37.0926 4820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:19:37.0927 4820 FileInfo - ok
22:19:37.0959 4820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:19:37.0960 4820 Filetrace - ok
22:19:38.0054 4820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:19:38.0055 4820 flpydisk - ok
22:19:38.0163 4820 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:19:38.0169 4820 FltMgr - ok
22:19:38.0285 4820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:19:38.0287 4820 FsDepends - ok
22:19:38.0394 4820 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:19:38.0395 4820 Fs_Rec - ok
22:19:40.0676 4820 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:19:40.0681 4820 fvevol - ok
22:19:42.0914 4820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:19:42.0916 4820 gagp30kx - ok
22:19:44.0702 4820 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:19:44.0703 4820 GEARAspiWDM - ok
22:19:47.0544 4820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:19:47.0545 4820 hcw85cir - ok
22:19:47.0830 4820 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:19:47.0838 4820 HdAudAddService - ok
22:19:48.0002 4820 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:19:48.0003 4820 HDAudBus - ok
22:19:48.0292 4820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:19:48.0293 4820 HidBatt - ok
22:19:48.0384 4820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:19:48.0386 4820 HidBth - ok
22:19:48.0844 4820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:19:48.0845 4820 HidIr - ok
22:19:49.0645 4820 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:19:49.0646 4820 HidUsb - ok
22:19:50.0988 4820 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:19:51.0080 4820 HpSAMD - ok
22:19:51.0938 4820 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:19:51.0946 4820 HTTP - ok
22:19:52.0041 4820 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:19:52.0041 4820 hwpolicy - ok
22:19:52.0646 4820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:19:52.0785 4820 i8042prt - ok
22:19:54.0274 4820 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
22:19:54.0283 4820 iaStorV - ok
22:19:58.0069 4820 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:19:58.0450 4820 igfx - ok
22:19:59.0502 4820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:19:59.0504 4820 iirsp - ok
22:20:00.0207 4820 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
22:20:00.0221 4820 IntcAzAudAddService - ok
22:20:00.0464 4820 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:20:00.0467 4820 IntcDAud - ok
22:20:01.0830 4820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:20:01.0831 4820 intelide - ok
22:20:01.0935 4820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:20:01.0936 4820 intelppm - ok
22:20:02.0050 4820 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:20:02.0051 4820 IpFilterDriver - ok
22:20:02.0141 4820 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:20:02.0142 4820 IPMIDRV - ok
22:20:02.0231 4820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:20:02.0233 4820 IPNAT - ok
22:20:02.0346 4820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:20:02.0347 4820 IRENUM - ok
22:20:03.0260 4820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:20:03.0261 4820 isapnp - ok
22:20:03.0536 4820 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:20:03.0539 4820 iScsiPrt - ok
22:20:03.0665 4820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:20:03.0665 4820 kbdclass - ok
22:20:04.0016 4820 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:20:04.0017 4820 kbdhid - ok
22:20:04.0118 4820 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
22:20:04.0121 4820 KSecDD - ok
22:20:04.0164 4820 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
22:20:04.0167 4820 KSecPkg - ok
22:20:04.0279 4820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:20:04.0280 4820 ksthunk - ok
22:20:04.0514 4820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:20:04.0515 4820 lltdio - ok
22:20:04.0701 4820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:20:04.0704 4820 LSI_FC - ok
22:20:04.0829 4820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:20:04.0832 4820 LSI_SAS - ok
22:20:04.0945 4820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:20:04.0948 4820 LSI_SAS2 - ok
22:20:05.0075 4820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:20:05.0078 4820 LSI_SCSI - ok
22:20:05.0175 4820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:20:05.0178 4820 luafv - ok
22:20:05.0281 4820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:20:05.0282 4820 megasas - ok
22:20:05.0421 4820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:20:05.0424 4820 MegaSR - ok
22:20:05.0549 4820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:20:05.0550 4820 Modem - ok
22:20:05.0694 4820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:20:05.0695 4820 monitor - ok
22:20:05.0796 4820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:20:05.0797 4820 mouclass - ok
22:20:05.0914 4820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:20:05.0915 4820 mouhid - ok
22:20:06.0022 4820 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:20:06.0024 4820 mountmgr - ok
22:20:06.0586 4820 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:20:06.0708 4820 mpio - ok
22:20:07.0321 4820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:20:07.0323 4820 mpsdrv - ok
22:20:07.0668 4820 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:20:07.0672 4820 MRxDAV - ok
22:20:07.0758 4820 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:20:07.0761 4820 mrxsmb - ok
22:20:07.0862 4820 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:20:07.0868 4820 mrxsmb10 - ok
22:20:07.0963 4820 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:20:07.0966 4820 mrxsmb20 - ok
22:20:08.0055 4820 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:20:08.0055 4820 msahci - ok
22:20:08.0148 4820 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:20:08.0151 4820 msdsm - ok
22:20:08.0281 4820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:20:08.0282 4820 Msfs - ok
22:20:08.0381 4820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:20:08.0382 4820 mshidkmdf - ok
22:20:08.0782 4820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:20:08.0782 4820 msisadrv - ok
22:20:08.0901 4820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:20:08.0902 4820 MSKSSRV - ok
22:20:08.0995 4820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:20:08.0996 4820 MSPCLOCK - ok
22:20:09.0092 4820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:20:09.0093 4820 MSPQM - ok
22:20:09.0185 4820 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:20:09.0191 4820 MsRPC - ok
22:20:09.0321 4820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:20:09.0322 4820 mssmbios - ok
22:20:09.0447 4820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:20:09.0448 4820 MSTEE - ok
22:20:09.0459 4820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:20:09.0460 4820 MTConfig - ok
22:20:09.0583 4820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:20:09.0584 4820 Mup - ok
22:20:09.0746 4820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:20:09.0752 4820 NativeWifiP - ok
22:20:09.0869 4820 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:20:09.0883 4820 NDIS - ok
22:20:10.0169 4820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:20:10.0214 4820 NdisCap - ok
22:20:10.0381 4820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:20:10.0426 4820 NdisTapi - ok
22:20:11.0379 4820 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:20:11.0381 4820 Ndisuio - ok
22:20:11.0473 4820 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:20:11.0476 4820 NdisWan - ok
22:20:11.0575 4820 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:20:11.0576 4820 NDProxy - ok
22:20:11.0681 4820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:20:11.0682 4820 NetBIOS - ok
22:20:11.0776 4820 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:20:11.0781 4820 NetBT - ok
22:20:12.0052 4820 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys
22:20:12.0117 4820 Suspicious file (Forged): C:\Windows\system32\DRIVERS\NETwNs64.sys. Real md5: eb43840babf5589e33186d094de7381d, Fake md5: d4105e6717e1e6208dead902b614f379
22:20:12.0149 4820 NETwNs64 ( ForgedFile.Multi.Generic ) - warning
22:20:12.0149 4820 NETwNs64 - detected ForgedFile.Multi.Generic (1)
22:20:12.0247 4820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:20:12.0249 4820 nfrd960 - ok
22:20:12.0357 4820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:20:12.0358 4820 Npfs - ok
22:20:12.0584 4820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:20:12.0585 4820 nsiproxy - ok
22:20:13.0105 4820 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
22:20:13.0136 4820 Ntfs - ok
22:20:13.0221 4820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:20:13.0221 4820 Null - ok
22:20:13.0330 4820 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
22:20:13.0333 4820 nvraid - ok
22:20:13.0432 4820 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
22:20:13.0436 4820 nvstor - ok
22:20:13.0535 4820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:20:13.0538 4820 nv_agp - ok
22:20:13.0619 4820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:20:13.0621 4820 ohci1394 - ok
22:20:13.0760 4820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:20:13.0763 4820 Parport - ok
22:20:13.0839 4820 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
22:20:13.0841 4820 partmgr - ok
22:20:13.0868 4820 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:20:13.0871 4820 pci - ok
22:20:13.0954 4820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:20:13.0955 4820 pciide - ok
22:20:14.0044 4820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:20:14.0048 4820 pcmcia - ok
22:20:14.0093 4820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:20:14.0094 4820 pcw - ok
22:20:14.0217 4820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:20:14.0230 4820 PEAUTH - ok
22:20:14.0397 4820 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:20:14.0400 4820 PptpMiniport - ok
22:20:14.0678 4820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:20:14.0681 4820 Processor - ok
22:20:14.0799 4820 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:20:14.0802 4820 Psched - ok
22:20:14.0879 4820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:20:14.0905 4820 ql2300 - ok
22:20:15.0016 4820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:20:15.0050 4820 ql40xx - ok
22:20:15.0159 4820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:20:15.0161 4820 QWAVEdrv - ok
22:20:15.0275 4820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:20:15.0276 4820 RasAcd - ok
22:20:15.0393 4820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:20:15.0394 4820 RasAgileVpn - ok
22:20:15.0524 4820 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:20:15.0527 4820 Rasl2tp - ok
22:20:15.0640 4820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:20:15.0642 4820 RasPppoe - ok
22:20:15.0732 4820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:20:15.0734 4820 RasSstp - ok
22:20:15.0833 4820 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:20:15.0839 4820 rdbss - ok
22:20:15.0927 4820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:20:15.0928 4820 rdpbus - ok
22:20:16.0025 4820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:20:16.0026 4820 RDPCDD - ok
22:20:16.0112 4820 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
22:20:16.0115 4820 RDPDR - ok
22:20:16.0207 4820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:20:16.0208 4820 RDPENCDD - ok
22:20:16.0301 4820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:20:16.0302 4820 RDPREFMP - ok
22:20:16.0391 4820 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
22:20:16.0395 4820 RDPWD - ok
22:20:16.0586 4820 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:20:16.0591 4820 rdyboost - ok
22:20:16.0764 4820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:20:16.0766 4820 rspndr - ok
22:20:16.0851 4820 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:20:16.0855 4820 RTL8167 - ok
22:20:16.0940 4820 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
22:20:16.0941 4820 s3cap - ok
22:20:17.0039 4820 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:20:17.0041 4820 sbp2port - ok
22:20:17.0152 4820 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:20:17.0153 4820 scfilter - ok
22:20:17.0268 4820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:20:17.0269 4820 secdrv - ok
22:20:17.0381 4820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:20:17.0383 4820 Serenum - ok
22:20:17.0482 4820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:20:17.0485 4820 Serial - ok
22:20:17.0562 4820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:20:17.0564 4820 sermouse - ok
22:20:17.0589 4820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:20:17.0590 4820 sffdisk - ok
22:20:17.0613 4820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:20:17.0614 4820 sffp_mmc - ok
22:20:17.0703 4820 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:20:17.0704 4820 sffp_sd - ok
22:20:17.0786 4820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:20:17.0788 4820 sfloppy - ok
22:20:17.0830 4820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:20:17.0832 4820 SiSRaid2 - ok
22:20:17.0879 4820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:20:17.0881 4820 SiSRaid4 - ok
22:20:17.0984 4820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:20:17.0986 4820 Smb - ok
22:20:18.0125 4820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:20:18.0126 4820 spldr - ok
22:20:18.0233 4820 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:20:18.0242 4820 srv - ok
22:20:18.0353 4820 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:20:18.0361 4820 srv2 - ok
22:20:18.0495 4820 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:20:18.0498 4820 srvnet - ok
22:20:18.0617 4820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:20:18.0619 4820 stexstor - ok
22:20:18.0715 4820 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
22:20:18.0715 4820 StillCam - ok
22:20:18.0822 4820 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
22:20:18.0823 4820 storflt - ok
22:20:18.0918 4820 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
22:20:18.0919 4820 storvsc - ok
22:20:18.0999 4820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:20:19.0000 4820 swenum - ok
22:20:19.0172 4820 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
22:20:19.0186 4820 SynTP - ok
22:20:19.0364 4820 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
22:20:19.0391 4820 Tcpip - ok
22:20:19.0566 4820 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
22:20:19.0581 4820 TCPIP6 - ok
22:20:19.0678 4820 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:20:19.0679 4820 tcpipreg - ok
22:20:19.0770 4820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:20:19.0771 4820 TDPIPE - ok
22:20:19.0871 4820 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:20:19.0872 4820 TDTCP - ok
22:20:19.0973 4820 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:20:19.0976 4820 tdx - ok
22:20:20.0002 4820 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:20:20.0003 4820 TermDD - ok
22:20:20.0116 4820 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:20:20.0117 4820 tssecsrv - ok
22:20:20.0220 4820 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:20:20.0222 4820 tunnel - ok
22:20:20.0316 4820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:20:20.0317 4820 uagp35 - ok
22:20:20.0414 4820 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:20:20.0418 4820 udfs - ok
22:20:20.0562 4820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:20:20.0564 4820 uliagpkx - ok
22:20:20.0658 4820 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:20:20.0660 4820 umbus - ok
22:20:20.0755 4820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:20:20.0756 4820 UmPass - ok
22:20:20.0851 4820 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
22:20:20.0852 4820 USBAAPL64 - ok
22:20:20.0907 4820 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
22:20:20.0909 4820 usbccgp - ok
22:20:21.0004 4820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:20:21.0006 4820 usbcir - ok
22:20:21.0107 4820 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
22:20:21.0108 4820 usbehci - ok
22:20:21.0257 4820 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
22:20:21.0264 4820 usbhub - ok
22:20:21.0363 4820 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
22:20:21.0364 4820 usbohci - ok
22:20:21.0416 4820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:20:21.0417 4820 usbprint - ok
22:20:21.0529 4820 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:20:21.0530 4820 USBSTOR - ok
22:20:21.0635 4820 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
22:20:21.0636 4820 usbuhci - ok
22:20:21.0738 4820 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
22:20:21.0742 4820 usbvideo - ok
22:20:21.0860 4820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:20:21.0861 4820 vdrvroot - ok
22:20:21.0891 4820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:20:21.0893 4820 vga - ok
22:20:21.0976 4820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:20:21.0978 4820 VgaSave - ok
22:20:21.0992 4820 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:20:21.0997 4820 vhdmp - ok
22:20:22.0025 4820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:20:22.0027 4820 viaide - ok
22:20:22.0057 4820 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
22:20:22.0060 4820 vmbus - ok
22:20:22.0147 4820 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
22:20:22.0148 4820 VMBusHID - ok
22:20:22.0241 4820 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:20:22.0243 4820 volmgr - ok
22:20:22.0289 4820 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:20:22.0295 4820 volmgrx - ok
22:20:22.0388 4820 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:20:22.0392 4820 volsnap - ok
22:20:22.0503 4820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:20:22.0506 4820 vsmraid - ok
22:20:22.0534 4820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:20:22.0535 4820 vwifibus - ok
22:20:22.0623 4820 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:20:22.0624 4820 vwififlt - ok
22:20:22.0724 4820 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:20:22.0725 4820 vwifimp - ok
22:20:22.0755 4820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:20:22.0756 4820 WacomPen - ok
22:20:22.0860 4820 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:20:22.0862 4820 WANARP - ok
22:20:22.0876 4820 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:20:22.0877 4820 Wanarpv6 - ok
22:20:22.0980 4820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:20:22.0983 4820 Wd - ok
22:20:23.0082 4820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:20:23.0090 4820 Wdf01000 - ok
22:20:23.0539 4820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:20:23.0540 4820 WfpLwf - ok
22:20:23.0648 4820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:20:23.0649 4820 WIMMount - ok
22:20:23.0793 4820 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:20:23.0794 4820 WinUsb - ok
22:20:23.0903 4820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:20:23.0904 4820 WmiAcpi - ok
22:20:24.0023 4820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:20:24.0024 4820 ws2ifsl - ok
22:20:24.0121 4820 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:20:24.0122 4820 WSDPrintDevice - ok
22:20:24.0233 4820 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:20:24.0235 4820 WudfPf - ok
22:20:24.0348 4820 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:20:24.0351 4820 WUDFRd - ok
22:20:24.0403 4820 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:20:24.0418 4820 \Device\Harddisk0\DR0 - ok
22:20:24.0422 4820 Boot (0x1200) (f2b55e1afd5a324821bff010572b3a9c) \Device\Harddisk0\DR0\Partition0
22:20:24.0422 4820 \Device\Harddisk0\DR0\Partition0 - ok
22:20:24.0468 4820 Boot (0x1200) (8ab78f72e11346693df1a64d9eb9cb02) \Device\Harddisk0\DR0\Partition1
22:20:24.0470 4820 \Device\Harddisk0\DR0\Partition1 - ok
22:20:24.0471 4820 ============================================================
22:20:24.0471 4820 Scan finished
22:20:24.0471 4820 ============================================================
22:20:24.0495 5708 Detected object count: 1
22:20:24.0495 5708 Actual detected object count: 1
22:21:34.0515 5708 HKLM\SYSTEM\ControlSet001\services\NETwNs64 - will be deleted on reboot
22:21:34.0582 5708 HKLM\SYSTEM\ControlSet002\services\NETwNs64 - will be deleted on reboot
22:21:34.0594 5708 C:\Windows\system32\DRIVERS\NETwNs64.sys - will be deleted on reboot
22:21:34.0594 5708 NETwNs64 ( ForgedFile.Multi.Generic ) - User select action: Delete
22:21:45.0441 4144 Deinitialize success

#9 Treefarn

Treefarn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 04 October 2011 - 09:32 PM

I think I found the OTL log. I clicked on 20 or so google links and they all seemed to go to the right place.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{167d9323-f7cc-48f5-948a-6f012831a69f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{66bd2442-241b-44cd-8c7a-b51037053cdb} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66bd2442-241b-44cd-8c7a-b51037053cdb}\ not found.
Prefs.js: "WhiteSmoke Bar Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{0171facc-33a5-451a-b932-44d4eca8ebee}\defaults\preferences folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{0171facc-33a5-451a-b932-44d4eca8ebee}\defaults folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{0171facc-33a5-451a-b932-44d4eca8ebee}\chrome folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{0171facc-33a5-451a-b932-44d4eca8ebee} folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\searchplugin folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\modules folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\META-INF folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\defaults folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\chrome folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f} folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{232435d9-91ad-4d82-bdc4-7766cf37a668}\defaults\preferences folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{232435d9-91ad-4d82-bdc4-7766cf37a668}\defaults folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{232435d9-91ad-4d82-bdc4-7766cf37a668}\chrome folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{232435d9-91ad-4d82-bdc4-7766cf37a668} folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{5bfaac70-54d0-4e87-8d19-23cede356352}\defaults\preferences folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{5bfaac70-54d0-4e87-8d19-23cede356352}\defaults folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{5bfaac70-54d0-4e87-8d19-23cede356352}\chrome folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{5bfaac70-54d0-4e87-8d19-23cede356352} folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{8650e9e4-c882-4431-8563-7abda00b33c5}\defaults\preferences folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{8650e9e4-c882-4431-8563-7abda00b33c5}\defaults folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{8650e9e4-c882-4431-8563-7abda00b33c5}\chrome folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{8650e9e4-c882-4431-8563-7abda00b33c5} folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{d0d80fa1-9c73-4a71-a2df-5911bd0d762d}\defaults\preferences folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{d0d80fa1-9c73-4a71-a2df-5911bd0d762d}\defaults folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{d0d80fa1-9c73-4a71-a2df-5911bd0d762d}\chrome folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{d0d80fa1-9c73-4a71-a2df-5911bd0d762d} folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{eb64461e-32d4-4304-a299-4d7b313b7472}\defaults\preferences folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{eb64461e-32d4-4304-a299-4d7b313b7472}\defaults folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{eb64461e-32d4-4304-a299-4d7b313b7472}\chrome folder moved successfully.
C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\9ee6711i.default\extensions\{eb64461e-32d4-4304-a299-4d7b313b7472} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{167D9323-F7CC-48F5-948A-6F012831A69F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167D9323-F7CC-48F5-948A-6F012831A69F}\ not found.
C:\Windows\SysWOW64\srrstr.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: neil
->Temp folder emptied: 474946223 bytes
->Temporary Internet Files folder emptied: 83701079 bytes
->Java cache emptied: 17169607 bytes
->FireFox cache emptied: 297475573 bytes
->Google Chrome cache emptied: 223160483 bytes
->Flash cache emptied: 255676 bytes

User: Public

User: WD
->Temp folder emptied: 642110 bytes
->Temporary Internet Files folder emptied: 47934999 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 118917934 bytes
->Flash cache emptied: 57397 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42820 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 3200570499 bytes

Total Files Cleaned = 4,258.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: neil
->Flash cache emptied: 0 bytes

User: Public

User: WD
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10042011_215751

Files\Folders moved on Reboot...
C:\Users\neil\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7819095A-B5DC-419B-BB8E-323AA40551F3}.tmp moved successfully.
C:\Users\neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7C6FF6B2-720E-4082-A6B1-0782A6E40122}.tmp moved successfully.
C:\Users\neil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B1685FEF-88DB-4C0C-8C6C-844CE2322F5A}.tmp moved successfully.
File move failed. C:\Windows\temp\WebEx\Log\104\atashost.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:03 AM

Posted 05 October 2011 - 07:10 AM

Hi again Treefarn!!.. :)

I clicked on 20 or so google links and they all seemed to go to the right place.

:thumbup2:

What antivirus program did you decide to install??.. Did you run a system scan with it??.. If no, I highly recommend you install an antivirus program as soon as possible...

Answer my question and please do the following:

Firstly,
Please run OTL.exe.
  • On the upper bar click the button: None.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    C:\Windows\SysNative\NETwNs64.* /s /md5

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open one Notepad window. OTL.Txt - saved in the same location as OTL. Post the log in this thread.

Secondly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 Treefarn

Treefarn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 06 October 2011 - 05:31 AM

Avast found some malware and restarted to delete it. I believe I have attached the correct log (if not, let me know what its called).

The OTL ran for about 3 seconds. Here is the very short log. The ESET scan is running now, I will post it shortly

OTL logfile created on: 10/6/2011 6:18:18 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\neil\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 51.06% Memory free
7.60 Gb Paging File | 5.67 Gb Available in Paging File | 74.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 198.25 Gb Free Space | 42.57% Space Free | Partition Type: NTFS
Drive Z: | 465.66 Gb Total Space | 198.25 Gb Free Space | 42.57% Space Free | Partition Type: NTFS

Computer Name: NEIL-PC | User Name: neil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< C:\Windows\SysNative\NETwNs64.* /s /md5 >

< End of report >

#12 Treefarn

Treefarn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 06 October 2011 - 05:37 AM

I think the avast file is too large to attach. It is 32510kb. It won't attach.

#13 Treefarn

Treefarn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 06 October 2011 - 05:38 AM

After the computer rebooted after running Avast, it ran avast a 2nd time. Here is the log of that.

avast! Antirootkit, version 1.0
Scan started: Wednesday, October 05, 2011 10:52:45 PM

Process [0]
Process [4]
Process C:\Windows\System32\smss.exe [324]
Process C:\Windows\System32\csrss.exe [488]
Process C:\Windows\System32\wininit.exe [596]
Process C:\Windows\System32\csrss.exe [604]
Process C:\Windows\System32\winlogon.exe [652]
Process C:\Windows\System32\services.exe [704]
Process C:\Windows\System32\lsass.exe [712]
Process C:\Windows\System32\lsm.exe [720]
Process C:\Windows\System32\svchost.exe [820]
Process C:\Windows\System32\svchost.exe [912]
Process C:\Windows\System32\LogonUI.exe [988]
Process C:\Windows\System32\svchost.exe [996]
Process C:\Windows\System32\svchost.exe [116]
Process C:\Windows\System32\svchost.exe [428]
Process C:\Windows\System32\svchost.exe [780]
Process C:\Windows\System32\svchost.exe [1088]
Process C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1248]
Process C:\Windows\System32\wlanext.exe [1256]
Process C:\Windows\System32\conhost.exe [1268]
Process C:\Windows\System32\spoolsv.exe [1668]
Process C:\Windows\System32\svchost.exe [1704]
Process C:\Windows\System32\svchost.exe [1840]
Process C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [1892]
Process C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1916]
Process C:\Windows\SysWOW64\atashost.exe [1948]
Process C:\Program Files (x86)\Bonjour\mDNSResponder.exe [1988]
Process C:\Windows\SysWOW64\CTSVCCDA.EXE [2012]
Process C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [1096]
Process C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [1220]
Process C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2108]
Process C:\Windows\System32\svchost.exe [2936]
Process C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [1736]
Process C:\Program Files\Realtek\RtVOsd\RtVOsd.exe [2600]
Process C:\Windows\System32\svchost.exe [2256]
Process C:\Program Files\Windows Media Player\wmpnetwk.exe [1292]
Process C:\Windows\System32\SearchIndexer.exe [452]
Process C:\Windows\System32\wbem\WmiPrvSE.exe [2336]
Process C:\Windows\servicing\TrustedInstaller.exe [2720]
Disk 0 MBR
Service .NET CLR Data [???]
Service .NET CLR Networking [???]
Service .NET CLR Networking 4.0.0.0 [???]
Service .NET Data Provider for Oracle [???]
Service .NET Data Provider for SqlServer [???]
Service .NETFramework [???]
Service 1394ohci [C:\Windows\system32\DRIVERS\1394ohci.sys]
Service ACPI [C:\Windows\system32\DRIVERS\ACPI.sys]
Service AcpiPmi [C:\Windows\system32\DRIVERS\acpipmi.sys]
Service adp94xx [C:\Windows\system32\DRIVERS\adp94xx.sys]
Service adpahci [C:\Windows\system32\DRIVERS\adpahci.sys]
Service adpu320 [C:\Windows\system32\DRIVERS\adpu320.sys]
Service adsi [???]
Service AeLookupSvc [C:\Windows\System32\aelupsvc.dll]
Service AERTFilters [C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe]
Service AFD [C:\Windows\system32\drivers\afd.sys]
Service agp440 [C:\Windows\system32\DRIVERS\agp440.sys]
Service ALG [C:\Windows\System32\alg.exe]
Service aliide [C:\Windows\system32\DRIVERS\aliide.sys]
Service amdide [C:\Windows\system32\DRIVERS\amdide.sys]
Service AmdK8 [C:\Windows\system32\DRIVERS\amdk8.sys]
Service AmdPPM [C:\Windows\system32\DRIVERS\amdppm.sys]
Service amdsata [C:\Windows\system32\drivers\amdsata.sys]
Service amdsbs [C:\Windows\system32\DRIVERS\amdsbs.sys]
Service amdxata [C:\Windows\system32\drivers\amdxata.sys]
Service AppID [C:\Windows\system32\drivers\appid.sys]
Service AppIDSvc [C:\Windows\System32\appidsvc.dll]
Service Appinfo [C:\Windows\System32\appinfo.dll]
Service Apple Mobile Device [C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe]
Service AppMgmt [C:\Windows\System32\appmgmts.dll]
Service arc [C:\Windows\system32\DRIVERS\arc.sys]
Service arcsas [C:\Windows\system32\DRIVERS\arcsas.sys]
Service aswFsBlk [C:\Windows\System32\Drivers\aswFsBlk.sys]
Service aswMonFlt [C:\Windows\system32\drivers\aswMonFlt.sys]
Service aswRdr [C:\Windows\System32\Drivers\aswRdr.sys]
Service aswSnx [C:\Windows\System32\Drivers\aswSnx.sys]
Service aswSP [C:\Windows\System32\Drivers\aswSP.sys]
Service aswTdi [C:\Windows\System32\Drivers\aswTdi.sys]
Service AsyncMac [C:\Windows\system32\DRIVERS\asyncmac.sys]
Service atapi [C:\Windows\system32\DRIVERS\atapi.sys]
Service atashost [C:\Windows\SysWOW64\atashost.exe]
Service AudioEndpointBuilder [C:\Windows\System32\Audiosrv.dll]
Service AudioSrv [C:\Windows\System32\Audiosrv.dll]
Service avast! Antivirus [C:\Program Files\AVAST Software\Avast\AvastSvc.exe]
Service AxInstSV [C:\Windows\System32\AxInstSV.dll]
Service b06bdrv [C:\Windows\system32\DRIVERS\bxvbda.sys]
Service b57nd60a [C:\Windows\system32\DRIVERS\b57nd60a.sys]
Service BattC [???]
Service BCM43XX [C:\Windows\system32\DRIVERS\bcmwl664.sys]
Service BDESVC [C:\Windows\System32\bdesvc.dll]
Service Beep [C:\Windows\System32\Drivers\Beep.sys]
Service BFE [C:\Windows\System32\bfe.dll]
Service BITS [C:\Windows\System32\qmgr.dll]
Service blbdrive [C:\Windows\system32\DRIVERS\blbdrive.sys]
Service Bonjour Service [C:\Program Files (x86)\Bonjour\mDNSResponder.exe]
Service bowser [C:\Windows\system32\DRIVERS\bowser.sys]
Service BrFiltLo [C:\Windows\system32\DRIVERS\BrFiltLo.sys]
Service BrFiltUp [C:\Windows\system32\DRIVERS\BrFiltUp.sys]
Service Browser [C:\Windows\System32\browser.dll]
Service Brserid [C:\Windows\System32\Drivers\Brserid.sys]
Service BrSerWdm [C:\Windows\System32\Drivers\BrSerWdm.sys]
Service BrUsbMdm [C:\Windows\System32\Drivers\BrUsbMdm.sys]
Service BrUsbSer [C:\Windows\System32\Drivers\BrUsbSer.sys]
Service BTHMODEM [C:\Windows\system32\DRIVERS\bthmodem.sys]
Service BTHPORT [???]
Service bthserv [C:\Windows\system32\bthserv.dll]
Service cdfs [C:\Windows\system32\DRIVERS\cdfs.sys]
Service cdrom [C:\Windows\system32\DRIVERS\cdrom.sys]
Service CertPropSvc [C:\Windows\System32\certprop.dll]
Service circlass [C:\Windows\system32\DRIVERS\circlass.sys]
Service CLFS [C:\Windows\System32\CLFS.sys]
Service clr_optimization_v2.0.50727_32 [C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]
Service clr_optimization_v2.0.50727_64 [C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe]
Service clr_optimization_v4.0.30319_32 [C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe]
Service clr_optimization_v4.0.30319_64 [C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe]
Service CmBatt [C:\Windows\system32\DRIVERS\CmBatt.sys]
Service cmdide [C:\Windows\system32\DRIVERS\cmdide.sys]
Service CNG [C:\Windows\System32\Drivers\cng.sys]
Service Compbatt [C:\Windows\system32\DRIVERS\compbatt.sys]
Service CompositeBus [C:\Windows\system32\DRIVERS\CompositeBus.sys]
Service COMSysApp [C:\Windows\system32\dllhost.exe]
Service crcdisk [C:\Windows\system32\DRIVERS\crcdisk.sys]
Service Creative Service for CDROM Access [C:\Windows\SysWOW64\CTsvcCDA.exe]
Service crypt32 [???]
Service CryptSvc [C:\Windows\system32\cryptsvc.dll]
Service CSC [C:\Windows\system32\drivers\csc.sys]
Service CscService [C:\Windows\System32\cscsvc.dll]
Service DCLocator [???]
Service DcomLaunch [C:\Windows\system32\rpcss.dll]
Service defragsvc [C:\Windows\System32\defragsvc.dll]
Service DfsC [C:\Windows\System32\Drivers\dfsc.sys]
Service Dhcp [C:\Windows\system32\dhcpcore.dll]
Service discache [C:\Windows\System32\drivers\discache.sys]
Service Disk [C:\Windows\system32\DRIVERS\disk.sys]
Service Dnscache [C:\Windows\System32\dnsrslvr.dll]
Service dot3svc [C:\Windows\System32\dot3svc.dll]
Service DPS [C:\Windows\system32\dps.dll]
Service drmkaud [C:\Windows\system32\drivers\drmkaud.sys]
Service dsNcAdpt [C:\Windows\system32\DRIVERS\dsNcAdpt.sys]
Service dsNcService [C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe]
Service DXGKrnl [C:\Windows\System32\drivers\dxgkrnl.sys]
Service EapHost [C:\Windows\System32\eapsvc.dll]
Service ebdrv [C:\Windows\system32\DRIVERS\evbda.sys]
Service EFS [C:\Windows\System32\lsass.exe]
Service ehRecvr [C:\Windows\ehome\ehRecvr.exe]
Service ehSched [C:\Windows\ehome\ehsched.exe]
Service elxstor [C:\Windows\system32\DRIVERS\elxstor.sys]
Service ErrDev [C:\Windows\system32\DRIVERS\errdev.sys]
Service ESENT [???]
Service eventlog [C:\Windows\System32\wevtsvc.dll]
Service EventSystem [C:\Windows\system32\es.dll]
Service exfat [C:\Windows\System32\Drivers\exfat.sys]
Service fastfat [C:\Windows\System32\Drivers\fastfat.sys]
Service Fax [C:\Windows\system32\fxssvc.exe]
Service fdc [C:\Windows\system32\DRIVERS\fdc.sys]
Service fdPHost [C:\Windows\system32\fdPHost.dll]
Service FDResPub [C:\Windows\system32\fdrespub.dll]
Service FileInfo [C:\Windows\system32\drivers\fileinfo.sys]
Service Filetrace [C:\Windows\system32\drivers\filetrace.sys]
Service flpydisk [C:\Windows\system32\DRIVERS\flpydisk.sys]
Service FltMgr [C:\Windows\system32\drivers\fltmgr.sys]
Service FontCache [C:\Windows\system32\FntCache.dll]
Service FontCache3.0.0.0 [C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe]
Service FsDepends [C:\Windows\System32\drivers\FsDepends.sys]
Service Fs_Rec [C:\Windows\System32\Drivers\Fs_Rec.sys]
Service fvevol [C:\Windows\System32\DRIVERS\fvevol.sys]
Service gagp30kx [C:\Windows\system32\DRIVERS\gagp30kx.sys]
Service GEARAspiWDM [C:\Windows\system32\DRIVERS\GEARAspiWDM.sys]
Service gpsvc [C:\Windows\System32\gpsvc.dll]
Service gupdate [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
Service gupdatem [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
Service gusvc [C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe]
Service hcw85cir [C:\Windows\system32\drivers\hcw85cir.sys]
Service hcw89 [???]
Service HdAudAddService [C:\Windows\system32\drivers\HdAudio.sys]
Service HDAudBus [C:\Windows\system32\DRIVERS\HDAudBus.sys]
Service HidBatt [C:\Windows\system32\DRIVERS\HidBatt.sys]
Service HidBth [C:\Windows\system32\DRIVERS\hidbth.sys]
Service HidIr [C:\Windows\system32\DRIVERS\hidir.sys]
Service hidserv [C:\Windows\system32\hidserv.dll]
Service HidUsb [C:\Windows\system32\DRIVERS\hidusb.sys]
Service hkmsvc [C:\Windows\system32\kmsvc.dll]
Service HomeGroupListener [C:\Windows\system32\ListSvc.dll]
Service HomeGroupProvider [C:\Windows\system32\provsvc.dll]
Service HpSAMD [C:\Windows\system32\DRIVERS\HpSAMD.sys]
Service HTTP [C:\Windows\system32\drivers\HTTP.sys]
Service hwpolicy [C:\Windows\System32\drivers\hwpolicy.sys]
Service i8042prt [C:\Windows\system32\DRIVERS\i8042prt.sys]
Service ialm [???]
Service iaStorV [C:\Windows\system32\drivers\iaStorV.sys]
Service idsvc [C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe]
Service igfx [C:\Windows\system32\DRIVERS\igdkmd64.sys]
Service iirsp [C:\Windows\system32\DRIVERS\iirsp.sys]
Service IKEEXT [C:\Windows\System32\ikeext.dll]
Service inetaccs [???]
Service IntcAzAudAddService [C:\Windows\system32\drivers\RTKVHD64.sys]
Service IntcDAud [C:\Windows\system32\DRIVERS\IntcDAud.sys]
Service intelide [C:\Windows\system32\DRIVERS\intelide.sys]
Service intelppm [C:\Windows\system32\DRIVERS\intelppm.sys]
Service IPBusEnum [C:\Windows\system32\ipbusenum.dll]
Service IpFilterDriver [C:\Windows\system32\DRIVERS\ipfltdrv.sys]
Service iphlpsvc [C:\Windows\System32\iphlpsvc.dll]
Service IPMIDRV [C:\Windows\system32\DRIVERS\IPMIDrv.sys]
Service IPNAT [C:\Windows\System32\drivers\ipnat.sys]
Service iPod Service [C:\Program Files\iPod\bin\iPodService.exe]
Service IRENUM [C:\Windows\system32\drivers\irenum.sys]
Service isapnp [C:\Windows\system32\DRIVERS\isapnp.sys]
Service iScsiPrt [C:\Windows\system32\DRIVERS\msiscsi.sys]
Service kbdclass [C:\Windows\system32\DRIVERS\kbdclass.sys]
Service kbdhid [C:\Windows\system32\DRIVERS\kbdhid.sys]
Service KeyIso [C:\Windows\system32\lsass.exe]
Service KSecDD [C:\Windows\System32\Drivers\ksecdd.sys]
Service KSecPkg [C:\Windows\System32\Drivers\ksecpkg.sys]
Service ksthunk [C:\Windows\system32\drivers\ksthunk.sys]
Service KtmRm [C:\Windows\system32\msdtckrm.dll]
Service LanmanServer [C:\Windows\system32\srvsvc.dll]
Service LanmanWorkstation [C:\Windows\System32\wkssvc.dll]
Service ldap [???]
Service lltdio [C:\Windows\system32\DRIVERS\lltdio.sys]
Service lltdsvc [C:\Windows\System32\lltdsvc.dll]
Service lmhosts [C:\Windows\System32\lmhsvc.dll]
Service Lsa [???]
Service LSI_FC [C:\Windows\system32\DRIVERS\lsi_fc.sys]
Service LSI_SAS [C:\Windows\system32\DRIVERS\lsi_sas.sys]
Service LSI_SAS2 [C:\Windows\system32\DRIVERS\lsi_sas2.sys]
Service LSI_SCSI [C:\Windows\system32\DRIVERS\lsi_scsi.sys]
Service luafv [C:\Windows\system32\drivers\luafv.sys]
Service Mcx2Svc [C:\Windows\system32\Mcx2Svc.dll]
Service megasas [C:\Windows\system32\DRIVERS\megasas.sys]
Service MegaSR [C:\Windows\system32\DRIVERS\MegaSR.sys]
Service Microsoft SharePoint Workspace Audit Service [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE]
Service MMCSS [C:\Windows\system32\mmcss.dll]
Service Modem [C:\Windows\system32\drivers\modem.sys]
Service monitor [C:\Windows\system32\DRIVERS\monitor.sys]
Service mouclass [C:\Windows\system32\DRIVERS\mouclass.sys]
Service mouhid [C:\Windows\system32\DRIVERS\mouhid.sys]
Service mountmgr [C:\Windows\System32\drivers\mountmgr.sys]
Service mpio [C:\Windows\system32\DRIVERS\mpio.sys]
Service mpsdrv [C:\Windows\System32\drivers\mpsdrv.sys]
Service MpsSvc [C:\Windows\system32\mpssvc.dll]
Service MRxDAV [C:\Windows\system32\drivers\mrxdav.sys]
Service mrxsmb [C:\Windows\system32\DRIVERS\mrxsmb.sys]
Service mrxsmb10 [C:\Windows\system32\DRIVERS\mrxsmb10.sys]
Service mrxsmb20 [C:\Windows\system32\DRIVERS\mrxsmb20.sys]
Service msahci [C:\Windows\system32\DRIVERS\msahci.sys]
Service msdsm [C:\Windows\system32\DRIVERS\msdsm.sys]
Service MSDTC [C:\Windows\System32\msdtc.exe]
Service MSDTC Bridge 3.0.0.0 [???]
Service MSDTC Bridge 4.0.0.0 [???]
Service Msfs [C:\Windows\System32\Drivers\Msfs.sys]
Service mshidkmdf [C:\Windows\System32\drivers\mshidkmdf.sys]
Service msisadrv [C:\Windows\system32\DRIVERS\msisadrv.sys]
Service MSiSCSI [C:\Windows\system32\iscsiexe.dll]
Service msiserver [C:\Windows\system32\msiexec.exe]
Service MSKSSRV [C:\Windows\system32\drivers\MSKSSRV.sys]
Service MSPCLOCK [C:\Windows\system32\drivers\MSPCLOCK.sys]
Service MSPQM [C:\Windows\system32\drivers\MSPQM.sys]
Service MsRPC [C:\Windows\System32\Drivers\MsRPC.sys]
Service MSSCNTRS [???]
Service mssmbios [C:\Windows\system32\DRIVERS\mssmbios.sys]
Service MSTEE [C:\Windows\system32\drivers\MSTEE.sys]
Service MTConfig [C:\Windows\system32\DRIVERS\MTConfig.sys]
Service Mup [C:\Windows\System32\Drivers\mup.sys]
Service napagent [C:\Windows\system32\qagentRT.dll]
Service NativeWifiP [C:\Windows\system32\DRIVERS\nwifi.sys]
Service NDIS [C:\Windows\system32\drivers\ndis.sys]
Service NdisCap [C:\Windows\system32\DRIVERS\ndiscap.sys]
Service NdisTapi [C:\Windows\system32\DRIVERS\ndistapi.sys]
Service Ndisuio [C:\Windows\system32\DRIVERS\ndisuio.sys]
Service NdisWan [C:\Windows\system32\DRIVERS\ndiswan.sys]
Service NDProxy [C:\Windows\System32\Drivers\NDProxy.sys]
Service NetBIOS [C:\Windows\system32\DRIVERS\netbios.sys]
Service NetBT [C:\Windows\System32\DRIVERS\netbt.sys]
Service Netlogon [C:\Windows\system32\lsass.exe]
Service Netman [C:\Windows\System32\netman.dll]
Service netprofm [C:\Windows\System32\netprofm.dll]
Service NetTcpPortSharing [C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe]
Service nfrd960 [C:\Windows\system32\DRIVERS\nfrd960.sys]
Service NlaSvc [C:\Windows\System32\nlasvc.dll]
Service NovacomD [C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe]
Service Npfs [C:\Windows\System32\Drivers\Npfs.sys]
Service nsi [C:\Windows\system32\nsisvc.dll]
Service nsiproxy [C:\Windows\system32\drivers\nsiproxy.sys]
Service NTDS [???]
Service Ntfs [C:\Windows\System32\Drivers\Ntfs.sys]
Service Null [C:\Windows\System32\Drivers\Null.sys]
Service nvraid [C:\Windows\system32\drivers\nvraid.sys]
Service nvstor [C:\Windows\system32\drivers\nvstor.sys]
Service nv_agp [C:\Windows\system32\DRIVERS\nv_agp.sys]
Service ohci1394 [C:\Windows\system32\DRIVERS\ohci1394.sys]
Service ose64 [C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE]
Service osppsvc [C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE]
Service Outlook [???]
Service p2pimsvc [C:\Windows\system32\pnrpsvc.dll]
Service p2psvc [C:\Windows\system32\p2psvc.dll]
Service Parport [C:\Windows\system32\DRIVERS\parport.sys]
Service partmgr [C:\Windows\System32\drivers\partmgr.sys]
Service PcaSvc [C:\Windows\System32\pcasvc.dll]
Service pci [C:\Windows\system32\DRIVERS\pci.sys]
Service pciide [C:\Windows\system32\DRIVERS\pciide.sys]
Service pcmcia [C:\Windows\system32\DRIVERS\pcmcia.sys]
Service pcw [C:\Windows\System32\drivers\pcw.sys]
Service PEAUTH [C:\Windows\system32\drivers\peauth.sys]
Service PeerDistSvc [C:\Windows\system32\peerdistsvc.dll]
Service PerfDisk [???]
Service PerfHost [C:\Windows\SysWow64\perfhost.exe]
Service PerfNet [???]
Service PerfOS [???]
Service PerfProc [???]
Service pla [C:\Windows\system32\pla.dll]
Service PlugPlay [C:\Windows\system32\umpnpmgr.dll]
Service PNRPAutoReg [C:\Windows\system32\pnrpauto.dll]
Service PNRPsvc [C:\Windows\system32\pnrpsvc.dll]
Service PolicyAgent [C:\Windows\System32\ipsecsvc.dll]
Service PortProxy [???]
Service Power [C:\Windows\system32\umpo.dll]
Service PptpMiniport [C:\Windows\system32\DRIVERS\raspptp.sys]
Service Processor [C:\Windows\system32\DRIVERS\processr.sys]
Service ProfSvc [C:\Windows\system32\profsvc.dll]
Service ProtectedStorage [C:\Windows\system32\lsass.exe]
Service Psched [C:\Windows\system32\DRIVERS\pacer.sys]
Service ql2300 [C:\Windows\system32\DRIVERS\ql2300.sys]
Service ql40xx [C:\Windows\system32\DRIVERS\ql40xx.sys]
Service QWAVE [C:\Windows\system32\qwave.dll]
Service QWAVEdrv [C:\Windows\system32\drivers\qwavedrv.sys]
Service RasAcd [C:\Windows\System32\DRIVERS\rasacd.sys]
Service RasAgileVpn [C:\Windows\system32\DRIVERS\AgileVpn.sys]
Service RasAuto [C:\Windows\System32\rasauto.dll]
Service Rasl2tp [C:\Windows\system32\DRIVERS\rasl2tp.sys]
Service RasMan [C:\Windows\System32\rasmans.dll]
Service RasPppoe [C:\Windows\system32\DRIVERS\raspppoe.sys]
Service RasSstp [C:\Windows\system32\DRIVERS\rassstp.sys]
Service rdbss [C:\Windows\system32\DRIVERS\rdbss.sys]
Service rdpbus [C:\Windows\system32\DRIVERS\rdpbus.sys]
Service RDPCDD [C:\Windows\System32\DRIVERS\RDPCDD.sys]
Service RDPDD [???]
Service RDPDR [C:\Windows\System32\drivers\rdpdr.sys]
Service RDPENCDD [C:\Windows\system32\drivers\rdpencdd.sys]
Service RDPNP [???]
Service RDPREFMP [C:\Windows\system32\drivers\rdprefmp.sys]
Service RDPWD [C:\Windows\System32\Drivers\RDPWD.sys]
Service rdyboost [C:\Windows\System32\drivers\rdyboost.sys]
Service RemoteAccess [C:\Windows\System32\mprdim.dll]
Service RemoteRegistry [C:\Windows\system32\regsvc.dll]
Service RpcEptMapper [C:\Windows\System32\RpcEpMap.dll]
Service RpcLocator [C:\Windows\system32\locator.exe]
Service RpcSs [C:\Windows\system32\rpcss.dll]
Service rspndr [C:\Windows\system32\DRIVERS\rspndr.sys]
Service RTL8167 [C:\Windows\system32\DRIVERS\Rt64win7.sys]
Service RtVOsdService [C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe]
Service s3cap [C:\Windows\system32\DRIVERS\vms3cap.sys]
Service SamSs [C:\Windows\system32\lsass.exe]
Service sbp2port [C:\Windows\system32\DRIVERS\sbp2port.sys]
Service SBSDWSCService [C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe]
Service SCardSvr [C:\Windows\System32\SCardSvr.dll]
Service scfilter [C:\Windows\System32\DRIVERS\scfilter.sys]
Service Schedule [C:\Windows\system32\schedsvc.dll]
Service SCPolicySvc [C:\Windows\System32\certprop.dll]
Service SDRSVC [C:\Windows\System32\SDRSVC.dll]
Service secdrv [C:\Windows\System32\Drivers\secdrv.sys]
Service seclogon [C:\Windows\system32\seclogon.dll]
Service SENS [C:\Windows\System32\sens.dll]
Service SensrSvc [C:\Windows\system32\sensrsvc.dll]
Service Serenum [C:\Windows\system32\DRIVERS\serenum.sys]
Service Serial [C:\Windows\system32\DRIVERS\serial.sys]
Service sermouse [C:\Windows\system32\DRIVERS\sermouse.sys]
Service ServiceModelEndpoint 3.0.0.0 [???]
Service ServiceModelOperation 3.0.0.0 [???]
Service ServiceModelService 3.0.0.0 [???]
Service SessionEnv [C:\Windows\system32\sessenv.dll]
Service sffdisk [C:\Windows\system32\DRIVERS\sffdisk.sys]
Service sffp_mmc [C:\Windows\system32\DRIVERS\sffp_mmc.sys]
Service sffp_sd [C:\Windows\system32\DRIVERS\sffp_sd.sys]
Service sfloppy [C:\Windows\system32\DRIVERS\sfloppy.sys]
Service SharedAccess [C:\Windows\System32\ipnathlp.dll]
Service ShellHWDetection [C:\Windows\System32\shsvcs.dll]
Service SiSRaid2 [C:\Windows\system32\DRIVERS\SiSRaid2.sys]
Service SiSRaid4 [C:\Windows\system32\DRIVERS\sisraid4.sys]
Service Smb [C:\Windows\system32\DRIVERS\smb.sys]
Service SMSvcHost 3.0.0.0 [???]
Service SMSvcHost 4.0.0.0 [???]
Service SNMPTRAP [C:\Windows\System32\snmptrap.exe]
Service spldr [C:\Windows\System32\Drivers\spldr.sys]
Service Spooler [C:\Windows\System32\spoolsv.exe]
Service sppsvc [C:\Windows\system32\sppsvc.exe]
Service sppuinotify [C:\Windows\system32\sppuinotify.dll]
Service srv [C:\Windows\System32\DRIVERS\srv.sys]
Service srv2 [C:\Windows\System32\DRIVERS\srv2.sys]
Service srvnet [C:\Windows\System32\DRIVERS\srvnet.sys]
Service SSDPSRV [C:\Windows\System32\ssdpsrv.dll]
Service SstpSvc [C:\Windows\system32\sstpsvc.dll]
Service stexstor [C:\Windows\system32\DRIVERS\stexstor.sys]
Service StillCam [C:\Windows\system32\DRIVERS\serscan.sys]
Service stisvc [C:\Windows\System32\wiaservc.dll]
Service storflt [C:\Windows\system32\DRIVERS\vmstorfl.sys]
Service storvsc [C:\Windows\system32\DRIVERS\storvsc.sys]
Service swenum [C:\Windows\system32\DRIVERS\swenum.sys]
Service swprv [C:\Windows\System32\swprv.dll]
Service SynTP [C:\Windows\system32\DRIVERS\SynTP.sys]
Service SysMain [C:\Windows\system32\sysmain.dll]
Service TabletInputService [C:\Windows\System32\TabSvc.dll]
Service TapiSrv [C:\Windows\System32\tapisrv.dll]
Service TBS [C:\Windows\System32\tbssvc.dll]
Service Tcpip [C:\Windows\System32\drivers\tcpip.sys]
Service TCPIP6 [C:\Windows\system32\DRIVERS\tcpip.sys]
Service TCPIP6TUNNEL [???]
Service tcpipreg [C:\Windows\System32\drivers\tcpipreg.sys]
Service TCPIPTUNNEL [???]
Service TDPIPE [C:\Windows\system32\drivers\tdpipe.sys]
Service TDTCP [C:\Windows\system32\drivers\tdtcp.sys]
Service tdx [C:\Windows\system32\DRIVERS\tdx.sys]
Service TermDD [C:\Windows\system32\DRIVERS\termdd.sys]
Service TermService [C:\Windows\System32\termsrv.dll]
Service Themes [C:\Windows\system32\themeservice.dll]
Service THREADORDER [C:\Windows\system32\mmcss.dll]
Service TrkWks [C:\Windows\System32\trkwks.dll]
Service TrustedInstaller [C:\Windows\servicing\TrustedInstaller.exe]
Service TSDDD [???]
Service tssecsrv [C:\Windows\System32\DRIVERS\tssecsrv.sys]
Service tunnel [C:\Windows\system32\DRIVERS\tunnel.sys]
Service uagp35 [C:\Windows\system32\DRIVERS\uagp35.sys]
Service udfs [C:\Windows\system32\DRIVERS\udfs.sys]
Service UGatherer [???]
Service UGTHRSVC [???]
Service UI0Detect [C:\Windows\system32\UI0Detect.exe]
Service uliagpkx [C:\Windows\system32\DRIVERS\uliagpkx.sys]
Service umbus [C:\Windows\system32\DRIVERS\umbus.sys]
Service UmPass [C:\Windows\system32\DRIVERS\umpass.sys]
Service UmRdpService [C:\Windows\System32\umrdp.dll]
Service upnphost [C:\Windows\System32\upnphost.dll]
Service USBAAPL64 [C:\Windows\System32\Drivers\usbaapl64.sys]
Service usbccgp [C:\Windows\system32\DRIVERS\usbccgp.sys]
Service usbcir [C:\Windows\system32\DRIVERS\usbcir.sys]
Service usbehci [C:\Windows\system32\drivers\usbehci.sys]
Service usbhub [C:\Windows\system32\DRIVERS\usbhub.sys]
Service usbohci [C:\Windows\system32\drivers\usbohci.sys]
Service usbprint [C:\Windows\system32\DRIVERS\usbprint.sys]
Service USBSTOR [C:\Windows\system32\DRIVERS\USBSTOR.SYS]
Service usbuhci [C:\Windows\system32\drivers\usbuhci.sys]
Service usbvideo [C:\Windows\System32\Drivers\usbvideo.sys]
Service UxSms [C:\Windows\System32\uxsms.dll]
Service VaultSvc [C:\Windows\system32\lsass.exe]
Service vdrvroot [C:\Windows\system32\DRIVERS\vdrvroot.sys]
Service vds [C:\Windows\System32\vds.exe]
Service vga [C:\Windows\system32\DRIVERS\vgapnp.sys]
Service VgaSave [C:\Windows\System32\drivers\vga.sys]
Service vhdmp [C:\Windows\system32\DRIVERS\vhdmp.sys]
Service viaide [C:\Windows\system32\DRIVERS\viaide.sys]
Service vmbus [C:\Windows\system32\DRIVERS\vmbus.sys]
Service VMBusHID [C:\Windows\system32\DRIVERS\VMBusHID.sys]
Service volmgr [C:\Windows\system32\DRIVERS\volmgr.sys]
Service volmgrx [C:\Windows\System32\drivers\volmgrx.sys]
Service volsnap [C:\Windows\system32\DRIVERS\volsnap.sys]
Service vsmraid [C:\Windows\system32\DRIVERS\vsmraid.sys]
Service VSS [C:\Windows\system32\vssvc.exe]
Service vwifibus [C:\Windows\system32\DRIVERS\vwifibus.sys]
Service vwififlt [C:\Windows\system32\DRIVERS\vwififlt.sys]
Service vwifimp [C:\Windows\system32\DRIVERS\vwifimp.sys]
Service W32Time [C:\Windows\system32\w32time.dll]
Service W3SVC [???]
Service WacomPen [C:\Windows\system32\DRIVERS\wacompen.sys]
Service WANARP [C:\Windows\system32\DRIVERS\wanarp.sys]
Service Wanarpv6 [C:\Windows\system32\DRIVERS\wanarp.sys]
Service WatAdminSvc [C:\Windows\system32\Wat\WatAdminSvc.exe]
Service wbengine [C:\Windows\system32\wbengine.exe]
Service WbioSrvc [C:\Windows\System32\wbiosrvc.dll]
Service wcncsvc [C:\Windows\System32\wcncsvc.dll]
Service WcsPlugInService [C:\Windows\System32\WcsPlugInService.dll]
Service Wd [C:\Windows\system32\DRIVERS\wd.sys]
Service Wdf01000 [C:\Windows\system32\drivers\Wdf01000.sys]
Service WdiServiceHost [C:\Windows\system32\wdi.dll]
Service WdiSystemHost [C:\Windows\system32\wdi.dll]
Service WebClient [C:\Windows\System32\webclnt.dll]
Service Wecsvc [C:\Windows\system32\wecsvc.dll]
Service wercplsupport [C:\Windows\System32\wercplsupport.dll]
Service WerSvc [C:\Windows\System32\WerSvc.dll]
Service WfpLwf [C:\Windows\system32\DRIVERS\wfplwf.sys]
Service WIMMount [C:\Windows\system32\drivers\wimmount.sys]
Service WinDefend [C:\Program Files]
Service Windows Workflow Foundation 3.0.0.0 [???]
Service WinHttpAutoProxySvc [C:\Windows\system32\winhttp.dll]
Service Winmgmt [C:\Windows\system32\wbem\WMIsvc.dll]
Service WinRM [C:\Windows\system32\WsmSvc.dll]
Service Winsock [C:\Windows\System32\Drivers\Winsock.sys]
Service WinSock2 [???]
Service WinUsb [C:\Windows\system32\DRIVERS\WinUsb.sys]
Service Wlansvc [C:\Windows\System32\wlansvc.dll]
Service WmiAcpi [C:\Windows\system32\DRIVERS\wmiacpi.sys]
Service WmiApRpl [???]
Service wmiApSrv [C:\Windows\system32\wbem\WmiApSrv.exe]
Service WMPNetworkSvc [C:\Program Files]
Service WPCSvc [C:\Windows\System32\wpcsvc.dll]
Service WPDBusEnum [C:\Windows\system32\wpdbusenum.dll]
Service ws2ifsl [C:\Windows\system32\drivers\ws2ifsl.sys]
Service wscsvc [C:\Windows\System32\wscsvc.dll]
Service WSDPrintDevice [C:\Windows\system32\DRIVERS\WSDPrint.sys]
Service WSearch [C:\Windows\system32\SearchIndexer.exe]
Service WSearchIdxPi [???]
Service wuauserv [C:\Windows\system32\wuaueng.dll]
Service WudfPf [C:\Windows\system32\drivers\WudfPf.sys]
Service WUDFRd [C:\Windows\system32\DRIVERS\WUDFRd.sys]
Service wudfsvc [C:\Windows\System32\WUDFSvc.dll]
Service WwanSvc [C:\Windows\System32\wwansvc.dll]
Service xmlprov [???]
Service {12997A42-7B49-48A1-888B-ABC97C5DEF9C} [???]
Service {13BF5874-5776-4FDD-AAEA-C54EDB71E252} [???]
Service {6D980BC7-33A9-4048-95F3-CA52F91E8268} [???]
Service {AE7F3440-2660-47BB-8179-6BDF389DE919} [???]

Scan finished: Wednesday, October 05, 2011 10:52:51 PM
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0


----------

#14 Treefarn

Treefarn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 06 October 2011 - 06:54 AM

ESET found no threats

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=3f2178c281a74e468cedc61cd0a48629
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-06 11:53:29
# local_time=2011-10-06 07:53:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 69441487 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=203878
# found=0
# cleaned=0
# scan_time=3971

Edited by Treefarn, 06 October 2011 - 06:55 AM.


#15 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:06:03 AM

Posted 06 October 2011 - 08:29 AM

Hi again Treefarn!!.. :)

Thanks for the logs!..

Please do the following:

Firstly,
TDSSKiller deleted one patched Driver file... Looking at the logs, I don't think it was being used by Windows, however, we'll get the legit file back... To do so, please follow these steps:

Download the zipped file with a name: ICS_Ds64.zip from here: Intel® PRO/Wireless and WiFi Link Drivers-Only for Windows 7
- you can download it to your Desktop... Unzip the file...
- open the folder created after unzipping the file, in the s64 folder please right-click this file: NETwNs64.sys and choose Copy...
- navigate to this folder then: C:\Windows\system32\DRIVERS
- right-click anywhere and choose Paste; if you get an UAC prompt, confirm... Make sure the file exists in that Drivers folder now...

Secondly,
We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

To make sure you're using an updated version of Adobe Acrobat Reader, run Adobe Reader --> Help --> Check for updates - let it update to the newest version...

- Java

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java™ 6 Update 23

Then,
  • Download the latest version of Java Runtime Environment (JRE) 7.
  • Scroll down to where it says Java Platform, Standard Edition / "Java SE 7".
  • Click the Download button under "JRE".
  • In the Window that opens, check the box that says: "Accept License Agreement".
  • Click on the link: jre-7-windows-i586.exe to download an offline installer for Windows x86. Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your Desktop double-click on the file that you've downloaded to install the newest version.

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, refer to this article and download this file to your Desktop: uninstall_flash_player_32bit.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).


- Please run Windows Update (Start --> All programs --> Windows Update) and install all critical updates, this includes Service Pack 1 for Windows 7... Keeping your Windows updated is crucial, as malware authors use various vulnerabilities to infect computers; use Windows Update regularly to patch existing vulnerabilities...

I suggest you install optional updates as well, this includes Internet Explorer 9 (even if you do not use IE on daily basis, it's a good idea to have it updated anyway)...

Please let me know if all the updates went well... :)
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users