Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still Infected With Win 7 Security 2012


  • This topic is locked This topic is locked
16 replies to this topic

#1 elpage

elpage

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 04 January 2012 - 08:26 PM

Noticed infection with Win 7 Security 2012 in mid December and took the steps to remove it. All worked well until late last week where I noticed I was losing my in-home networking capabilities whereas computers could see the infected pc, but the infected computer could not access or see others on the network. Then eventually random sites became inaccessible on the infected computer. I ran Malwarebytes but nothing was found. Appreciate any help I can get to resolve this. Thanks, el page

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Guest PC at 15:50:21 on 2012-01-04
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.426 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Now Playing Tool for OtsAV\Now Playing Tool for OtsAV.exe
C:\Program Files\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\Now Playing Tool for OtsAV\Now Playing Tool for OtsAV.exe
C:\Program Files\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\Explorer.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = localhost:8118
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime (drop down deals)\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\guestp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\guest pc\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mediam~1.lnk - c:\program files\mediamonkey\MediaMonkey.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nowpla~1.lnk - c:\program files\now playing tool for otsav\Now Playing Tool for OtsAV.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tvmobi~1.lnk - c:\program files\tvmobili\bin\iTunesAlbumArtGenerator.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 192.168.0.1
TCP: Interfaces\{6532C855-9422-451A-99F9-2DA517254BD8} : DhcpNameServer = 192.168.1.1 68.238.64.12 192.168.0.1
TCP: Interfaces\{6532C855-9422-451A-99F9-2DA517254BD8}\34963736F65353430313 : DhcpNameServer = 192.168.1.1 68.238.64.12 192.168.0.1
TCP: Interfaces\{6532C855-9422-451A-99F9-2DA517254BD8}\452757D607D225F6F6D637D234F687 : DhcpNameServer = 68.111.16.30 68.111.16.25
TCP: Interfaces\{6532C855-9422-451A-99F9-2DA517254BD8}\6496F63725561627 : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{6532C855-9422-451A-99F9-2DA517254BD8}\6496F6376427F6E647 : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{6532C855-9422-451A-99F9-2DA517254BD8}\6496F637D49646 : DhcpNameServer = 192.168.1.1 68.238.64.12 192.168.0.1
TCP: Interfaces\{6532C855-9422-451A-99F9-2DA517254BD8}\6496F637D49646D27657563747 : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{FBF87322-DFA9-4567-BA65-F1C56DD284C8} : DhcpNameServer = 192.168.1.1 68.238.64.12
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\guest pc\appdata\roaming\mozilla\firefox\profiles\bwzt28yc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z011&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - component: c:\users\guest pc\appdata\roaming\mozilla\firefox\profiles\bwzt28yc.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\guest pc\appdata\roaming\mozilla\firefox\profiles\bwzt28yc.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\sonne dvd creator\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\sonne dvd creator\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\guest pc\appdata\roaming\mozilla\firefox\profiles\bwzt28yc.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\users\guest pc\appdata\roaming\mozilla\firefox\profiles\bwzt28yc.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 3eb7171e-a62b-49fb-911c-7e7396c992dc
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,BuzzdockTease,DropDownDeals,
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl35a36c24;MpKsl35a36c24;c:\programdata\microsoft\microsoft antimalware\definition updates\{43a05266-727c-46f6-9509-bf9a44fbf275}\MpKsl35a36c24.sys [2012-1-3 29904]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 286736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-11-2 68896]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-19 2984832]
R2 tvMobiliService;tvMobiliService;c:\program files\tvmobili\bin\tvMobiliService.exe [2011-11-16 1009152]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-12-26 20080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-5-23 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-5-23 79360]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2010-5-23 899712]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-6-15 6638080]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-9-22 15488]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-20 15872]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-12-4 25088]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-20 52224]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2011-1-13 16640]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
.
=============== Created Last 30 ================
.
2012-01-04 15:44:59 -------- d-----w- c:\program files\Runtime Software
2012-01-04 04:16:29 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{43a05266-727c-46f6-9509-bf9a44fbf275}\MpKsl35a36c24.sys
2012-01-04 04:16:11 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{43a05266-727c-46f6-9509-bf9a44fbf275}\offreg.dll
2012-01-04 04:16:05 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{43a05266-727c-46f6-9509-bf9a44fbf275}\mpengine.dll
2011-12-31 16:46:03 -------- d-----w- c:\programdata\TVMOBiLi
2011-12-31 16:46:03 -------- d-----w- c:\program files\TVMOBiLi
2011-12-29 16:36:34 -------- d-----w- c:\users\guest pc\appdata\local\Conceiva
2011-12-29 16:08:03 -------- d-----w- c:\users\guest pc\appdata\roaming\MediaMonkey
2011-12-29 16:07:37 -------- d-----w- c:\programdata\MediaMonkey
2011-12-29 09:34:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-29 09:15:27 -------- d-----w- c:\program files\Samsung
2011-12-28 15:55:35 4200024 ----a-w- c:\windows\system32\cdintf400.dll
2011-12-28 15:54:01 -------- d-----w- c:\program files\Quicken
2011-12-28 15:01:17 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-12-27 07:51:17 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8391384d-0845-4116-8d7c-5dfd42481066}\gapaengine.dll
2011-12-27 07:48:42 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-27 05:43:54 -------- d-----w- c:\program files\PeerBlock
2011-12-23 03:30:00 -------- d-----w- c:\program files\Winamp Detect
2011-12-21 16:44:53 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2011-12-21 16:44:53 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2011-12-21 16:44:52 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-21 16:44:52 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2011-12-18 17:52:19 -------- d-----w- c:\program files\Yontoo Layers Runtime (Drop Down Deals)
2011-12-18 17:52:18 -------- d-----w- c:\programdata\Tarma Installer
2011-12-18 16:57:19 -------- d-----w- c:\users\guest pc\appdata\roaming\Foxit Software
2011-12-18 16:53:55 -------- d-----w- c:\program files\foxit software
2011-12-17 17:55:19 -------- d-----w- c:\program files\AVAST Software
2011-12-17 16:57:19 26400 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-12-17 16:57:19 17696 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-12-17 16:51:26 -------- d-----w- c:\users\guest pc\appdata\roaming\Downloaded Installations
2011-12-17 00:13:02 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7ac5296a-e7ec-4ee2-8b43-35a723e7a650}\mpengine.dll
2011-12-15 00:33:34 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 00:33:29 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 00:33:28 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 00:33:27 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 00:33:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 00:33:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-11 18:47:00 -------- d-----w- c:\users\guest pc\appdata\roaming\PFStaticIP
2011-12-11 16:09:41 -------- d-----w- c:\users\guest pc\appdata\roaming\AVG
2011-12-11 15:54:48 -------- d--h--w- c:\programdata\Common Files
2011-12-11 15:52:46 -------- d-----w- c:\program files\AVG
2011-12-11 15:30:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-11 14:59:16 -------- d-----w- c:\programdata\AVAST Software
.
==================== Find3M ====================
.
2011-11-17 13:34:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-17 04:19:50 1409 ----a-w- c:\windows\system32\tmpF1701.FOT
2011-11-15 22:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-02 16:24:04 68896 ----a-w- c:\windows\system32\NLSSRV32.EXE
.
============= FINISH: 15:50:47.94 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:23 AM

Posted 05 January 2012 - 02:11 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


Please let me know how the above scans go.

Kindest Regards,
ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 elpage

elpage
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 05 January 2012 - 06:45 AM

Thanks, ST for your assistance. Here is the first document.

03:19:03.0576 4976 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
03:19:03.0966 4976 ============================================================
03:19:03.0966 4976 Current date / time: 2012/01/05 03:19:03.0966
03:19:03.0967 4976 SystemInfo:
03:19:03.0967 4976
03:19:03.0967 4976 OS Version: 6.1.7601 ServicePack: 1.0
03:19:03.0967 4976 Product type: Workstation
03:19:03.0967 4976 ComputerName: GUEST-PC
03:19:03.0967 4976 UserName: Guest PC
03:19:03.0967 4976 Windows directory: C:\Windows
03:19:03.0967 4976 System windows directory: C:\Windows
03:19:03.0968 4976 Processor architecture: Intel x86
03:19:03.0968 4976 Number of processors: 2
03:19:03.0968 4976 Page size: 0x1000
03:19:03.0968 4976 Boot type: Normal boot
03:19:03.0968 4976 ============================================================
03:19:12.0089 4976 Initialize success
03:19:25.0077 5764 ============================================================
03:19:25.0077 5764 Scan started
03:19:25.0077 5764 Mode: Manual; SigCheck; TDLFS;
03:19:25.0077 5764 ============================================================
03:19:28.0711 5764 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
03:19:28.0920 5764 1394ohci - ok
03:19:29.0155 5764 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
03:19:29.0211 5764 ACPI - ok
03:19:29.0291 5764 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
03:19:29.0399 5764 AcpiPmi - ok
03:19:29.0506 5764 ADIHdAudAddService (b28831eb859c6460fdeea602e098d93d) C:\Windows\system32\drivers\ADIHdAud.sys
03:19:29.0584 5764 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - warning
03:19:29.0584 5764 ADIHdAudAddService - detected UnsignedFile.Multi.Generic (1)
03:19:29.0814 5764 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
03:19:29.0886 5764 adp94xx - ok
03:19:29.0951 5764 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
03:19:29.0987 5764 adpahci - ok
03:19:30.0042 5764 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
03:19:30.0080 5764 adpu320 - ok
03:19:30.0195 5764 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
03:19:30.0334 5764 AFD - ok
03:19:30.0488 5764 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
03:19:30.0528 5764 agp440 - ok
03:19:30.0811 5764 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
03:19:30.0879 5764 aic78xx - ok
03:19:31.0273 5764 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
03:19:31.0303 5764 aliide - ok
03:19:31.0380 5764 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
03:19:31.0508 5764 amdagp - ok
03:19:31.0697 5764 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
03:19:31.0771 5764 amdide - ok
03:19:31.0930 5764 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
03:19:32.0008 5764 AmdK8 - ok
03:19:32.0193 5764 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
03:19:32.0252 5764 AmdPPM - ok
03:19:32.0408 5764 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
03:19:32.0466 5764 amdsata - ok
03:19:32.0642 5764 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
03:19:32.0682 5764 amdsbs - ok
03:19:32.0731 5764 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
03:19:32.0760 5764 amdxata - ok
03:19:32.0859 5764 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
03:19:33.0054 5764 AppID - ok
03:19:33.0255 5764 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
03:19:33.0300 5764 arc - ok
03:19:33.0351 5764 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
03:19:33.0385 5764 arcsas - ok
03:19:33.0448 5764 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
03:19:33.0660 5764 AsyncMac - ok
03:19:33.0810 5764 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
03:19:33.0845 5764 atapi - ok
03:19:33.0942 5764 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
03:19:34.0072 5764 ATSwpWDF - ok
03:19:34.0201 5764 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
03:19:34.0330 5764 b06bdrv - ok
03:19:34.0479 5764 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
03:19:34.0544 5764 b57nd60x - ok
03:19:34.0600 5764 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
03:19:34.0664 5764 Beep - ok
03:19:34.0780 5764 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
03:19:34.0844 5764 blbdrive - ok
03:19:35.0061 5764 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
03:19:35.0100 5764 bowser - ok
03:19:35.0147 5764 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:19:35.0198 5764 BrFiltLo - ok
03:19:35.0274 5764 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:19:35.0335 5764 BrFiltUp - ok
03:19:35.0420 5764 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
03:19:35.0499 5764 Brserid - ok
03:19:35.0627 5764 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
03:19:35.0699 5764 BrSerWdm - ok
03:19:35.0758 5764 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:19:35.0838 5764 BrUsbMdm - ok
03:19:35.0885 5764 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
03:19:35.0945 5764 BrUsbSer - ok
03:19:36.0033 5764 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
03:19:36.0130 5764 BthEnum - ok
03:19:36.0263 5764 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
03:19:36.0341 5764 BTHMODEM - ok
03:19:36.0429 5764 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
03:19:36.0483 5764 BthPan - ok
03:19:36.0598 5764 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
03:19:36.0669 5764 BTHPORT - ok
03:19:36.0854 5764 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
03:19:36.0921 5764 BTHUSB - ok
03:19:36.0995 5764 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
03:19:37.0060 5764 btusbflt - ok
03:19:37.0217 5764 catchme - ok
03:19:37.0389 5764 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
03:19:37.0487 5764 cdfs - ok
03:19:37.0578 5764 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
03:19:37.0653 5764 cdrom - ok
03:19:37.0747 5764 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
03:19:37.0783 5764 circlass - ok
03:19:37.0962 5764 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
03:19:38.0020 5764 CLFS - ok
03:19:38.0154 5764 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
03:19:38.0233 5764 CmBatt - ok
03:19:38.0318 5764 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
03:19:38.0352 5764 cmdide - ok
03:19:38.0483 5764 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
03:19:38.0580 5764 CNG - ok
03:19:38.0735 5764 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
03:19:38.0769 5764 Compbatt - ok
03:19:38.0855 5764 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
03:19:38.0889 5764 CompositeBus - ok
03:19:39.0112 5764 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
03:19:39.0153 5764 cpudrv - ok
03:19:39.0317 5764 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
03:19:39.0359 5764 crcdisk - ok
03:19:39.0473 5764 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
03:19:39.0581 5764 CSC - ok
03:19:39.0786 5764 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
03:19:39.0880 5764 DfsC - ok
03:19:39.0984 5764 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
03:19:40.0064 5764 discache - ok
03:19:40.0130 5764 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
03:19:40.0171 5764 Disk - ok
03:19:40.0356 5764 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
03:19:40.0442 5764 Dot4 - ok
03:19:40.0528 5764 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
03:19:40.0600 5764 Dot4Print - ok
03:19:40.0656 5764 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
03:19:40.0712 5764 dot4usb - ok
03:19:40.0881 5764 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
03:19:40.0937 5764 drmkaud - ok
03:19:41.0042 5764 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
03:19:41.0121 5764 DXGKrnl - ok
03:19:41.0310 5764 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
03:19:41.0487 5764 ebdrv - ok
03:19:41.0670 5764 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
03:19:41.0755 5764 ElbyCDIO - ok
03:19:41.0832 5764 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
03:19:41.0895 5764 elxstor - ok
03:19:41.0975 5764 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
03:19:42.0020 5764 ErrDev - ok
03:19:42.0238 5764 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
03:19:42.0320 5764 exfat - ok
03:19:42.0386 5764 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
03:19:42.0473 5764 fastfat - ok
03:19:42.0690 5764 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
03:19:42.0756 5764 fdc - ok
03:19:42.0818 5764 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
03:19:42.0858 5764 FileInfo - ok
03:19:42.0896 5764 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
03:19:42.0955 5764 Filetrace - ok
03:19:43.0026 5764 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
03:19:43.0077 5764 flpydisk - ok
03:19:43.0213 5764 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
03:19:43.0263 5764 FltMgr - ok
03:19:43.0576 5764 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
03:19:43.0615 5764 FsDepends - ok
03:19:43.0718 5764 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
03:19:43.0751 5764 Fs_Rec - ok
03:19:43.0895 5764 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
03:19:43.0967 5764 fvevol - ok
03:19:44.0017 5764 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
03:19:44.0057 5764 gagp30kx - ok
03:19:44.0170 5764 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:19:44.0226 5764 GEARAspiWDM - ok
03:19:44.0391 5764 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
03:19:44.0498 5764 hcw85cir - ok
03:19:44.0604 5764 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
03:19:44.0691 5764 HdAudAddService - ok
03:19:44.0769 5764 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
03:19:44.0849 5764 HDAudBus - ok
03:19:45.0010 5764 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
03:19:45.0105 5764 HidBatt - ok
03:19:45.0174 5764 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
03:19:45.0235 5764 HidBth - ok
03:19:45.0305 5764 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
03:19:45.0372 5764 HidIr - ok
03:19:45.0529 5764 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
03:19:45.0581 5764 HidUsb - ok
03:19:45.0788 5764 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
03:19:45.0821 5764 HpSAMD - ok
03:19:45.0976 5764 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
03:19:46.0104 5764 HTTP - ok
03:19:46.0185 5764 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
03:19:46.0215 5764 hwpolicy - ok
03:19:46.0337 5764 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
03:19:46.0424 5764 i8042prt - ok
03:19:46.0607 5764 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
03:19:46.0712 5764 iaStorV - ok
03:19:47.0155 5764 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
03:19:47.0527 5764 igfx - ok
03:19:47.0671 5764 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
03:19:47.0714 5764 iirsp - ok
03:19:47.0852 5764 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
03:19:47.0881 5764 intelide - ok
03:19:47.0956 5764 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
03:19:48.0017 5764 intelppm - ok
03:19:48.0095 5764 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:19:48.0174 5764 IpFilterDriver - ok
03:19:48.0296 5764 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
03:19:48.0386 5764 IPMIDRV - ok
03:19:48.0487 5764 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
03:19:48.0570 5764 IPNAT - ok
03:19:48.0710 5764 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
03:19:48.0831 5764 IRENUM - ok
03:19:48.0959 5764 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
03:19:49.0006 5764 isapnp - ok
03:19:49.0083 5764 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
03:19:49.0126 5764 iScsiPrt - ok
03:19:49.0259 5764 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
03:19:49.0294 5764 kbdclass - ok
03:19:49.0377 5764 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
03:19:49.0433 5764 kbdhid - ok
03:19:49.0590 5764 ksaud (9272a8404ce073d1502ad52c5a1024e3) C:\Windows\system32\drivers\ksaud.sys
03:19:49.0749 5764 ksaud - ok
03:19:49.0860 5764 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
03:19:49.0912 5764 KSecDD - ok
03:19:49.0987 5764 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
03:19:50.0026 5764 KSecPkg - ok
03:19:50.0152 5764 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
03:19:50.0244 5764 lltdio - ok
03:19:50.0356 5764 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
03:19:50.0401 5764 LSI_FC - ok
03:19:50.0435 5764 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
03:19:50.0469 5764 LSI_SAS - ok
03:19:50.0531 5764 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:19:50.0561 5764 LSI_SAS2 - ok
03:19:50.0633 5764 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:19:50.0671 5764 LSI_SCSI - ok
03:19:50.0756 5764 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
03:19:50.0837 5764 luafv - ok
03:19:50.0971 5764 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
03:19:51.0022 5764 megasas - ok
03:19:51.0088 5764 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
03:19:51.0126 5764 MegaSR - ok
03:19:51.0175 5764 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
03:19:51.0244 5764 Modem - ok
03:19:51.0339 5764 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
03:19:51.0380 5764 monitor - ok
03:19:51.0493 5764 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
03:19:51.0538 5764 mouclass - ok
03:19:51.0630 5764 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
03:19:51.0698 5764 mouhid - ok
03:19:51.0788 5764 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
03:19:51.0845 5764 mountmgr - ok
03:19:52.0010 5764 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
03:19:52.0084 5764 MpFilter - ok
03:19:52.0154 5764 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
03:19:52.0212 5764 mpio - ok
03:19:52.0335 5764 MpKsl35a36c24 - ok
03:19:52.0377 5764 MpKsla651ccff - ok
03:19:52.0387 5764 MpKsld0b5549d - ok
03:19:52.0481 5764 MpKslda6cd211 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B33AB11-3608-4389-B5BA-13D928068001}\MpKslda6cd211.sys
03:19:52.0522 5764 MpKslda6cd211 - ok
03:19:52.0665 5764 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
03:19:52.0717 5764 MpNWMon - ok
03:19:52.0791 5764 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
03:19:52.0871 5764 mpsdrv - ok
03:19:53.0037 5764 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
03:19:53.0101 5764 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
03:19:53.0101 5764 MREMP50 - detected UnsignedFile.Multi.Generic (1)
03:19:53.0138 5764 MREMPR5 - ok
03:19:53.0164 5764 MRENDIS5 - ok
03:19:53.0194 5764 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
03:19:53.0241 5764 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
03:19:53.0241 5764 MRESP50 - detected UnsignedFile.Multi.Generic (1)
03:19:53.0388 5764 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
03:19:53.0443 5764 MRxDAV - ok
03:19:53.0546 5764 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:19:53.0653 5764 mrxsmb - ok
03:19:53.0727 5764 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:19:53.0778 5764 mrxsmb10 - ok
03:19:53.0907 5764 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:19:53.0971 5764 mrxsmb20 - ok
03:19:54.0051 5764 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
03:19:54.0086 5764 msahci - ok
03:19:54.0159 5764 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
03:19:54.0206 5764 msdsm - ok
03:19:54.0312 5764 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
03:19:54.0369 5764 Msfs - ok
03:19:54.0488 5764 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
03:19:54.0562 5764 mshidkmdf - ok
03:19:54.0622 5764 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
03:19:54.0649 5764 msisadrv - ok
03:19:54.0765 5764 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
03:19:54.0864 5764 MSKSSRV - ok
03:19:54.0980 5764 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
03:19:55.0068 5764 MSPCLOCK - ok
03:19:55.0200 5764 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
03:19:55.0277 5764 MSPQM - ok
03:19:55.0333 5764 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
03:19:55.0375 5764 MsRPC - ok
03:19:55.0463 5764 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
03:19:55.0508 5764 mssmbios - ok
03:19:55.0595 5764 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
03:19:55.0667 5764 MSTEE - ok
03:19:55.0798 5764 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
03:19:55.0847 5764 MTConfig - ok
03:19:55.0897 5764 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
03:19:55.0930 5764 Mup - ok
03:19:56.0001 5764 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
03:19:56.0071 5764 NativeWifiP - ok
03:19:56.0163 5764 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
03:19:56.0247 5764 NDIS - ok
03:19:56.0402 5764 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
03:19:56.0479 5764 NdisCap - ok
03:19:56.0547 5764 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
03:19:56.0617 5764 NdisTapi - ok
03:19:56.0700 5764 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
03:19:56.0783 5764 Ndisuio - ok
03:19:56.0973 5764 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
03:19:57.0046 5764 NdisWan - ok
03:19:57.0207 5764 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
03:19:57.0263 5764 NDProxy - ok
03:19:57.0374 5764 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
03:19:57.0438 5764 NetBIOS - ok
03:19:57.0524 5764 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
03:19:57.0630 5764 NetBT - ok
03:19:58.0041 5764 netw5v32 (72466acb50784545689ead2473003cb5) C:\Windows\system32\DRIVERS\netw5v32.sys
03:19:58.0425 5764 netw5v32 - ok
03:19:58.0768 5764 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
03:19:59.0175 5764 NETwLv32 - ok
03:19:59.0289 5764 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
03:19:59.0335 5764 nfrd960 - ok
03:19:59.0406 5764 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
03:19:59.0458 5764 NisDrv - ok
03:19:59.0629 5764 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
03:19:59.0691 5764 NPF - ok
03:19:59.0802 5764 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
03:19:59.0897 5764 Npfs - ok
03:19:59.0950 5764 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
03:20:00.0015 5764 nsiproxy - ok
03:20:00.0123 5764 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
03:20:00.0314 5764 Ntfs - ok
03:20:00.0371 5764 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
03:20:00.0430 5764 Null - ok
03:20:00.0517 5764 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
03:20:00.0557 5764 nvraid - ok
03:20:00.0676 5764 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
03:20:00.0715 5764 nvstor - ok
03:20:00.0801 5764 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
03:20:00.0840 5764 nv_agp - ok
03:20:00.0937 5764 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
03:20:01.0001 5764 ohci1394 - ok
03:20:01.0230 5764 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
03:20:01.0294 5764 Parport - ok
03:20:01.0388 5764 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
03:20:01.0445 5764 partmgr - ok
03:20:01.0499 5764 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
03:20:01.0540 5764 Parvdm - ok
03:20:01.0727 5764 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys
03:20:01.0783 5764 pbfilter - ok
03:20:01.0950 5764 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
03:20:01.0991 5764 pci - ok
03:20:02.0064 5764 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
03:20:02.0090 5764 pciide - ok
03:20:02.0172 5764 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
03:20:02.0216 5764 pcmcia - ok
03:20:02.0264 5764 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
03:20:02.0296 5764 pcw - ok
03:20:02.0443 5764 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
03:20:02.0541 5764 PEAUTH - ok
03:20:02.0696 5764 pgfilter - ok
03:20:02.0980 5764 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
03:20:03.0103 5764 PptpMiniport - ok
03:20:03.0193 5764 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
03:20:03.0251 5764 Processor - ok
03:20:03.0322 5764 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
03:20:03.0399 5764 Psched - ok
03:20:03.0511 5764 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
03:20:03.0617 5764 ql2300 - ok
03:20:03.0769 5764 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
03:20:03.0820 5764 ql40xx - ok
03:20:03.0883 5764 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
03:20:03.0957 5764 QWAVEdrv - ok
03:20:04.0017 5764 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
03:20:04.0090 5764 RasAcd - ok
03:20:04.0163 5764 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:20:04.0245 5764 RasAgileVpn - ok
03:20:04.0422 5764 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:20:04.0514 5764 Rasl2tp - ok
03:20:04.0586 5764 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
03:20:04.0662 5764 RasPppoe - ok
03:20:04.0729 5764 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
03:20:04.0804 5764 RasSstp - ok
03:20:04.0898 5764 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
03:20:04.0984 5764 rdbss - ok
03:20:05.0128 5764 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
03:20:05.0179 5764 rdpbus - ok
03:20:05.0260 5764 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:20:05.0326 5764 RDPCDD - ok
03:20:05.0403 5764 RDPDISPM (3a3a4c256b91276210d3a2faf019313d) C:\Windows\system32\DRIVERS\rdpdispm.sys
03:20:05.0458 5764 RDPDISPM - ok
03:20:05.0541 5764 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
03:20:05.0618 5764 RDPDR - ok
03:20:05.0779 5764 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
03:20:05.0857 5764 RDPENCDD - ok
03:20:05.0912 5764 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
03:20:05.0982 5764 RDPREFMP - ok
03:20:06.0071 5764 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
03:20:06.0170 5764 RdpVideoMiniport - ok
03:20:06.0253 5764 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
03:20:06.0342 5764 RDPWD - ok
03:20:06.0496 5764 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
03:20:06.0546 5764 rdyboost - ok
03:20:06.0676 5764 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
03:20:06.0728 5764 RFCOMM - ok
03:20:06.0789 5764 rimmptsk (d65ac8797f0286ed269500747d6290a4) C:\Windows\system32\DRIVERS\rimmptsk.sys
03:20:06.0862 5764 rimmptsk - ok
03:20:07.0028 5764 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
03:20:07.0110 5764 rimsptsk - ok
03:20:07.0183 5764 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
03:20:07.0247 5764 rismxdp - ok
03:20:07.0469 5764 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
03:20:07.0527 5764 rspndr - ok
03:20:07.0630 5764 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
03:20:07.0737 5764 RTL8023xp - ok
03:20:07.0811 5764 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
03:20:07.0899 5764 s3cap - ok
03:20:08.0045 5764 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
03:20:08.0084 5764 sbp2port - ok
03:20:08.0165 5764 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
03:20:08.0211 5764 scfilter - ok
03:20:08.0319 5764 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
03:20:08.0403 5764 sdbus - ok
03:20:08.0517 5764 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
03:20:08.0598 5764 secdrv - ok
03:20:08.0734 5764 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
03:20:08.0783 5764 Serenum - ok
03:20:08.0837 5764 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
03:20:08.0918 5764 Serial - ok
03:20:09.0002 5764 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
03:20:09.0049 5764 sermouse - ok
03:20:09.0159 5764 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
03:20:09.0226 5764 sffdisk - ok
03:20:09.0337 5764 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
03:20:09.0377 5764 sffp_mmc - ok
03:20:09.0425 5764 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
03:20:09.0483 5764 sffp_sd - ok
03:20:09.0558 5764 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
03:20:09.0606 5764 sfloppy - ok
03:20:09.0761 5764 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
03:20:09.0797 5764 sisagp - ok
03:20:09.0906 5764 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:20:09.0950 5764 SiSRaid2 - ok
03:20:10.0002 5764 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
03:20:10.0034 5764 SiSRaid4 - ok
03:20:10.0117 5764 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
03:20:10.0181 5764 Smb - ok
03:20:10.0257 5764 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
03:20:10.0285 5764 spldr - ok
03:20:10.0417 5764 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
03:20:10.0511 5764 srv - ok
03:20:10.0620 5764 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
03:20:10.0703 5764 srv2 - ok
03:20:10.0760 5764 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
03:20:10.0801 5764 srvnet - ok
03:20:10.0887 5764 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
03:20:10.0915 5764 stexstor - ok
03:20:11.0041 5764 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
03:20:11.0105 5764 StillCam - ok
03:20:11.0272 5764 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
03:20:11.0324 5764 storflt - ok
03:20:11.0389 5764 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
03:20:11.0431 5764 storvsc - ok
03:20:11.0526 5764 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
03:20:11.0557 5764 swenum - ok
03:20:11.0775 5764 Synth3dVsc - ok
03:20:12.0158 5764 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
03:20:12.0437 5764 Tcpip - ok
03:20:12.0586 5764 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
03:20:12.0653 5764 TCPIP6 - ok
03:20:12.0757 5764 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
03:20:12.0835 5764 tcpipreg - ok
03:20:12.0929 5764 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
03:20:12.0992 5764 TDPIPE - ok
03:20:13.0050 5764 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
03:20:13.0111 5764 TDTCP - ok
03:20:13.0246 5764 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
03:20:13.0331 5764 tdx - ok
03:20:13.0470 5764 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
03:20:13.0549 5764 teamviewervpn - ok
03:20:13.0637 5764 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
03:20:13.0685 5764 TermDD - ok
03:20:13.0831 5764 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:20:13.0893 5764 tssecsrv - ok
03:20:14.0032 5764 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
03:20:14.0138 5764 TsUsbFlt - ok
03:20:14.0226 5764 tsusbhub - ok
03:20:14.0365 5764 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
03:20:14.0465 5764 tunnel - ok
03:20:14.0560 5764 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
03:20:14.0603 5764 uagp35 - ok
03:20:14.0685 5764 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
03:20:14.0758 5764 udfs - ok
03:20:14.0916 5764 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
03:20:14.0956 5764 uliagpkx - ok
03:20:15.0078 5764 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
03:20:15.0147 5764 umbus - ok
03:20:15.0221 5764 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
03:20:15.0275 5764 UmPass - ok
03:20:15.0373 5764 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
03:20:15.0470 5764 USBAAPL - ok
03:20:15.0584 5764 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
03:20:15.0655 5764 usbccgp - ok
03:20:15.0758 5764 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
03:20:15.0800 5764 usbcir - ok
03:20:15.0859 5764 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
03:20:15.0911 5764 usbehci - ok
03:20:16.0019 5764 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
03:20:16.0072 5764 usbhub - ok
03:20:16.0163 5764 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
03:20:16.0205 5764 usbohci - ok
03:20:16.0290 5764 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
03:20:16.0345 5764 usbprint - ok
03:20:16.0421 5764 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
03:20:16.0482 5764 usbscan - ok
03:20:16.0585 5764 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:20:16.0692 5764 USBSTOR - ok
03:20:16.0806 5764 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
03:20:16.0849 5764 usbuhci - ok
03:20:16.0954 5764 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
03:20:17.0004 5764 VClone - ok
03:20:17.0163 5764 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
03:20:17.0210 5764 vdrvroot - ok
03:20:17.0296 5764 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
03:20:17.0356 5764 vga - ok
03:20:17.0548 5764 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
03:20:17.0654 5764 VgaSave - ok
03:20:17.0672 5764 VGPU - ok
03:20:17.0725 5764 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
03:20:17.0769 5764 vhdmp - ok
03:20:17.0888 5764 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
03:20:17.0922 5764 viaagp - ok
03:20:17.0990 5764 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
03:20:18.0040 5764 ViaC7 - ok
03:20:18.0103 5764 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
03:20:18.0169 5764 viaide - ok
03:20:18.0279 5764 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
03:20:18.0326 5764 vmbus - ok
03:20:18.0383 5764 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
03:20:18.0444 5764 VMBusHID - ok
03:20:18.0535 5764 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
03:20:18.0566 5764 volmgr - ok
03:20:18.0639 5764 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
03:20:18.0680 5764 volmgrx - ok
03:20:18.0792 5764 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
03:20:18.0838 5764 volsnap - ok
03:20:18.0915 5764 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
03:20:18.0950 5764 vsmraid - ok
03:20:19.0010 5764 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
03:20:19.0067 5764 vwifibus - ok
03:20:19.0206 5764 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
03:20:19.0267 5764 WacomPen - ok
03:20:19.0461 5764 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
03:20:19.0569 5764 WANARP - ok
03:20:19.0583 5764 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
03:20:19.0643 5764 Wanarpv6 - ok
03:20:19.0710 5764 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
03:20:19.0747 5764 Wd - ok
03:20:19.0868 5764 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
03:20:19.0914 5764 Wdf01000 - ok
03:20:20.0007 5764 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
03:20:20.0056 5764 WfpLwf - ok
03:20:20.0129 5764 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
03:20:20.0167 5764 WIMMount - ok
03:20:20.0318 5764 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
03:20:20.0387 5764 WinUsb - ok
03:20:20.0494 5764 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
03:20:20.0552 5764 WmiAcpi - ok
03:20:20.0671 5764 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
03:20:20.0748 5764 ws2ifsl - ok
03:20:20.0898 5764 WsAudioDevice_383 (85ece26f326c2d07ba77a60343468272) C:\Windows\system32\drivers\WsAudioDevice_383.sys
03:20:20.0947 5764 WsAudioDevice_383 ( UnsignedFile.Multi.Generic ) - warning
03:20:20.0947 5764 WsAudioDevice_383 - detected UnsignedFile.Multi.Generic (1)
03:20:21.0107 5764 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
03:20:21.0176 5764 WSDPrintDevice - ok
03:20:21.0287 5764 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
03:20:21.0340 5764 WudfPf - ok
03:20:21.0453 5764 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:20:21.0557 5764 WUDFRd - ok
03:20:21.0671 5764 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
03:20:21.0798 5764 \Device\Harddisk0\DR0 - ok
03:20:21.0808 5764 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
03:20:22.0531 5764 \Device\Harddisk1\DR1 - ok
03:20:22.0538 5764 MBR (0x1B8) (207bc5a2e32c3df18e3a589c894b94b1) \Device\Harddisk2\DR2
03:20:27.0193 5764 \Device\Harddisk2\DR2 - ok
03:20:27.0198 5764 Boot (0x1200) (b63ddeafb3d2c2e5ce68206662afa6dc) \Device\Harddisk0\DR0\Partition0
03:20:27.0200 5764 \Device\Harddisk0\DR0\Partition0 - ok
03:20:27.0209 5764 Boot (0x1200) (d69f3233f56cc8bf791895ce49801bba) \Device\Harddisk1\DR1\Partition0
03:20:27.0211 5764 \Device\Harddisk1\DR1\Partition0 - ok
03:20:27.0213 5764 ============================================================
03:20:27.0213 5764 Scan finished
03:20:27.0214 5764 ============================================================
03:20:27.0236 4476 Detected object count: 4
03:20:27.0236 4476 Actual detected object count: 4
03:21:31.0292 4476 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
03:21:31.0292 4476 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:21:31.0293 4476 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
03:21:31.0293 4476 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:21:31.0296 4476 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
03:21:31.0296 4476 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:21:31.0299 4476 WsAudioDevice_383 ( UnsignedFile.Multi.Generic ) - skipped by user
03:21:31.0299 4476 WsAudioDevice_383 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:22:03.0403 5176 ============================================================
03:22:03.0404 5176 Scan started
03:22:03.0404 5176 Mode: Manual; SigCheck; TDLFS;
03:22:03.0404 5176 ============================================================
03:22:15.0417 5176 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
03:22:15.0468 5176 1394ohci - ok
03:22:15.0537 5176 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
03:22:15.0589 5176 ACPI - ok
03:22:15.0630 5176 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
03:22:15.0666 5176 AcpiPmi - ok
03:22:15.0711 5176 ADIHdAudAddService (b28831eb859c6460fdeea602e098d93d) C:\Windows\system32\drivers\ADIHdAud.sys
03:22:15.0744 5176 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - warning
03:22:15.0744 5176 ADIHdAudAddService - detected UnsignedFile.Multi.Generic (1)
03:22:15.0841 5176 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
03:22:15.0884 5176 adp94xx - ok
03:22:15.0918 5176 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
03:22:15.0959 5176 adpahci - ok
03:22:16.0003 5176 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
03:22:16.0042 5176 adpu320 - ok
03:22:16.0190 5176 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
03:22:16.0241 5176 AFD - ok
03:22:16.0360 5176 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
03:22:16.0398 5176 agp440 - ok
03:22:16.0450 5176 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
03:22:16.0495 5176 aic78xx - ok
03:22:16.0592 5176 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
03:22:16.0633 5176 aliide - ok
03:22:16.0731 5176 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
03:22:16.0768 5176 amdagp - ok
03:22:16.0859 5176 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
03:22:16.0891 5176 amdide - ok
03:22:17.0025 5176 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
03:22:17.0072 5176 AmdK8 - ok
03:22:17.0133 5176 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
03:22:17.0172 5176 AmdPPM - ok
03:22:17.0258 5176 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
03:22:17.0294 5176 amdsata - ok
03:22:17.0393 5176 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
03:22:17.0433 5176 amdsbs - ok
03:22:17.0515 5176 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
03:22:17.0548 5176 amdxata - ok
03:22:17.0643 5176 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
03:22:17.0692 5176 AppID - ok
03:22:17.0794 5176 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
03:22:17.0839 5176 arc - ok
03:22:18.0179 5176 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
03:22:18.0212 5176 arcsas - ok
03:22:18.0265 5176 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
03:22:18.0323 5176 AsyncMac - ok
03:22:18.0394 5176 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
03:22:18.0424 5176 atapi - ok
03:22:18.0538 5176 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
03:22:18.0600 5176 ATSwpWDF - ok
03:22:18.0705 5176 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
03:22:18.0753 5176 b06bdrv - ok
03:22:18.0863 5176 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
03:22:18.0900 5176 b57nd60x - ok
03:22:18.0977 5176 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
03:22:19.0018 5176 Beep - ok
03:22:19.0086 5176 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
03:22:19.0132 5176 blbdrive - ok
03:22:19.0256 5176 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
03:22:19.0293 5176 bowser - ok
03:22:19.0343 5176 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:22:19.0387 5176 BrFiltLo - ok
03:22:19.0491 5176 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:22:19.0520 5176 BrFiltUp - ok
03:22:19.0626 5176 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
03:22:19.0690 5176 Brserid - ok
03:22:19.0778 5176 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
03:22:19.0854 5176 BrSerWdm - ok
03:22:19.0920 5176 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:22:19.0964 5176 BrUsbMdm - ok
03:22:20.0047 5176 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
03:22:20.0084 5176 BrUsbSer - ok
03:22:20.0194 5176 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
03:22:20.0235 5176 BthEnum - ok
03:22:20.0337 5176 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
03:22:20.0389 5176 BTHMODEM - ok
03:22:20.0513 5176 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
03:22:20.0573 5176 BthPan - ok
03:22:20.0671 5176 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
03:22:20.0714 5176 BTHPORT - ok
03:22:20.0816 5176 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
03:22:20.0854 5176 BTHUSB - ok
03:22:20.0934 5176 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
03:22:21.0006 5176 btusbflt - ok
03:22:21.0123 5176 catchme - ok
03:22:21.0262 5176 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
03:22:21.0326 5176 cdfs - ok
03:22:21.0440 5176 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
03:22:21.0481 5176 cdrom - ok
03:22:21.0553 5176 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
03:22:21.0591 5176 circlass - ok
03:22:21.0679 5176 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
03:22:21.0726 5176 CLFS - ok
03:22:21.0782 5176 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
03:22:21.0817 5176 CmBatt - ok
03:22:21.0957 5176 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
03:22:21.0986 5176 cmdide - ok
03:22:22.0099 5176 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
03:22:22.0144 5176 CNG - ok
03:22:22.0230 5176 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
03:22:22.0258 5176 Compbatt - ok
03:22:22.0339 5176 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
03:22:22.0397 5176 CompositeBus - ok
03:22:22.0496 5176 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
03:22:22.0526 5176 cpudrv - ok
03:22:22.0690 5176 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
03:22:22.0722 5176 crcdisk - ok
03:22:22.0936 5176 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
03:22:22.0979 5176 CSC - ok
03:22:23.0216 5176 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
03:22:23.0289 5176 DfsC - ok
03:22:23.0380 5176 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
03:22:23.0437 5176 discache - ok
03:22:23.0572 5176 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
03:22:23.0613 5176 Disk - ok
03:22:23.0709 5176 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
03:22:23.0758 5176 Dot4 - ok
03:22:23.0835 5176 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
03:22:23.0869 5176 Dot4Print - ok
03:22:23.0952 5176 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
03:22:23.0991 5176 dot4usb - ok
03:22:24.0144 5176 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
03:22:24.0228 5176 drmkaud - ok
03:22:24.0417 5176 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
03:22:24.0495 5176 DXGKrnl - ok
03:22:24.0733 5176 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
03:22:24.0909 5176 ebdrv - ok
03:22:25.0044 5176 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
03:22:25.0060 5176 ElbyCDIO - ok
03:22:25.0161 5176 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
03:22:25.0211 5176 elxstor - ok
03:22:25.0294 5176 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
03:22:25.0318 5176 ErrDev - ok
03:22:25.0467 5176 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
03:22:25.0529 5176 exfat - ok
03:22:25.0615 5176 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
03:22:25.0674 5176 fastfat - ok
03:22:25.0732 5176 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
03:22:25.0765 5176 fdc - ok
03:22:25.0847 5176 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
03:22:25.0890 5176 FileInfo - ok
03:22:25.0981 5176 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
03:22:26.0030 5176 Filetrace - ok
03:22:26.0134 5176 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
03:22:26.0184 5176 flpydisk - ok
03:22:26.0287 5176 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
03:22:26.0337 5176 FltMgr - ok
03:22:26.0406 5176 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
03:22:26.0438 5176 FsDepends - ok
03:22:26.0525 5176 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
03:22:26.0556 5176 Fs_Rec - ok
03:22:26.0657 5176 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
03:22:26.0713 5176 fvevol - ok
03:22:26.0836 5176 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
03:22:26.0886 5176 gagp30kx - ok
03:22:26.0988 5176 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:22:27.0037 5176 GEARAspiWDM - ok
03:22:27.0110 5176 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
03:22:27.0141 5176 hcw85cir - ok
03:22:27.0221 5176 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
03:22:27.0265 5176 HdAudAddService - ok
03:22:27.0354 5176 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
03:22:27.0395 5176 HDAudBus - ok
03:22:27.0484 5176 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
03:22:27.0521 5176 HidBatt - ok
03:22:27.0615 5176 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
03:22:27.0670 5176 HidBth - ok
03:22:27.0735 5176 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
03:22:27.0774 5176 HidIr - ok
03:22:27.0868 5176 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
03:22:27.0903 5176 HidUsb - ok
03:22:28.0016 5176 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
03:22:28.0049 5176 HpSAMD - ok
03:22:28.0181 5176 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
03:22:28.0267 5176 HTTP - ok
03:22:28.0402 5176 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
03:22:28.0433 5176 hwpolicy - ok
03:22:28.0519 5176 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
03:22:28.0565 5176 i8042prt - ok
03:22:28.0657 5176 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
03:22:28.0719 5176 iaStorV - ok
03:22:29.0023 5176 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
03:22:29.0299 5176 igfx - ok
03:22:29.0422 5176 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
03:22:29.0458 5176 iirsp - ok
03:22:29.0547 5176 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
03:22:29.0586 5176 intelide - ok
03:22:29.0651 5176 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
03:22:29.0694 5176 intelppm - ok
03:22:29.0779 5176 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:22:29.0846 5176 IpFilterDriver - ok
03:22:29.0957 5176 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
03:22:30.0000 5176 IPMIDRV - ok
03:22:30.0138 5176 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
03:22:30.0202 5176 IPNAT - ok
03:22:30.0272 5176 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
03:22:30.0309 5176 IRENUM - ok
03:22:30.0399 5176 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
03:22:30.0433 5176 isapnp - ok
03:22:30.0823 5176 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
03:22:30.0878 5176 iScsiPrt - ok
03:22:30.0977 5176 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
03:22:31.0027 5176 kbdclass - ok
03:22:31.0106 5176 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
03:22:31.0142 5176 kbdhid - ok
03:22:31.0241 5176 ksaud (9272a8404ce073d1502ad52c5a1024e3) C:\Windows\system32\drivers\ksaud.sys
03:22:31.0316 5176 ksaud - ok
03:22:31.0410 5176 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
03:22:31.0452 5176 KSecDD - ok
03:22:31.0583 5176 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
03:22:31.0633 5176 KSecPkg - ok
03:22:31.0692 5176 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
03:22:31.0742 5176 lltdio - ok
03:22:31.0796 5176 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
03:22:31.0826 5176 LSI_FC - ok
03:22:31.0883 5176 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
03:22:31.0916 5176 LSI_SAS - ok
03:22:31.0962 5176 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:22:32.0007 5176 LSI_SAS2 - ok
03:22:32.0050 5176 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:22:32.0082 5176 LSI_SCSI - ok
03:22:32.0128 5176 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
03:22:32.0185 5176 luafv - ok
03:22:32.0319 5176 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
03:22:32.0359 5176 megasas - ok
03:22:32.0417 5176 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
03:22:32.0455 5176 MegaSR - ok
03:22:32.0504 5176 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
03:22:32.0555 5176 Modem - ok
03:22:32.0623 5176 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
03:22:32.0657 5176 monitor - ok
03:22:32.0732 5176 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
03:22:32.0773 5176 mouclass - ok
03:22:32.0815 5176 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
03:22:32.0852 5176 mouhid - ok
03:22:32.0983 5176 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
03:22:33.0031 5176 mountmgr - ok
03:22:33.0105 5176 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
03:22:33.0161 5176 MpFilter - ok
03:22:33.0273 5176 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
03:22:33.0328 5176 mpio - ok
03:22:33.0508 5176 MpKsl35a36c24 - ok
03:22:33.0587 5176 MpKsla651ccff - ok
03:22:33.0602 5176 MpKsld0b5549d - ok
03:22:33.0687 5176 MpKslda6cd211 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B33AB11-3608-4389-B5BA-13D928068001}\MpKslda6cd211.sys
03:22:33.0734 5176 MpKslda6cd211 - ok
03:22:33.0849 5176 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
03:22:33.0892 5176 MpNWMon - ok
03:22:33.0997 5176 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
03:22:34.0057 5176 mpsdrv - ok
03:22:34.0188 5176 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
03:22:34.0219 5176 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
03:22:34.0219 5176 MREMP50 - detected UnsignedFile.Multi.Generic (1)
03:22:34.0229 5176 MREMPR5 - ok
03:22:34.0235 5176 MRENDIS5 - ok
03:22:34.0256 5176 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
03:22:34.0280 5176 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
03:22:34.0280 5176 MRESP50 - detected UnsignedFile.Multi.Generic (1)
03:22:34.0349 5176 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
03:22:34.0393 5176 MRxDAV - ok
03:22:34.0531 5176 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:22:34.0603 5176 mrxsmb - ok
03:22:34.0699 5176 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:22:34.0746 5176 mrxsmb10 - ok
03:22:34.0814 5176 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:22:34.0857 5176 mrxsmb20 - ok
03:22:34.0935 5176 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
03:22:34.0965 5176 msahci - ok
03:22:35.0099 5176 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
03:22:35.0139 5176 msdsm - ok
03:22:35.0263 5176 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
03:22:35.0319 5176 Msfs - ok
03:22:35.0372 5176 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
03:22:35.0417 5176 mshidkmdf - ok
03:22:35.0461 5176 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
03:22:35.0488 5176 msisadrv - ok
03:22:35.0538 5176 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
03:22:35.0588 5176 MSKSSRV - ok
03:22:35.0697 5176 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
03:22:35.0745 5176 MSPCLOCK - ok
03:22:35.0829 5176 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
03:22:35.0872 5176 MSPQM - ok
03:22:35.0939 5176 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
03:22:35.0973 5176 MsRPC - ok
03:22:36.0059 5176 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
03:22:36.0096 5176 mssmbios - ok
03:22:36.0146 5176 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
03:22:36.0184 5176 MSTEE - ok
03:22:36.0260 5176 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
03:22:36.0289 5176 MTConfig - ok
03:22:36.0370 5176 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
03:22:36.0409 5176 Mup - ok
03:22:36.0511 5176 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
03:22:36.0599 5176 NativeWifiP - ok
03:22:36.0727 5176 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
03:22:36.0810 5176 NDIS - ok
03:22:36.0931 5176 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
03:22:36.0988 5176 NdisCap - ok
03:22:37.0087 5176 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
03:22:37.0136 5176 NdisTapi - ok
03:22:37.0206 5176 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
03:22:37.0256 5176 Ndisuio - ok
03:22:37.0335 5176 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
03:22:37.0389 5176 NdisWan - ok
03:22:37.0512 5176 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
03:22:37.0578 5176 NDProxy - ok
03:22:37.0704 5176 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
03:22:37.0759 5176 NetBIOS - ok
03:22:37.0841 5176 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
03:22:37.0932 5176 NetBT - ok
03:22:38.0259 5176 netw5v32 (72466acb50784545689ead2473003cb5) C:\Windows\system32\DRIVERS\netw5v32.sys
03:22:38.0622 5176 netw5v32 - ok
03:22:38.0960 5176 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
03:22:39.0293 5176 NETwLv32 - ok
03:22:39.0428 5176 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
03:22:39.0459 5176 nfrd960 - ok
03:22:39.0513 5176 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
03:22:39.0566 5176 NisDrv - ok
03:22:39.0647 5176 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
03:22:39.0688 5176 NPF - ok
03:22:39.0764 5176 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
03:22:39.0829 5176 Npfs - ok
03:22:39.0890 5176 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
03:22:39.0938 5176 nsiproxy - ok
03:22:40.0086 5176 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
03:22:40.0280 5176 Ntfs - ok
03:22:40.0389 5176 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
03:22:40.0450 5176 Null - ok
03:22:40.0525 5176 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
03:22:40.0568 5176 nvraid - ok
03:22:40.0658 5176 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
03:22:40.0692 5176 nvstor - ok
03:22:40.0786 5176 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
03:22:40.0826 5176 nv_agp - ok
03:22:40.0934 5176 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
03:22:40.0981 5176 ohci1394 - ok
03:22:41.0082 5176 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
03:22:41.0124 5176 Parport - ok
03:22:41.0218 5176 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
03:22:41.0272 5176 partmgr - ok
03:22:41.0351 5176 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
03:22:41.0386 5176 Parvdm - ok
03:22:41.0512 5176 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys
03:22:41.0562 5176 pbfilter - ok
03:22:41.0669 5176 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
03:22:41.0705 5176 pci - ok
03:22:41.0772 5176 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
03:22:41.0802 5176 pciide - ok
03:22:41.0879 5176 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
03:22:41.0926 5176 pcmcia - ok
03:22:42.0005 5176 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
03:22:42.0035 5176 pcw - ok
03:22:42.0106 5176 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
03:22:42.0211 5176 PEAUTH - ok
03:22:42.0315 5176 pgfilter - ok
03:22:42.0442 5176 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
03:22:42.0496 5176 PptpMiniport - ok
03:22:42.0599 5176 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
03:22:42.0651 5176 Processor - ok
03:22:42.0739 5176 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
03:22:42.0794 5176 Psched - ok
03:22:42.0895 5176 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
03:22:43.0016 5176 ql2300 - ok
03:22:43.0097 5176 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
03:22:43.0144 5176 ql40xx - ok
03:22:43.0278 5176 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
03:22:43.0335 5176 QWAVEdrv - ok
03:22:43.0423 5176 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
03:22:43.0485 5176 RasAcd - ok
03:22:43.0581 5176 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:22:43.0643 5176 RasAgileVpn - ok
03:22:43.0695 5176 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:22:43.0748 5176 Rasl2tp - ok
03:22:43.0815 5176 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
03:22:43.0871 5176 RasPppoe - ok
03:22:43.0935 5176 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
03:22:43.0988 5176 RasSstp - ok
03:22:44.0083 5176 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
03:22:44.0159 5176 rdbss - ok
03:22:44.0268 5176 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
03:22:44.0309 5176 rdpbus - ok
03:22:44.0393 5176 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:22:44.0434 5176 RDPCDD - ok
03:22:44.0499 5176 RDPDISPM (3a3a4c256b91276210d3a2faf019313d) C:\Windows\system32\DRIVERS\rdpdispm.sys
03:22:44.0550 5176 RDPDISPM - ok
03:22:44.0648 5176 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
03:22:44.0699 5176 RDPDR - ok
03:22:44.0774 5176 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
03:22:44.0824 5176 RDPENCDD - ok
03:22:44.0941 5176 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
03:22:44.0981 5176 RDPREFMP - ok
03:22:45.0044 5176 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
03:22:45.0082 5176 RdpVideoMiniport - ok
03:22:45.0181 5176 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
03:22:45.0250 5176 RDPWD - ok
03:22:45.0359 5176 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
03:22:45.0407 5176 rdyboost - ok
03:22:45.0516 5176 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
03:22:45.0562 5176 RFCOMM - ok
03:22:45.0651 5176 rimmptsk (d65ac8797f0286ed269500747d6290a4) C:\Windows\system32\DRIVERS\rimmptsk.sys
03:22:45.0695 5176 rimmptsk - ok
03:22:45.0768 5176 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
03:22:45.0803 5176 rimsptsk - ok
03:22:45.0894 5176 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
03:22:45.0935 5176 rismxdp - ok
03:22:46.0043 5176 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
03:22:46.0094 5176 rspndr - ok
03:22:46.0204 5176 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
03:22:46.0272 5176 RTL8023xp - ok
03:22:46.0340 5176 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
03:22:46.0368 5176 s3cap - ok
03:22:46.0417 5176 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
03:22:46.0451 5176 sbp2port - ok
03:22:46.0549 5176 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
03:22:46.0607 5176 scfilter - ok
03:22:46.0681 5176 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
03:22:46.0724 5176 sdbus - ok
03:22:46.0835 5176 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
03:22:46.0909 5176 secdrv - ok
03:22:46.0985 5176 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
03:22:47.0017 5176 Serenum - ok
03:22:47.0066 5176 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
03:22:47.0125 5176 Serial - ok
03:22:47.0209 5176 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
03:22:47.0253 5176 sermouse - ok
03:22:47.0344 5176 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
03:22:47.0383 5176 sffdisk - ok
03:22:47.0466 5176 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
03:22:47.0498 5176 sffp_mmc - ok
03:22:47.0565 5176 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
03:22:47.0602 5176 sffp_sd - ok
03:22:47.0676 5176 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
03:22:47.0707 5176 sfloppy - ok
03:22:47.0801 5176 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
03:22:47.0849 5176 sisagp - ok
03:22:47.0901 5176 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:22:47.0929 5176 SiSRaid2 - ok
03:22:48.0008 5176 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
03:22:48.0040 5176 SiSRaid4 - ok
03:22:48.0101 5176 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
03:22:48.0162 5176 Smb - ok
03:22:48.0263 5176 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
03:22:48.0301 5176 spldr - ok
03:22:48.0424 5176 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
03:22:48.0500 5176 srv - ok
03:22:48.0593 5176 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
03:22:48.0640 5176 srv2 - ok
03:22:48.0710 5176 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
03:22:48.0750 5176 srvnet - ok
03:22:48.0827 5176 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
03:22:48.0855 5176 stexstor - ok
03:22:48.0948 5176 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
03:22:48.0982 5176 StillCam - ok
03:22:49.0079 5176 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
03:22:49.0128 5176 storflt - ok
03:22:49.0218 5176 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
03:22:49.0260 5176 storvsc - ok
03:22:49.0333 5176 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
03:22:49.0378 5176 swenum - ok
03:22:49.0427 5176 Synth3dVsc - ok
03:22:49.0583 5176 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
03:22:49.0689 5176 Tcpip - ok
03:22:49.0799 5176 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
03:22:49.0878 5176 TCPIP6 - ok
03:22:49.0997 5176 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
03:22:50.0049 5176 tcpipreg - ok
03:22:50.0214 5176 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
03:22:50.0267 5176 TDPIPE - ok
03:22:50.0323 5176 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
03:22:50.0372 5176 TDTCP - ok
03:22:50.0464 5176 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
03:22:50.0531 5176 tdx - ok
03:22:50.0659 5176 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
03:22:50.0730 5176 teamviewervpn - ok
03:22:50.0890 5176 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
03:22:50.0951 5176 TermDD - ok
03:22:51.0149 5176 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:22:51.0203 5176 tssecsrv - ok
03:22:51.0305 5176 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
03:22:51.0391 5176 TsUsbFlt - ok
03:22:51.0477 5176 tsusbhub - ok
03:22:51.0571 5176 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
03:22:51.0631 5176 tunnel - ok
03:22:51.0711 5176 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
03:22:51.0746 5176 uagp35 - ok
03:22:51.0836 5176 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
03:22:51.0902 5176 udfs - ok
03:22:52.0023 5176 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
03:22:52.0065 5176 uliagpkx - ok
03:22:52.0174 5176 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
03:22:52.0213 5176 umbus - ok
03:22:52.0283 5176 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
03:22:52.0306 5176 UmPass - ok
03:22:52.0413 5176 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
03:22:52.0462 5176 USBAAPL - ok
03:22:52.0546 5176 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
03:22:52.0601 5176 usbccgp - ok
03:22:52.0708 5176 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
03:22:52.0744 5176 usbcir - ok
03:22:52.0799 5176 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
03:22:52.0828 5176 usbehci - ok
03:22:52.0892 5176 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
03:22:52.0937 5176 usbhub - ok
03:22:53.0037 5176 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
03:22:53.0067 5176 usbohci - ok
03:22:53.0119 5176 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
03:22:53.0155 5176 usbprint - ok
03:22:53.0250 5176 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
03:22:53.0297 5176 usbscan - ok
03:22:53.0359 5176 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:22:53.0394 5176 USBSTOR - ok
03:22:53.0457 5176 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
03:22:53.0486 5176 usbuhci - ok
03:22:53.0594 5176 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
03:22:53.0639 5176 VClone - ok
03:22:53.0725 5176 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
03:22:53.0758 5176 vdrvroot - ok
03:22:53.0880 5176 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
03:22:53.0927 5176 vga - ok
03:22:53.0987 5176 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
03:22:54.0039 5176 VgaSave - ok
03:22:54.0276 5176 VGPU - ok
03:22:54.0344 5176 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
03:22:54.0388 5176 vhdmp - ok
03:22:54.0417 5176 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
03:22:54.0454 5176 viaagp - ok
03:22:54.0496 5176 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
03:22:54.0529 5176 ViaC7 - ok
03:22:54.0576 5176 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
03:22:54.0603 5176 viaide - ok
03:22:54.0675 5176 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
03:22:54.0728 5176 vmbus - ok
03:22:54.0801 5176 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
03:22:54.0837 5176 VMBusHID - ok
03:22:54.0919 5176 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
03:22:54.0962 5176 volmgr - ok
03:22:55.0090 5176 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
03:22:55.0138 5176 volmgrx - ok
03:22:55.0243 5176 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
03:22:55.0287 5176 volsnap - ok
03:22:55.0366 5176 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
03:22:55.0404 5176 vsmraid - ok
03:22:55.0495 5176 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
03:22:55.0534 5176 vwifibus - ok
03:22:55.0657 5176 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
03:22:55.0693 5176 WacomPen - ok
03:22:55.0867 5176 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
03:22:55.0925 5176 WANARP - ok
03:22:55.0930 5176 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
03:22:55.0984 5176 Wanarpv6 - ok
03:22:56.0055 5176 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
03:22:56.0083 5176 Wd - ok
03:22:56.0154 5176 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
03:22:56.0203 5176 Wdf01000 - ok
03:22:56.0269 5176 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
03:22:56.0315 5176 WfpLwf - ok
03:22:56.0414 5176 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
03:22:56.0443 5176 WIMMount - ok
03:22:56.0569 5176 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
03:22:56.0621 5176 WinUsb - ok
03:22:56.0678 5176 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
03:22:56.0713 5176 WmiAcpi - ok
03:22:56.0799 5176 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
03:22:56.0872 5176 ws2ifsl - ok
03:22:56.0937 5176 WsAudioDevice_383 (85ece26f326c2d07ba77a60343468272) C:\Windows\system32\drivers\WsAudioDevice_383.sys
03:22:56.0958 5176 WsAudioDevice_383 ( UnsignedFile.Multi.Generic ) - warning
03:22:56.0958 5176 WsAudioDevice_383 - detected UnsignedFile.Multi.Generic (1)
03:22:57.0068 5176 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
03:22:57.0109 5176 WSDPrintDevice - ok
03:22:57.0237 5176 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
03:22:57.0286 5176 WudfPf - ok
03:22:57.0347 5176 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:22:57.0402 5176 WUDFRd - ok
03:22:57.0454 5176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
03:22:57.0660 5176 \Device\Harddisk0\DR0 - ok
03:22:57.0667 5176 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
03:22:57.0982 5176 \Device\Harddisk1\DR1 - ok
03:22:57.0989 5176 MBR (0x1B8) (207bc5a2e32c3df18e3a589c894b94b1) \Device\Harddisk2\DR2
03:23:02.0615 5176 \Device\Harddisk2\DR2 - ok
03:23:02.0621 5176 Boot (0x1200) (b63ddeafb3d2c2e5ce68206662afa6dc) \Device\Harddisk0\DR0\Partition0
03:23:02.0623 5176 \Device\Harddisk0\DR0\Partition0 - ok
03:23:02.0630 5176 Boot (0x1200) (d69f3233f56cc8bf791895ce49801bba) \Device\Harddisk1\DR1\Partition0
03:23:02.0632 5176 \Device\Harddisk1\DR1\Partition0 - ok
03:23:02.0634 5176 ============================================================
03:23:02.0634 5176 Scan finished
03:23:02.0634 5176 ============================================================
03:23:02.0652 1324 Detected object count: 4
03:23:02.0652 1324 Actual detected object count: 4
03:23:08.0277 1324 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
03:23:08.0277 1324 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:23:08.0277 1324 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
03:23:08.0278 1324 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:23:08.0284 1324 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
03:23:08.0284 1324 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:23:08.0288 1324 WsAudioDevice_383 ( UnsignedFile.Multi.Generic ) - skipped by user
03:23:08.0290 1324 WsAudioDevice_383 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#4 elpage

elpage
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 05 January 2012 - 06:48 AM

And the other two. Thanks, again!! el page

OTL logfile created on: 1/5/2012 3:26:44 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Guest PC\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.41 Gb Available Physical Memory | 20.68% Memory free
3.98 Gb Paging File | 1.87 Gb Available in Paging File | 47.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 15.50 Gb Free Space | 13.87% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 193.72 Gb Free Space | 41.59% Space Free | Partition Type: NTFS
Drive G: | 29.55 Gb Total Space | 29.55 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: GUEST-PC | User Name: Guest PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 03:26:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Guest PC\Desktop\OTL.exe
PRC - [2012/01/05 03:18:44 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Guest PC\Desktop\tdsskiller.exe
PRC - [2011/12/23 21:00:50 | 011,106,880 | ---- | M] (Ventis Media Inc.) -- C:\Program Files\MediaMonkey\MediaMonkey.exe
PRC - [2011/12/22 08:05:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/14 03:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/12/14 03:59:19 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2011/12/14 03:41:55 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2011/11/16 13:21:02 | 001,009,152 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
PRC - [2011/11/16 13:19:42 | 000,066,048 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
PRC - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2011/10/28 17:20:16 | 000,286,736 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/07/26 21:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2011/07/26 21:18:24 | 002,495,056 | ---- | M] (Plex, Inc.) -- C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2011/06/23 20:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/25 12:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Guest PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/15 16:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/12 14:32:06 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/01/12 14:13:16 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/18 22:45:32 | 000,065,536 | ---- | M] (Edwin Hermann [edwin@www.co.nz]) -- C:\Program Files\Now Playing Tool for OtsAV\Now Playing Tool for OtsAV.exe
PRC - [2010/07/27 01:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/08/28 18:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/31 07:20:48 | 000,581,632 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\MediaMonkey\Plugins\f_aac_codec.dll
MOD - [2011/12/23 21:01:52 | 000,842,816 | ---- | M] () -- C:\Program Files\MediaMonkey\UPnP.dll
MOD - [2011/12/23 21:01:40 | 000,222,272 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_wma.dll
MOD - [2011/12/23 21:01:38 | 000,164,928 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_vorbis.dll
MOD - [2011/12/23 21:01:36 | 000,333,888 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_wave.dll
MOD - [2011/12/23 21:01:34 | 000,327,232 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_mpc.dll
MOD - [2011/12/23 21:01:34 | 000,246,848 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_ogg.dll
MOD - [2011/12/23 21:01:30 | 000,326,720 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_ape.dll
MOD - [2011/12/23 21:01:30 | 000,154,176 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_flac.dll
MOD - [2011/12/23 21:01:28 | 000,300,096 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_USBMass1.dll
MOD - [2011/12/23 21:01:26 | 000,399,424 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_iRiverH.dll
MOD - [2011/12/23 21:01:18 | 000,378,432 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\out_WASAPI.dll
MOD - [2011/12/23 21:01:18 | 000,347,712 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\out_MMDS.dll
MOD - [2011/12/23 21:01:18 | 000,103,488 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_wmp3.dll
MOD - [2011/12/23 21:01:16 | 000,265,280 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_MPG.dll
MOD - [2011/12/23 21:01:16 | 000,137,792 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_video.dll
MOD - [2011/12/23 21:01:16 | 000,081,472 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_wav.dll
MOD - [2011/12/23 21:01:16 | 000,055,360 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_mfaudio.dll
MOD - [2011/12/23 21:01:14 | 000,391,232 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_aac.dll
MOD - [2011/12/23 21:01:14 | 000,384,064 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_MP4.dll
MOD - [2011/12/23 21:01:14 | 000,348,736 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_mkv.dll
MOD - [2011/12/23 21:01:14 | 000,306,240 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_AVI.dll
MOD - [2011/12/23 21:01:14 | 000,260,160 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_FLV.dll
MOD - [2011/12/23 21:01:14 | 000,185,408 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_flac_codec.dll
MOD - [2011/12/23 21:01:12 | 001,116,736 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_iPhone.dll
MOD - [2011/12/23 21:01:12 | 001,031,232 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_iPod.dll
MOD - [2011/12/23 21:01:12 | 000,407,616 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_WMDM.dll
MOD - [2011/12/23 21:01:10 | 000,054,336 | ---- | M] () -- C:\Program Files\MediaMonkey\MMHelper.dll
MOD - [2011/12/23 21:01:08 | 000,132,160 | ---- | M] () -- C:\Program Files\MediaMonkey\WMAuth.dll
MOD - [2011/12/23 21:01:00 | 000,103,488 | ---- | M] () -- C:\Program Files\MediaMonkey\Equalize.dll
MOD - [2011/12/23 20:55:12 | 000,367,616 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_WMV.dll
MOD - [2011/12/23 20:55:10 | 000,671,744 | ---- | M] () -- C:\Program Files\MediaMonkey\iPhoneCalc.dll
MOD - [2011/12/23 20:54:36 | 000,581,632 | ---- | M] () -- C:\Program Files\MediaMonkey\SQLite3MM.dll
MOD - [2011/12/23 19:04:34 | 000,077,824 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_mpc.dll
MOD - [2011/12/23 19:04:34 | 000,013,824 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\out_wave.dll
MOD - [2011/12/22 08:05:42 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/17 05:34:12 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/16 13:19:42 | 000,066,048 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
MOD - [2011/11/08 12:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/26 21:19:38 | 000,032,848 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2011/07/26 21:19:36 | 000,044,112 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2011/07/26 21:19:36 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2011/07/26 21:19:34 | 000,195,664 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2011/07/26 21:19:34 | 000,057,424 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2011/07/26 21:19:32 | 000,841,296 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2011/07/26 21:19:30 | 000,824,912 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2011/07/26 21:19:30 | 000,049,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2011/07/26 21:19:28 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2011/07/26 21:19:26 | 000,365,648 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2011/07/26 21:19:26 | 000,131,152 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_elementtree.pyd
MOD - [2011/07/26 21:19:24 | 000,093,776 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2011/07/26 21:19:22 | 000,589,904 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2011/07/26 21:19:22 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2011/07/26 21:19:20 | 000,134,224 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2011/07/26 21:19:14 | 000,628,816 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\tag.dll
MOD - [2011/07/26 21:19:10 | 000,526,464 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\sqlite3.dll
MOD - [2011/07/26 21:19:08 | 000,086,608 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2011/07/26 21:19:06 | 000,150,096 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2011/07/26 21:19:00 | 000,173,136 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxslt.dll
MOD - [2011/07/26 21:18:58 | 001,009,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxml2.dll
MOD - [2011/07/26 21:18:56 | 000,063,056 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libexslt.dll
MOD - [2011/07/26 21:18:34 | 000,373,328 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\CORE_RL_Magick++_.dll
MOD - [2011/07/26 21:18:34 | 000,178,256 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\CORE_RL_lcms_.dll
MOD - [2011/07/26 21:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2009/02/27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/14 03:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/16 13:21:02 | 001,009,152 | ---- | M] () [Auto | Running] -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe -- (tvMobiliService)
SRV - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/10/28 17:20:16 | 000,286,736 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/09/26 09:05:32 | 008,158,720 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/09/26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/05/23 05:27:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/12 14:32:06 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2011/01/12 14:13:16 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/07/27 01:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/05/23 08:40:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/05/23 07:43:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/28 18:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKsl35a36c24)
DRV - [2012/01/04 18:45:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B33AB11-3608-4389-B5BA-13D928068001}\MpKslda6cd211.sys -- (MpKslda6cd211)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/30 08:07:06 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/10/07 03:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel®
DRV - [2010/09/22 15:17:32 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpdispm.sys -- (RDPDISPM)
DRV - [2010/06/25 09:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/05/31 10:58:33 | 006,638,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel®
DRV - [2010/04/14 00:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/03/17 12:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 12:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/18 09:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/12/15 09:23:00 | 000,899,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud)
DRV - [2009/12/03 15:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/09/07 08:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/07/13 16:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 15:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/06/25 06:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 06:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/11/19 09:41:08 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudioDevice_383.sys -- (WsAudioDevice_383)
DRV - [2008/07/22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 EC 07 6F 31 21 CB 01 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 EC 07 6F 31 21 CB 01 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8118

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z011&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: {F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}:1.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {210249CE-F888-11DD-B868-4CB456D89593}:3.0.2
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:1.99.20110227
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Sonne DVD Creator\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Sonne DVD Creator\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Sonne DVD Creator\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Sonne DVD Creator\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/09 11:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 08:05:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 19:29:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/09 11:15:01 | 000,000,000 | ---D | M]

[2010/04/18 16:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Extensions
[2012/01/04 06:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions
[2012/01/04 06:04:58 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/08/31 03:21:03 | 000,000,000 | ---D | M] (OpenDownload²) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}
[2011/08/11 22:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/11/07 20:33:42 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2011/11/18 22:02:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/12/24 07:45:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/24 16:10:28 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\foxmarks@kei.com
[2011/03/23 07:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\nostmp
[2011/12/17 09:31:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\piclens@cooliris.com
[2011/12/18 09:52:24 | 000,000,000 | ---D | M] (Yontoo Layers (Drop Down Deals)) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\plugin@yontoo.com
[2011/12/02 06:32:02 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\video.downloader.plugin@ffpimp.com
[2010/07/16 08:05:24 | 000,001,832 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Mozilla\Firefox\Profiles\bwzt28yc.default\searchplugins\bing.xml
[2010/12/16 17:12:47 | 000,002,246 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Mozilla\Firefox\Profiles\bwzt28yc.default\searchplugins\google--nibbo.xml
[2011/06/16 22:48:03 | 000,005,117 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Mozilla\Firefox\Profiles\bwzt28yc.default\searchplugins\search.xml
[2010/11/29 20:52:26 | 000,004,140 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Mozilla\Firefox\Profiles\bwzt28yc.default\searchplugins\youtube.xml
[2011/11/25 10:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\{19D3B002-1AD1-4A69-A5B3-AA98773DBB86}.XPI
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2011/12/22 08:05:43 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 10:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/03 20:58:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/23 09:05:34 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (Yontoo Layers (Drop Down Deals)) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - Startup: C:\Users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Guest PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6532C855-9422-451A-99F9-2DA517254BD8}: DhcpNameServer = 192.168.1.1 68.238.64.12 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF87322-DFA9-4567-BA65-F1C56DD284C8}: DhcpNameServer = 192.168.1.1 68.238.64.12
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 03:26:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Guest PC\Desktop\OTL.exe
[2012/01/05 03:18:32 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Guest PC\Desktop\tdsskiller.exe
[2012/01/04 17:53:08 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Local\Plex Media Server
[2012/01/04 17:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2012/01/04 17:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\Plex
[2012/01/04 15:57:58 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\Desktop\gmer
[2012/01/04 15:39:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Guest PC\Desktop\dds.com
[2012/01/04 07:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2012/01/04 07:30:23 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Guest PC\Desktop\thekiss.com
[2011/12/31 08:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TVMOBiLi
[2011/12/31 08:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\TVMOBiLi
[2011/12/29 09:06:53 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RadioDJ
[2011/12/29 09:01:51 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ots Labs
[2011/12/29 08:36:34 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Local\Conceiva
[2011/12/29 08:08:03 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\MediaMonkey
[2011/12/29 08:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2011/12/29 01:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011/12/28 07:55:35 | 004,200,024 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf400.dll
[2011/12/28 07:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2011/12/26 23:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/26 21:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2011/12/22 19:30:01 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2011/12/22 19:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011/12/22 19:29:25 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Winamp
[2011/12/22 19:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/12/18 09:54:20 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\Documents\Downloads
[2011/12/18 09:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)
[2011/12/18 09:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/12/18 08:57:19 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Foxit Software
[2011/12/18 08:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\foxit software
[2011/12/17 09:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/17 09:02:22 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Nitro PDF
[2011/12/17 08:57:19 | 000,026,400 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2011/12/17 08:57:19 | 000,017,696 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2011/12/17 08:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2011/12/17 08:51:26 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Downloaded Installations
[2011/12/15 03:04:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 03:04:35 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/15 03:04:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 03:04:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 03:04:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 03:04:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 16:33:34 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 16:33:29 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 16:33:28 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 16:33:27 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 16:33:25 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 16:33:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/11 10:47:00 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\PFStaticIP
[2011/12/11 08:09:41 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\AVG
[2011/12/11 08:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/11 07:54:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/12/11 07:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/12/11 07:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/11 07:30:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/11 06:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 03:26:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Guest PC\Desktop\OTL.exe
[2012/01/05 03:18:44 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Guest PC\Desktop\tdsskiller.exe
[2012/01/04 18:04:55 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 18:04:55 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 18:01:46 | 000,631,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/04 18:01:46 | 000,109,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/04 17:57:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/04 17:56:36 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/04 15:57:23 | 000,294,216 | ---- | M] () -- C:\Users\Guest PC\Desktop\gmer.zip
[2012/01/04 15:39:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Guest PC\Desktop\dds.com
[2012/01/04 15:38:45 | 000,000,000 | ---- | M] () -- C:\Users\Guest PC\defogger_reenable
[2012/01/04 15:38:03 | 000,050,477 | ---- | M] () -- C:\Users\Guest PC\Desktop\Defogger.exe
[2012/01/04 07:45:48 | 000,001,105 | ---- | M] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2012/01/04 07:45:48 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2012/01/04 07:30:36 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Guest PC\Desktop\thekiss.com
[2012/01/04 07:19:52 | 001,008,141 | ---- | M] () -- C:\Users\Guest PC\Desktop\WiNlOgOn.exe
[2012/01/04 07:10:38 | 000,001,560 | ---- | M] () -- C:\Users\Guest PC\Desktop\iExplore.exe.lnk
[2011/12/31 08:46:29 | 000,002,160 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVMOBiLiArtworkManager.lnk
[2011/12/31 08:46:29 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\TVMOBiLi.lnk
[2011/12/29 08:32:13 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI
[2011/12/29 08:08:03 | 000,001,023 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MediaMonkey.lnk
[2011/12/29 01:27:31 | 000,064,000 | ---- | M] () -- C:\Users\Guest PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 20:38:44 | 003,790,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/28 07:55:08 | 000,000,120 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2011/12/28 07:28:11 | 000,007,608 | ---- | M] () -- C:\Users\Guest PC\AppData\Local\Resmon.ResmonCfg
[2011/12/28 06:23:36 | 000,001,095 | ---- | M] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/26 23:49:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/25 12:34:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\HP_192.168.0.137_CN08SC23C705H5
[2011/12/22 19:30:01 | 000,000,965 | ---- | M] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/12/22 08:06:26 | 000,002,002 | ---- | M] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/19 21:10:57 | 000,011,634 | -HS- | M] () -- C:\Users\Guest PC\AppData\Local\gvwxmx4a6mpq6fpy7ogq7g473s8k
[2011/12/19 21:10:57 | 000,011,634 | -HS- | M] () -- C:\ProgramData\gvwxmx4a6mpq6fpy7ogq7g473s8k
[2011/12/17 09:56:16 | 000,002,624 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/16 07:12:22 | 000,000,132 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/16 07:09:08 | 000,001,456 | ---- | M] () -- C:\Users\Guest PC\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/04 15:57:21 | 000,294,216 | ---- | C] () -- C:\Users\Guest PC\Desktop\gmer.zip
[2012/01/04 15:38:45 | 000,000,000 | ---- | C] () -- C:\Users\Guest PC\defogger_reenable
[2012/01/04 15:37:48 | 000,050,477 | ---- | C] () -- C:\Users\Guest PC\Desktop\Defogger.exe
[2012/01/04 07:45:48 | 000,001,105 | ---- | C] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2012/01/04 07:45:48 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2012/01/04 07:19:45 | 001,008,141 | ---- | C] () -- C:\Users\Guest PC\Desktop\WiNlOgOn.exe
[2012/01/04 07:03:14 | 000,001,560 | ---- | C] () -- C:\Users\Guest PC\Desktop\iExplore.exe.lnk
[2011/12/31 08:46:29 | 000,002,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVMOBiLiArtworkManager.lnk
[2011/12/31 08:46:29 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\TVMOBiLi.lnk
[2011/12/29 08:08:03 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MediaMonkey.lnk
[2011/12/29 01:44:42 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2011/12/28 07:28:11 | 000,007,608 | ---- | C] () -- C:\Users\Guest PC\AppData\Local\Resmon.ResmonCfg
[2011/12/28 06:23:36 | 000,001,095 | ---- | C] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/26 23:49:33 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/26 23:49:02 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/25 12:34:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\HP_192.168.0.137_CN08SC23C705H5
[2011/12/22 19:30:01 | 000,000,965 | ---- | C] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/12/19 20:10:32 | 000,011,634 | -HS- | C] () -- C:\Users\Guest PC\AppData\Local\gvwxmx4a6mpq6fpy7ogq7g473s8k
[2011/12/19 20:10:32 | 000,011,634 | -HS- | C] () -- C:\ProgramData\gvwxmx4a6mpq6fpy7ogq7g473s8k
[2011/12/19 19:44:28 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2011/10/20 10:19:00 | 000,000,132 | ---- | C] () -- C:\Users\Guest PC\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/10/20 09:25:37 | 000,001,456 | ---- | C] () -- C:\Users\Guest PC\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/19 11:03:21 | 000,000,058 | ---- | C] () -- C:\Windows\DPHPedit.INI
[2011/10/15 17:29:04 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/10/15 17:07:28 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/09/11 05:51:44 | 000,000,600 | ---- | C] () -- C:\Users\Guest PC\AppData\Local\PUTTY.RND
[2011/09/10 10:49:50 | 000,000,600 | ---- | C] () -- C:\Users\Guest PC\AppData\Roaming\winscp.rnd
[2011/07/10 08:36:55 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI
[2011/07/09 11:06:50 | 000,205,815 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/07/04 15:35:18 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/06/30 05:44:57 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2011/06/06 23:17:20 | 000,200,416 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/24 06:02:26 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/04/20 09:35:26 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/04/20 09:31:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/11 18:09:18 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/29 14:58:55 | 000,000,110 | ---- | C] () -- C:\Windows\edcast_aacp.ini
[2011/03/19 10:06:02 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/19 10:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/28 07:49:34 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/02/28 07:49:34 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/02/08 21:16:22 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/12/26 06:02:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/26 06:02:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/26 06:02:40 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/26 06:02:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/26 06:02:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/11 12:05:30 | 000,064,000 | ---- | C] () -- C:\Users\Guest PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/25 09:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/06/16 16:22:01 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/23 08:45:52 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB1090.ini
[2010/05/23 08:45:52 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB0910.ini
[2010/05/23 08:45:52 | 000,001,346 | ---- | C] () -- C:\ProgramData\cfSB1100.ini
[2010/05/23 08:45:52 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfSB0300.ini
[2010/05/23 08:45:52 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfSB0471.ini
[2010/05/23 08:45:52 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfSB0490.ini
[2010/05/23 08:45:52 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfSB0560.ini
[2010/05/23 08:45:52 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0271.ini
[2010/05/23 08:45:52 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0270.ini
[2010/05/23 08:45:52 | 000,000,590 | ---- | C] () -- C:\ProgramData\cfSB0950.ini
[2010/05/23 08:02:44 | 000,177,664 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/05/23 08:02:44 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/05/23 07:48:23 | 000,033,327 | ---- | C] () -- C:\Windows\System32\kschimp.ini
[2010/05/23 07:48:23 | 000,000,029 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/05/23 07:48:21 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfgks150plus.ini
[2010/05/23 07:48:21 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfgks50.ini
[2010/05/23 07:48:20 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfgBennu.ini
[2010/05/23 07:48:20 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfgks500.ini
[2010/05/23 07:48:20 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfgks550.ini
[2010/05/23 07:48:20 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfgks150.ini
[2010/05/23 07:48:20 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfgks200.ini
[2010/05/23 07:48:19 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfgks100.ini
[2010/05/23 07:48:02 | 000,028,635 | ---- | C] () -- C:\Windows\System32\ksaud.ini
[2010/01/29 13:21:20 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/12/02 18:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 003,790,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,631,692 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,109,636 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2001/08/06 19:16:34 | 000,045,056 | ---- | C] () -- C:\Windows\OTS_UI.EXE

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 1/5/2012 3:26:44 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Guest PC\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.41 Gb Available Physical Memory | 20.68% Memory free
3.98 Gb Paging File | 1.87 Gb Available in Paging File | 47.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 15.50 Gb Free Space | 13.87% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 193.72 Gb Free Space | 41.59% Space Free | Partition Type: NTFS
Drive G: | 29.55 Gb Total Space | 29.55 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: GUEST-PC | User Name: Guest PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OtsPlay.exe" "%1" /play /surf ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers
"{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}" = Sound Blaster X-Fi Surround 5.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15FE4745-FF95-4746-A817-70CD06AAE8B8}" = Plex Media Server
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1" = Folder Size 1.9.5.0
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6237936D-B108-84CD-5A75-1F28210A597B}" = ATI Catalyst Install Manager
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime (Drop Down Deals) 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93A038DC-5F4C-4463-9847-E184E74951B6}" = Digital Cable Advisor
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor
"{AB67B5F9-B19A-42F4-A57D-46114D71060E}" = Intel® PROSet/Wireless WiFi Software
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{B3E7DD3D-1806-4317-89CF-4BCC7823B775}" = Acid Rane
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"Any Video Converter_is1" = Any Video Converter 3.3.1
"AudioCS" = Creative Audio Control Panel
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Connect" = Cisco Connect
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Console Launcher" = Creative Console Launcher
"Creative Entertainment Center" = Creative Entertainment Center
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Creative Volume Panel" = Volume Panel
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DtsFilter" = DTS+AC3 Filter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.2
"HandBrake" = HandBrake 0.9.5
"HDMI" = Intel® Graphics Media Accelerator Driver
"Host OpenAL" = Host OpenAL
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NirSoft ShellExView" = NirSoft ShellExView
"Notepad++" = Notepad++
"Now Playing Tool for OtsAV_is1" = Now Playing Tool for OtsAV 2.3.0
"Ots Studio" = Ots Studio 1.01.005
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"RadioDJ_is1" = RadioDJ
"Remote Control System" = Remote Control System
"SCDNAS" = SHOUTcast DNAS (remove only)
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.0 (remove only)
"Spotify" = Spotify
"SysInfo" = Creative System Information
"TeamViewer 7" = TeamViewer 7
"The KMPlayer" = The KMPlayer (remove only)
"tvMobili" = tvMobili
"URLSnooper 2_is1" = URL Snooper v2.29.01
"uTorrent" = µTorrent
"Verizon Help and Support" = Verizon Help and Support Tool
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"VueScan" = VueScan
"WampServer 2_is1" = WampServer 2.2
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/4/2012 10:09:16 PM | Computer Name = GUEST-PC | Source = Bonjour Service | ID = 100
Description = 636: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 1/4/2012 10:20:24 PM | Computer Name = GUEST-PC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 1/4/2012 10:20:24 PM | Computer Name = GUEST-PC | Source = Bonjour Service | ID = 100
Description = 636: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 1/4/2012 10:22:40 PM | Computer Name = GUEST-PC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 1/4/2012 10:22:40 PM | Computer Name = GUEST-PC | Source = Bonjour Service | ID = 100
Description = 636: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 1/4/2012 10:46:21 PM | Computer Name = GUEST-PC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 1/4/2012 10:46:21 PM | Computer Name = GUEST-PC | Source = Bonjour Service | ID = 100
Description = 636: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 1/4/2012 10:58:05 PM | Computer Name = Guest-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TeamViewer_Service.exe, version: 7.0.12313.0,
time stamp: 0x4ee88f90 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000e6b Faulting process id:
0x940 Faulting application start time: 0x01cccb4d5eb9eff6 Faulting application path:
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe Faulting module path:
unknown Report Id: 165a2b0e-3749-11e1-b574-0016cee18458

Error - 1/5/2012 4:35:45 AM | Computer Name = Guest-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\cisco systems\cisco
connect\Drivers\Sxcsapi64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/5/2012 4:37:15 AM | Computer Name = Guest-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

[ Media Center Events ]
Error - 11/19/2010 12:46:21 AM | Computer Name = Guest-PC | Source = MCUpdate | ID = 0
Description = 6:45:54 PM - Error connecting to the internet. 6:45:54 PM - Unable
to contact server..

Error - 11/19/2010 12:48:54 PM | Computer Name = Guest-PC | Source = MCUpdate | ID = 0
Description = 6:48:54 AM - Error connecting to the internet. 6:48:54 AM - Unable
to contact server..

Error - 11/19/2010 12:49:05 PM | Computer Name = Guest-PC | Source = MCUpdate | ID = 0
Description = 6:48:59 AM - Error connecting to the internet. 6:48:59 AM - Unable
to contact server..

Error - 11/20/2010 12:46:50 AM | Computer Name = Guest-PC | Source = MCUpdate | ID = 0
Description = 6:46:50 PM - Error connecting to the internet. 6:46:50 PM - Unable
to contact server..

Error - 11/20/2010 12:47:03 AM | Computer Name = Guest-PC | Source = MCUpdate | ID = 0
Description = 6:46:55 PM - Error connecting to the internet. 6:46:55 PM - Unable
to contact server..

Error - 11/20/2010 5:12:39 PM | Computer Name = Guest-PC | Source = MCUpdate | ID = 0
Description = 11:12:38 AM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 1/6/2011 12:43:06 AM | Computer Name = Guest-PC | Source = MCUpdate | ID = 0
Description = 8:43:03 PM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 1/7/2011 1:35:22 AM | Computer Name = Guest-PC | Source = MCUpdate | ID = 0
Description = 9:35:21 PM - Error connecting to the internet. 9:35:22 PM - Unable
to contact server..

Error - 1/7/2011 1:35:33 AM | Computer Name = Guest-PC | Source = MCUpdate | ID = 0
Description = 9:35:27 PM - Error connecting to the internet. 9:35:27 PM - Unable
to contact server..

Error - 5/18/2011 5:17:55 PM | Computer Name = Guest-PC | Source = MCUpdate | ID = 0
Description = 2:17:49 PM - Error connecting to the internet. 2:17:49 PM - Unable
to contact server..

[ OSession Events ]
Error - 5/11/2011 9:45:55 AM | Computer Name = Guest-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 5607
seconds with 2520 seconds of active time. This session ended with a crash.

Error - 6/16/2011 10:03:17 AM | Computer Name = Guest-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 87982
seconds with 1080 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/4/2012 12:04:46 AM | Computer Name = Guest-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 1/4/2012 5:30:33 AM | Computer Name = Guest-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 1/4/2012 12:07:27 PM | Computer Name = Guest-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/4/2012 9:57:03 PM | Computer Name = Guest-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:54:58 PM on ?1/?4/?2012 was unexpected.

Error - 1/4/2012 9:57:17 PM | Computer Name = GUEST-PC | Source = BugCheck | ID = 1001
Description =

Error - 1/4/2012 9:57:07 PM | Computer Name = Guest-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/4/2012 9:57:10 PM | Computer Name = Guest-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/4/2012 9:57:20 PM | Computer Name = Guest-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/4/2012 9:57:33 PM | Computer Name = Guest-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/4/2012 10:58:33 PM | Computer Name = Guest-PC | Source = Service Control Manager | ID = 7031
Description = The TeamViewer 7 service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 2000 milliseconds:
Restart the service.


< End of report >

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:23 AM

Posted 05 January 2012 - 08:45 AM

Hi elpage!

I need to have you run OTL again using a special custom scan script.

OTL Custom Scan

We need to create a new OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click on the NONE button at the top.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    ADIHdAud.sys
    MREMP50.SYS
    MRESP50.SYS
    WsAudioDevice_383.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    %WinDir%\$NtUninstallKB*$. /90
    c:\windows\$NtUninstallKB*$\*.* /s
    
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 elpage

elpage
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 05 January 2012 - 11:44 AM

OK, ST. Here are the results. The only strange thing is that ComboFix says that I have avast! Antivirus on my computer when I ran the program. I don't. I tried to remove whatever is there by trying AppRemover both as a program and failed uninstall but it found nothing. Again, thanks for your help in this!! el page

OTL logfile created on: 1/5/2012 7:07:15 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Guest PC\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 16.56% Memory free
3.98 Gb Paging File | 2.07 Gb Available in Paging File | 51.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 15.43 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 193.72 Gb Free Space | 41.59% Space Free | Partition Type: NTFS
Drive G: | 29.55 Gb Total Space | 29.55 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: GUEST-PC | User Name: Guest PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 03:26:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Guest PC\Desktop\OTL.exe
PRC - [2011/12/23 21:00:50 | 011,106,880 | ---- | M] (Ventis Media Inc.) -- C:\Program Files\MediaMonkey\MediaMonkey.exe
PRC - [2011/12/22 08:05:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/14 03:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/12/14 03:59:19 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2011/12/14 03:41:55 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2011/11/16 13:21:02 | 001,009,152 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
PRC - [2011/11/16 13:19:42 | 000,066,048 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
PRC - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2011/10/28 17:20:16 | 000,286,736 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/09/26 09:05:32 | 008,158,720 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe
PRC - [2011/09/26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
PRC - [2011/09/26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
PRC - [2011/06/23 20:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/25 12:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Guest PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/12 14:32:06 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/01/12 14:13:16 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/12/31 09:40:06 | 001,169,920 | ---- | M] (Aestan Software) -- C:\wamp\wampmanager.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/18 22:45:32 | 000,065,536 | ---- | M] (Edwin Hermann [edwin@www.co.nz]) -- C:\Program Files\Now Playing Tool for OtsAV\Now Playing Tool for OtsAV.exe
PRC - [2010/07/27 01:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/08/28 18:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/31 07:20:48 | 000,581,632 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\MediaMonkey\Plugins\f_aac_codec.dll
MOD - [2011/12/23 21:01:52 | 000,842,816 | ---- | M] () -- C:\Program Files\MediaMonkey\UPnP.dll
MOD - [2011/12/23 21:01:40 | 000,222,272 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_wma.dll
MOD - [2011/12/23 21:01:38 | 000,164,928 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_vorbis.dll
MOD - [2011/12/23 21:01:36 | 000,333,888 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_wave.dll
MOD - [2011/12/23 21:01:34 | 000,327,232 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_mpc.dll
MOD - [2011/12/23 21:01:34 | 000,246,848 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_ogg.dll
MOD - [2011/12/23 21:01:30 | 000,326,720 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_ape.dll
MOD - [2011/12/23 21:01:30 | 000,154,176 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_flac.dll
MOD - [2011/12/23 21:01:28 | 000,300,096 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_USBMass1.dll
MOD - [2011/12/23 21:01:26 | 000,399,424 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_iRiverH.dll
MOD - [2011/12/23 21:01:18 | 000,378,432 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\out_WASAPI.dll
MOD - [2011/12/23 21:01:18 | 000,347,712 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\out_MMDS.dll
MOD - [2011/12/23 21:01:18 | 000,103,488 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_wmp3.dll
MOD - [2011/12/23 21:01:16 | 000,265,280 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_MPG.dll
MOD - [2011/12/23 21:01:16 | 000,137,792 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_video.dll
MOD - [2011/12/23 21:01:16 | 000,081,472 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_wav.dll
MOD - [2011/12/23 21:01:16 | 000,055,360 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_mfaudio.dll
MOD - [2011/12/23 21:01:14 | 000,391,232 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_aac.dll
MOD - [2011/12/23 21:01:14 | 000,384,064 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_MP4.dll
MOD - [2011/12/23 21:01:14 | 000,348,736 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_mkv.dll
MOD - [2011/12/23 21:01:14 | 000,306,240 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_AVI.dll
MOD - [2011/12/23 21:01:14 | 000,260,160 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_FLV.dll
MOD - [2011/12/23 21:01:14 | 000,185,408 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_flac_codec.dll
MOD - [2011/12/23 21:01:12 | 001,116,736 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_iPhone.dll
MOD - [2011/12/23 21:01:12 | 001,031,232 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_iPod.dll
MOD - [2011/12/23 21:01:12 | 000,407,616 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_WMDM.dll
MOD - [2011/12/23 21:01:10 | 000,054,336 | ---- | M] () -- C:\Program Files\MediaMonkey\MMHelper.dll
MOD - [2011/12/23 21:01:08 | 000,132,160 | ---- | M] () -- C:\Program Files\MediaMonkey\WMAuth.dll
MOD - [2011/12/23 21:01:00 | 000,103,488 | ---- | M] () -- C:\Program Files\MediaMonkey\Equalize.dll
MOD - [2011/12/23 20:55:12 | 000,367,616 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_WMV.dll
MOD - [2011/12/23 20:55:10 | 000,671,744 | ---- | M] () -- C:\Program Files\MediaMonkey\iPhoneCalc.dll
MOD - [2011/12/23 20:54:36 | 000,581,632 | ---- | M] () -- C:\Program Files\MediaMonkey\SQLite3MM.dll
MOD - [2011/12/23 19:04:34 | 000,077,824 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_mpc.dll
MOD - [2011/12/23 19:04:34 | 000,013,824 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\out_wave.dll
MOD - [2011/12/22 08:05:42 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/17 05:34:12 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/16 13:19:42 | 000,066,048 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
MOD - [2011/11/08 12:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/14 03:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/16 13:21:02 | 001,009,152 | ---- | M] () [Auto | Running] -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe -- (tvMobiliService)
SRV - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/10/28 17:20:16 | 000,286,736 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/09/26 09:05:32 | 008,158,720 | ---- | M] () [On_Demand | Running] -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/09/26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Running] -- c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/05/23 05:27:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/12 14:32:06 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2011/01/12 14:13:16 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/07/27 01:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/05/23 08:40:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/05/23 07:43:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/28 18:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2012/01/05 05:18:30 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E28F2C4E-BFC3-4432-A7EC-8BCBD88CFF4D}\MpKsl4dd6f82d.sys -- (MpKsl4dd6f82d)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/30 08:07:06 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/10/07 03:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel®
DRV - [2010/09/22 15:17:32 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpdispm.sys -- (RDPDISPM)
DRV - [2010/06/25 09:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/05/31 10:58:33 | 006,638,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel®
DRV - [2010/04/14 00:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/03/17 12:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 12:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/18 09:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/12/15 09:23:00 | 000,899,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud)
DRV - [2009/12/03 15:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/09/07 08:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/07/13 16:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 15:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/06/25 06:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 06:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/11/19 09:41:08 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudioDevice_383.sys -- (WsAudioDevice_383)
DRV - [2008/07/22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 EC 07 6F 31 21 CB 01 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 EC 07 6F 31 21 CB 01 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8118

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z011&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: {F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}:1.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {210249CE-F888-11DD-B868-4CB456D89593}:3.0.2
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:1.99.20110227
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Sonne DVD Creator\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Sonne DVD Creator\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Sonne DVD Creator\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Sonne DVD Creator\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/09 11:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 08:05:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 19:29:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/09 11:15:01 | 000,000,000 | ---D | M]

[2010/04/18 16:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Extensions
[2012/01/05 04:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions
[2012/01/04 06:04:58 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/08/31 03:21:03 | 000,000,000 | ---D | M] (OpenDownload²) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}
[2011/08/11 22:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/11/07 20:33:42 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2011/11/18 22:02:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/12/24 07:45:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/24 16:10:28 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\foxmarks@kei.com
[2011/03/23 07:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\nostmp
[2011/12/17 09:31:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\piclens@cooliris.com
[2011/12/18 09:52:24 | 000,000,000 | ---D | M] (Yontoo Layers (Drop Down Deals)) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\plugin@yontoo.com
[2011/12/02 06:32:02 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\video.downloader.plugin@ffpimp.com
[2010/07/16 08:05:24 | 000,001,832 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Mozilla\Firefox\Profiles\bwzt28yc.default\searchplugins\bing.xml
[2010/12/16 17:12:47 | 000,002,246 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Mozilla\Firefox\Profiles\bwzt28yc.default\searchplugins\google--nibbo.xml
[2011/06/16 22:48:03 | 000,005,117 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Mozilla\Firefox\Profiles\bwzt28yc.default\searchplugins\search.xml
[2010/11/29 20:52:26 | 000,004,140 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Mozilla\Firefox\Profiles\bwzt28yc.default\searchplugins\youtube.xml
[2011/11/25 10:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\{19D3B002-1AD1-4A69-A5B3-AA98773DBB86}.XPI
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2011/12/22 08:05:43 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 10:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/03 20:58:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/23 09:05:34 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (Yontoo Layers (Drop Down Deals)) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - Startup: C:\Users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Guest PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1058434613-1767177230-3604328015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6532C855-9422-451A-99F9-2DA517254BD8}: DhcpNameServer = 192.168.1.1 68.238.64.12 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF87322-DFA9-4567-BA65-F1C56DD284C8}: DhcpNameServer = 192.168.1.1 68.238.64.12
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Users^Guest PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ALLUpdate - hkey= - key= - File not found
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - File not found
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CoolStartUp - hkey= - key= - File not found
MsConfig - StartUpReg: Creative SB Monitoring Utility - hkey= - key= - File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - File not found
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: IJNetworkScannerSelectorEX - hkey= - key= - C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Module Loader - hkey= - key= - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: MusicManager - hkey= - key= - File not found
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: Verizon_McciTrayApp - hkey= - key= - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
MsConfig - StartUpReg: VolPanel - hkey= - key= - C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
MsConfig - StartUpReg: {0228e555-4f9c-4e35-a3ec-b109a192b4c2} - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {238F4EFF-E82D-6079-97D6-34E25D4F5781} - Themes Setup
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 04:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer
[2012/01/05 04:44:52 | 025,476,564 | ---- | C] (Hervé Leclerc (HeL) ) -- C:\Users\Guest PC\Desktop\WampServer2.2a-x32.exe
[2012/01/05 03:26:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Guest PC\Desktop\OTL.exe
[2012/01/05 03:18:32 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Guest PC\Desktop\tdsskiller.exe
[2012/01/04 17:53:08 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Local\Plex Media Server
[2012/01/04 17:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2012/01/04 17:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\Plex
[2012/01/04 15:57:58 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\Desktop\gmer
[2012/01/04 15:39:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Guest PC\Desktop\dds.com
[2012/01/04 07:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2012/01/04 07:30:23 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Guest PC\Desktop\thekiss.com
[2011/12/31 08:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TVMOBiLi
[2011/12/31 08:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\TVMOBiLi
[2011/12/29 09:06:53 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RadioDJ
[2011/12/29 09:01:51 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ots Labs
[2011/12/29 08:36:34 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Local\Conceiva
[2011/12/29 08:08:03 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\MediaMonkey
[2011/12/29 08:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2011/12/29 01:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011/12/28 07:55:35 | 004,200,024 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf400.dll
[2011/12/28 07:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2011/12/26 23:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/26 21:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2011/12/22 19:30:01 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2011/12/22 19:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011/12/22 19:29:25 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Winamp
[2011/12/22 19:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/12/18 09:54:20 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\Documents\Downloads
[2011/12/18 09:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)
[2011/12/18 09:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/12/18 08:57:19 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Foxit Software
[2011/12/18 08:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\foxit software
[2011/12/17 09:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/17 09:02:22 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Nitro PDF
[2011/12/17 08:57:19 | 000,026,400 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2011/12/17 08:57:19 | 000,017,696 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2011/12/17 08:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2011/12/17 08:51:26 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Downloaded Installations
[2011/12/15 03:04:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 03:04:35 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/15 03:04:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 03:04:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 03:04:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 03:04:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 16:33:34 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 16:33:29 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 16:33:28 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 16:33:27 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 16:33:25 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 16:33:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/11 10:47:00 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\PFStaticIP
[2011/12/11 08:09:41 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\AVG
[2011/12/11 08:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/11 07:54:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/12/11 07:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/12/11 07:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/11 07:30:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/11 06:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/05 05:13:49 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 05:13:49 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 05:10:50 | 000,631,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/05 05:10:50 | 000,109,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/05 05:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/05 05:06:00 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 04:46:00 | 025,476,564 | ---- | M] (Hervé Leclerc (HeL) ) -- C:\Users\Guest PC\Desktop\WampServer2.2a-x32.exe
[2012/01/05 03:26:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Guest PC\Desktop\OTL.exe
[2012/01/05 03:18:44 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Guest PC\Desktop\tdsskiller.exe
[2012/01/04 15:57:23 | 000,294,216 | ---- | M] () -- C:\Users\Guest PC\Desktop\gmer.zip
[2012/01/04 15:39:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Guest PC\Desktop\dds.com
[2012/01/04 15:38:45 | 000,000,000 | ---- | M] () -- C:\Users\Guest PC\defogger_reenable
[2012/01/04 15:38:03 | 000,050,477 | ---- | M] () -- C:\Users\Guest PC\Desktop\Defogger.exe
[2012/01/04 07:45:48 | 000,001,105 | ---- | M] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2012/01/04 07:45:48 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2012/01/04 07:30:36 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Guest PC\Desktop\thekiss.com
[2012/01/04 07:19:52 | 001,008,141 | ---- | M] () -- C:\Users\Guest PC\Desktop\WiNlOgOn.exe
[2012/01/04 07:10:38 | 000,001,560 | ---- | M] () -- C:\Users\Guest PC\Desktop\iExplore.exe.lnk
[2011/12/31 08:46:29 | 000,002,160 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVMOBiLiArtworkManager.lnk
[2011/12/31 08:46:29 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\TVMOBiLi.lnk
[2011/12/29 08:32:13 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI
[2011/12/29 08:08:03 | 000,001,023 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MediaMonkey.lnk
[2011/12/29 01:27:31 | 000,064,000 | ---- | M] () -- C:\Users\Guest PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 20:38:44 | 003,790,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/28 07:55:08 | 000,000,120 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2011/12/28 07:28:11 | 000,007,608 | ---- | M] () -- C:\Users\Guest PC\AppData\Local\Resmon.ResmonCfg
[2011/12/28 06:23:36 | 000,001,095 | ---- | M] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/26 23:49:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/25 12:34:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\HP_192.168.0.137_CN08SC23C705H5
[2011/12/22 19:30:01 | 000,000,965 | ---- | M] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/12/22 08:06:26 | 000,002,002 | ---- | M] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/19 21:10:57 | 000,011,634 | -HS- | M] () -- C:\Users\Guest PC\AppData\Local\gvwxmx4a6mpq6fpy7ogq7g473s8k
[2011/12/19 21:10:57 | 000,011,634 | -HS- | M] () -- C:\ProgramData\gvwxmx4a6mpq6fpy7ogq7g473s8k
[2011/12/17 09:56:16 | 000,002,624 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/16 07:12:22 | 000,000,132 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/16 07:09:08 | 000,001,456 | ---- | M] () -- C:\Users\Guest PC\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/04 15:57:21 | 000,294,216 | ---- | C] () -- C:\Users\Guest PC\Desktop\gmer.zip
[2012/01/04 15:38:45 | 000,000,000 | ---- | C] () -- C:\Users\Guest PC\defogger_reenable
[2012/01/04 15:37:48 | 000,050,477 | ---- | C] () -- C:\Users\Guest PC\Desktop\Defogger.exe
[2012/01/04 07:45:48 | 000,001,105 | ---- | C] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2012/01/04 07:45:48 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2012/01/04 07:19:45 | 001,008,141 | ---- | C] () -- C:\Users\Guest PC\Desktop\WiNlOgOn.exe
[2012/01/04 07:03:14 | 000,001,560 | ---- | C] () -- C:\Users\Guest PC\Desktop\iExplore.exe.lnk
[2011/12/31 08:46:29 | 000,002,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVMOBiLiArtworkManager.lnk
[2011/12/31 08:46:29 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\TVMOBiLi.lnk
[2011/12/29 08:08:03 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MediaMonkey.lnk
[2011/12/29 01:44:42 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2011/12/28 07:28:11 | 000,007,608 | ---- | C] () -- C:\Users\Guest PC\AppData\Local\Resmon.ResmonCfg
[2011/12/28 06:23:36 | 000,001,095 | ---- | C] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/26 23:49:33 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/26 23:49:02 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/25 12:34:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\HP_192.168.0.137_CN08SC23C705H5
[2011/12/22 19:30:01 | 000,000,965 | ---- | C] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/12/19 20:10:32 | 000,011,634 | -HS- | C] () -- C:\Users\Guest PC\AppData\Local\gvwxmx4a6mpq6fpy7ogq7g473s8k
[2011/12/19 20:10:32 | 000,011,634 | -HS- | C] () -- C:\ProgramData\gvwxmx4a6mpq6fpy7ogq7g473s8k
[2011/12/19 19:44:28 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2011/10/20 10:19:00 | 000,000,132 | ---- | C] () -- C:\Users\Guest PC\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/10/20 09:25:37 | 000,001,456 | ---- | C] () -- C:\Users\Guest PC\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/19 11:03:21 | 000,000,058 | ---- | C] () -- C:\Windows\DPHPedit.INI
[2011/10/15 17:29:04 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/10/15 17:07:28 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/09/11 05:51:44 | 000,000,600 | ---- | C] () -- C:\Users\Guest PC\AppData\Local\PUTTY.RND
[2011/09/10 10:49:50 | 000,000,600 | ---- | C] () -- C:\Users\Guest PC\AppData\Roaming\winscp.rnd
[2011/07/10 08:36:55 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI
[2011/07/09 11:06:50 | 000,205,815 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/07/04 15:35:18 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/06/30 05:44:57 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2011/06/06 23:17:20 | 000,200,416 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/24 06:02:26 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/04/20 09:35:26 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/04/20 09:31:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/11 18:09:18 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/29 14:58:55 | 000,000,110 | ---- | C] () -- C:\Windows\edcast_aacp.ini
[2011/03/19 10:06:02 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/19 10:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/28 07:49:34 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/02/28 07:49:34 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/02/08 21:16:22 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/12/26 06:02:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/26 06:02:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/26 06:02:40 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/26 06:02:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/26 06:02:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/11 12:05:30 | 000,064,000 | ---- | C] () -- C:\Users\Guest PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/25 09:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/06/16 16:22:01 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/23 08:45:52 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB1090.ini
[2010/05/23 08:45:52 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB0910.ini
[2010/05/23 08:45:52 | 000,001,346 | ---- | C] () -- C:\ProgramData\cfSB1100.ini
[2010/05/23 08:45:52 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfSB0300.ini
[2010/05/23 08:45:52 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfSB0471.ini
[2010/05/23 08:45:52 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfSB0490.ini
[2010/05/23 08:45:52 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfSB0560.ini
[2010/05/23 08:45:52 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0271.ini
[2010/05/23 08:45:52 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0270.ini
[2010/05/23 08:45:52 | 000,000,590 | ---- | C] () -- C:\ProgramData\cfSB0950.ini
[2010/05/23 08:02:44 | 000,177,664 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/05/23 08:02:44 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/05/23 07:48:23 | 000,033,327 | ---- | C] () -- C:\Windows\System32\kschimp.ini
[2010/05/23 07:48:23 | 000,000,029 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/05/23 07:48:21 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfgks150plus.ini
[2010/05/23 07:48:21 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfgks50.ini
[2010/05/23 07:48:20 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfgBennu.ini
[2010/05/23 07:48:20 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfgks500.ini
[2010/05/23 07:48:20 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfgks550.ini
[2010/05/23 07:48:20 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfgks150.ini
[2010/05/23 07:48:20 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfgks200.ini
[2010/05/23 07:48:19 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfgks100.ini
[2010/05/23 07:48:02 | 000,028,635 | ---- | C] () -- C:\Windows\System32\ksaud.ini
[2010/01/29 13:21:20 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/12/02 18:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 003,790,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,631,692 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,109,636 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2001/08/06 19:16:34 | 000,045,056 | ---- | C] () -- C:\Windows\OTS_UI.EXE

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ADIHDAUD.SYS >
[2006/08/16 11:04:18 | 000,355,328 | ---- | M] (Analog Devices, Inc.) MD5=7EE1D799B9528C23CF9AACCF8F56145F -- C:\Drivers\WIN\AUDIO\amd64\Vista\ADIHdAud.sys
[2006/09/19 11:00:00 | 000,298,496 | ---- | M] (Analog Devices, Inc.) MD5=B28831EB859C6460FDEEA602E098D93D -- C:\Drivers\WIN\AUDIO\i386\Vista\ADIHdAud.sys
[2006/09/19 11:00:00 | 000,298,496 | ---- | M] (Analog Devices, Inc.) MD5=B28831EB859C6460FDEEA602E098D93D -- C:\Windows\System32\drivers\ADIHdAud.sys
[2006/09/19 11:00:00 | 000,298,496 | ---- | M] (Analog Devices, Inc.) MD5=B28831EB859C6460FDEEA602E098D93D -- C:\Windows\System32\DriverStore\FileRepository\adihdaud.inf_x86_neutral_5e305ece6d3b6f79\ADIHdAud.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Guest PC\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Guest PC\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Guest PC\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Guest PC\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Guest PC\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Guest PC\AppData\Local\Temp\RarSFX2\h\explorer.exe

< MD5 for: MREMP50.SYS >
[2010/03/17 12:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) MD5=9BD4DCB5412921864A7AACDEDFBD1923 -- C:\Program Files\Common Files\Motive\MREMP50.sys

< MD5 for: MRESP50.SYS >
[2010/03/17 12:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) MD5=07C02C892E8E1A72D6BF35004F0E9C5E -- C:\Program Files\Common Files\Motive\MRESP50.sys

< MD5 for: VOLSNAP.SYS >
[2010/11/20 04:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/20 04:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010/11/20 04:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/04 07:19:52 | 001,008,141 | ---- | M] () MD5=28C253A0212B221E96F6A17499B91651 -- C:\Users\Guest PC\Desktop\WiNlOgOn.exe
[2009/10/27 22:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 04:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 04:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Guest PC\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Guest PC\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Guest PC\AppData\Local\Temp\RarSFX2\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WSAUDIODEVICE_383.SYS >
[2008/11/19 09:41:08 | 000,016,640 | ---- | M] (Wondershare) MD5=85ECE26F326C2D07BA77A60343468272 -- C:\Windows\System32\drivers\WsAudioDevice_383.sys
[2008/11/19 09:41:08 | 000,016,640 | ---- | M] (Wondershare) MD5=85ECE26F326C2D07BA77A60343468272 -- C:\Windows\System32\DriverStore\FileRepository\virtualaudio.inf_x86_neutral_181b147ce304744c\WsAudioDevice_383.sys

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/22 08:05:41 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/22 08:05:41 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/22 08:05:41 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/22 08:05:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< %WinDir%\$NtUninstallKB*$. /90 >

< c:\windows\$NtUninstallKB*$\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

ComboFix 12-01-05.01 - Guest PC 01/05/2012 8:06.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.1010 [GMT -8:00]
Running from: c:\users\Guest PC\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Guest PC\GoToAssistDownloadHelper.exe
c:\windows\$NtUninstallKB55329$
c:\windows\$NtUninstallKB55329$\2021878779
c:\windows\$NtUninstallKB55329$\3889709049\@
c:\windows\$NtUninstallKB55329$\3889709049\bckfg.tmp
c:\windows\$NtUninstallKB55329$\3889709049\cfg.ini
c:\windows\$NtUninstallKB55329$\3889709049\Desktop.ini
c:\windows\$NtUninstallKB55329$\3889709049\keywords
c:\windows\$NtUninstallKB55329$\3889709049\kwrd.dll
c:\windows\$NtUninstallKB55329$\3889709049\L\xadqgnnk
c:\windows\$NtUninstallKB55329$\3889709049\lsflt7.ver
c:\windows\$NtUninstallKB55329$\3889709049\U\00000001.@
c:\windows\$NtUninstallKB55329$\3889709049\U\00000002.@
c:\windows\$NtUninstallKB55329$\3889709049\U\00000004.@
c:\windows\$NtUninstallKB55329$\3889709049\U\80000000.@
c:\windows\$NtUninstallKB55329$\3889709049\U\80000004.@
c:\windows\$NtUninstallKB55329$\3889709049\U\80000032.@
c:\windows\system32\tmp8084.tmp
c:\windows\system32\tmp80C4.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 16:20 . 2012-01-05 16:24 -------- d-----w- c:\users\Guest PC\AppData\Local\temp
2012-01-05 16:20 . 2012-01-05 16:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-05 16:20 . 2012-01-05 16:20 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-05 16:20 . 2012-01-05 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-05 16:20 . 2012-01-05 16:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-05 16:20 . 2012-01-05 16:20 -------- d-----w- c:\users\Administrator.Guest-PC\AppData\Local\temp
2012-01-05 16:04 . 2012-01-05 16:22 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E28F2C4E-BFC3-4432-A7EC-8BCBD88CFF4D}\offreg.dll
2012-01-05 16:02 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-01-05 13:18 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E28F2C4E-BFC3-4432-A7EC-8BCBD88CFF4D}\mpengine.dll
2012-01-05 01:53 . 2012-01-05 02:09 -------- d-----w- c:\users\Guest PC\AppData\Local\Plex Media Server
2012-01-05 01:51 . 2012-01-05 01:51 -------- d-----w- c:\program files\Plex
2012-01-04 15:44 . 2012-01-04 15:44 -------- d-----w- c:\program files\Runtime Software
2012-01-04 15:08 . 2012-01-04 15:08 -------- d-----w- c:\users\Administrator.Guest-PC\AppData\Local\MediaMonkey
2012-01-04 15:08 . 2012-01-04 15:09 -------- d-----w- c:\users\Administrator.Guest-PC\AppData\Roaming\MediaMonkey
2011-12-31 16:46 . 2012-01-05 16:22 -------- d-----w- c:\programdata\TVMOBiLi
2011-12-31 16:46 . 2011-12-31 16:46 -------- d-----w- c:\program files\TVMOBiLi
2011-12-29 16:36 . 2011-12-29 16:36 -------- d-----w- c:\users\Guest PC\AppData\Local\Conceiva
2011-12-29 16:08 . 2012-01-05 16:03 -------- d-----w- c:\users\Guest PC\AppData\Roaming\MediaMonkey
2011-12-29 16:07 . 2011-12-29 16:07 -------- d-----w- c:\programdata\MediaMonkey
2011-12-29 09:34 . 2006-07-12 04:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-29 09:15 . 2011-12-29 09:23 -------- d-----w- c:\program files\Samsung
2011-12-28 15:55 . 2011-09-17 03:51 4200024 ----a-w- c:\windows\system32\cdintf400.dll
2011-12-28 15:54 . 2011-12-28 16:08 -------- d-----w- c:\program files\Quicken
2011-12-28 15:01 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-27 07:51 . 2011-12-27 07:50 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8391384D-0845-4116-8D7C-5DFD42481066}\gapaengine.dll
2011-12-27 07:48 . 2011-12-27 07:49 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-27 07:40 . 2011-12-27 07:41 -------- d-----w- c:\users\Administrator.Guest-PC\AppData\Roaming\Winamp
2011-12-27 05:43 . 2012-01-04 23:41 -------- d-----w- c:\program files\PeerBlock
2011-12-23 03:30 . 2011-12-23 03:30 -------- d-----w- c:\program files\Winamp Detect
2011-12-23 03:29 . 2011-12-23 03:35 -------- d-----w- c:\users\Guest PC\AppData\Roaming\Winamp
2011-12-23 03:29 . 2011-12-23 03:30 -------- d-----w- c:\program files\Winamp
2011-12-21 16:44 . 2011-12-22 16:05 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-21 16:44 . 2011-12-21 16:44 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-21 16:44 . 2011-12-21 16:44 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-21 16:44 . 2011-12-21 16:44 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-18 17:52 . 2011-12-18 17:52 -------- d-----w- c:\program files\Yontoo Layers Runtime (Drop Down Deals)
2011-12-18 16:57 . 2011-12-18 16:57 -------- d-----w- c:\users\Guest PC\AppData\Roaming\Foxit Software
2011-12-18 16:53 . 2011-12-18 17:01 -------- d-----w- c:\program files\foxit software
2011-12-17 17:02 . 2011-12-17 17:03 -------- d-----w- c:\users\Guest PC\AppData\Roaming\Nitro PDF
2011-12-17 16:57 . 2011-11-02 16:21 26400 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-12-17 16:57 . 2011-11-02 16:21 17696 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-12-17 16:56 . 2011-12-17 16:56 -------- d-----w- c:\programdata\Nitro PDF
2011-12-17 16:51 . 2011-12-17 16:51 -------- d-----w- c:\users\Guest PC\AppData\Roaming\Downloaded Installations
2011-12-17 00:13 . 2011-11-30 10:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AC5296A-E7EC-4EE2-8B43-35A723E7A650}\mpengine.dll
2011-12-15 00:33 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 00:33 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 00:33 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 00:33 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 00:33 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 00:33 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-11 18:47 . 2011-12-12 05:30 -------- d-----w- c:\users\Guest PC\AppData\Roaming\PFStaticIP
2011-12-11 16:09 . 2011-12-11 16:13 -------- d-----w- c:\users\Guest PC\AppData\Roaming\AVG
2011-12-11 15:54 . 2011-12-11 15:54 -------- d--h--w- c:\programdata\Common Files
2011-12-11 15:30 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-11 14:59 . 2011-12-27 07:39 -------- d-----w- c:\programdata\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-29 09:28 . 2010-11-20 21:12 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-17 13:34 . 2011-06-24 13:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-17 04:19 . 2011-11-17 04:19 1409 ----a-w- c:\windows\system32\tmpF1701.FOT
2011-11-15 22:29 . 2010-04-19 00:27 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-02 16:24 . 2011-11-02 16:24 68896 ----a-w- c:\windows\system32\NLSSRV32.EXE
2011-12-22 16:05 . 2011-03-23 15:54 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-08-11 22:17 196384 ----a-w- c:\program files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Guest PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Guest PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Guest PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Guest PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Plex Media Server"="c:\program files\Plex\Plex Media Server\Plex Media Server.exe" [2011-07-27 2495056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Guest PC\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MediaMonkey.lnk - c:\program files\MediaMonkey\MediaMonkey.exe [2011-12-29 11106880]
Now Playing Tool for OtsAV.lnk - c:\program files\Now Playing Tool for OtsAV\Now Playing Tool for OtsAV.exe [2010-9-18 65536]
TVMOBiLiArtworkManager.lnk - c:\program files\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe [2011-11-16 66048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Guest PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-26 02:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative SB Monitoring Utility]
2009-06-22 20:12 98816 ----a-w- c:\windows\System32\SBAVMon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-24 02:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-19 00:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-24 02:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2010-09-09 21:38 452016 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-10 01:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Module Loader]
2007-07-23 22:43 57344 ------w- c:\program files\Creative\Shared Files\Module Loader\DLLML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-24 02:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2009-07-07 20:13 241789 ------w- c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe
.
R1 MpKsl4dd6f82d;MpKsl4dd6f82d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E28F2C4E-BFC3-4432-A7EC-8BCBD88CFF4D}\MpKsl4dd6f82d.sys [x]
R1 MpKsla651ccff;MpKsla651ccff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13EE239A-57D6-450D-B28F-0357CEA840CC}\MpKsla651ccff.sys [x]
R1 MpKsld0b5549d;MpKsld0b5549d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C5B3F52-76C4-41C2-9F7E-015FB328252A}\MpKsld0b5549d.sys [x]
R1 MpKslda6cd211;MpKslda6cd211;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B33AB11-3608-4389-B5BA-13D928068001}\MpKslda6cd211.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-23 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-23 79360]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-12-15 899712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-05-31 6638080]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-09-22 15488]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-11-30 25088]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-10-29 286736]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-11-02 68896]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 tvMobiliService;tvMobiliService;c:\program files\TVMOBiLi\bin\tvMobiliService.exe [2011-11-16 1009152]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = localhost:8118
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
FF - ProfilePath - c:\users\Guest PC\AppData\Roaming\Mozilla\Firefox\Profiles\bwzt28yc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z011&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - user.js: extentions.y2layers.installId - 3eb7171e-a62b-49fb-911c-7e7396c992dc
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,BuzzdockTease,DropDownDeals,
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ALLUpdate - c:\program files\OpenSubtitlesPlayer\ALLUpdate.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-CoolStartUp - c:\program files\OSTEC\CoolGram\CoolGramS.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Google Update - c:\users\Guest PC\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-MusicManager - c:\users\Guest PC\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-{0228e555-4f9c-4e35-a3ec-b109a192b4c2} - c:\program files\Google\Gmail Notifier\gnotify.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Guest PC\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3272)
c:\users\Guest PC\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\MediaMonkey\MMHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CISVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\program files\Plex\Plex Media Server\PlexScriptHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-01-05 08:31:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-05 16:31
ComboFix2.txt 2010-12-26 14:30
.
Pre-Run: 18,762,739,712 bytes free
Post-Run: 19,432,931,328 bytes free
.
- - End Of File - - 9D30EB25B673CD27EC103151CC5EF726

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:23 AM

Posted 06 January 2012 - 03:02 AM

Hi elpage!

Lets see what these scans find, and see where we stand then.

Please be sure to provide me with an update on how things are running in your next reply.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 elpage

elpage
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 07 January 2012 - 01:53 AM

Hi, ST!

Here's what I have observed so far. My networking is up, but it takes a little time to recognize my other computers on the network. Not sure whether this has to do with what is going on, though. I still do have issues with not being able to connect to random sites but it is not as prevalent as before. Don't see any pattern though. Below are the latest results of my scans. Thanks so much for all of your help and time. Really appreciate it. el page.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.06.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Guest PC :: GUEST-PC [administrator]

1/6/2012 7:17:48 AM
mbam-log-2012-01-06 (07-17-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215854
Time elapsed: 11 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Guest PC\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Users\Guest PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\e8ce3df-480f25a0 a variant of Java/Agent.DZ trojan
C:\Users\Guest PC\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111211081349948.rsc a variant of Win32/InstallCore.D application
F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD\cxa1981a.zip a variant of Win32/Keygen.AK application
F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD\cxa1981a\cxa1981a.rar a variant of Win32/Keygen.AK application
F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD\cxa1981a\cxa1981a\keygen\kg.exe

Results of screen317's Security Check version 0.99.30
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbam.exe
Microsoft Security Essentials msseces.exe
ESET ESET Online Scanner OnlineScannerApp.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
Microsoft Security Client Antimalware MpCmdRun.exe
``````````End of Log````````````

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:23 AM

Posted 07 January 2012 - 03:43 AM

Hi elpage!

Here's what I have observed so far. My networking is up, but it takes a little time to recognize my other computers on the network. Not sure whether this has to do with what is going on, though. I still do have issues with not being able to connect to random sites but it is not as prevalent as before. Don't see any pattern though. Below are the latest results of my scans. Thanks so much for all of your help and time. Really appreciate it. el page.

Would you mind naming a few of the sites you're not able to connect to?

We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Double click on Programs and Features
  • Find and click the Uninstall button to uninstall the following (if present):
  • Yontoo Layers Runtime
  • Drop Down Deals


NEXT:



These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application


These threat(s) below will be removed very shortly:

C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\Users\Guest PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\e8ce3df-480f25a0 a variant of Java/Agent.DZ trojan
F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD\cxa1981a.zip a variant of Win32/Keygen.AK application
F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD\cxa1981a\cxa1981a.rar a variant of Win32/Keygen.AK application
F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD\cxa1981a\cxa1981a\keygen\kg.exe


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586-s.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\
    C:\Users\Guest PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\e8ce3df-480f25a0
    F:\Downloads\Stereo.Tool.v4.22\
    F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD\cxa1981a\
    F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD\
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Edited by SweetTech, 07 January 2012 - 03:50 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 elpage

elpage
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 07 January 2012 - 09:28 AM

Happy Weekend, ST

The sites that were being blocked but are not now include billpay.ally.com, americanexpress.com, huffingtonpost.com, and there were only a couple of others but they were not bank sites and I noticed the others were not https either. Those I can't remember I recall thinking it strange I couldn't access them.

PCs on my LAN are now accessible with zero delay. It has been a looooong time since I haven't had to wait to access my wife, kids & my other PCs without much delay or failure.

Again thank you sooooooooooooo much!

Below are the requested logs. el page

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Yontoo Layers Runtime (Drop Down Deals) folder moved successfully.
C:\Users\Guest PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\e8ce3df-480f25a0 moved successfully.
F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD\cxa1981a\cxa1981a\setup folder moved successfully.
F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD\cxa1981a\cxa1981a\keygen folder moved successfully.
F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD\cxa1981a\cxa1981a folder moved successfully.
F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD\cxa1981a folder moved successfully.
F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD folder moved successfully.
F:\Downloads\Stereo.Tool.v4.22 folder moved successfully.
Folder F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD\cxa1981a not found.
Folder F:\Downloads\Stereo.Tool.v4.22\Stereo.Tool.v4.22.Plugin.for.Winamp.WinAll.Incl.Keygen-CRD not found.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Guest PC\Desktop\cmd.bat deleted successfully.
C:\Users\Guest PC\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Guest PC\Desktop\cmd.bat deleted successfully.
C:\Users\Guest PC\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.Guest-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->FireFox cache emptied: 51815109 bytes
->Flash cache emptied: 56922 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 51469429 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1359531 bytes
->Flash cache emptied: 2441 bytes

User: Guest PC
->Temp folder emptied: 30563377 bytes
->Temporary Internet Files folder emptied: 8088939 bytes
->Java cache emptied: 1315814 bytes
->FireFox cache emptied: 127096454 bytes
->Flash cache emptied: 20205 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41056 bytes
RecycleBin emptied: 21449608 bytes

Total Files Cleaned = 280.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.Guest-PC
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Guest PC
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01072012_055623

Files\Folders moved on Reboot...
File\Folder C:\Users\Guest PC\AppData\Local\Temp\~DF49BA51ACA45010FE.TMP not found!
File\Folder C:\Users\Guest PC\AppData\Local\Temp\~DF8A96F7EC6690835A.TMP not found!

Registry entries deleted on Reboot...


OTL logfile created on: 1/7/2012 6:06:31 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Guest PC\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.37 Gb Available Physical Memory | 18.53% Memory free
3.98 Gb Paging File | 2.28 Gb Available in Paging File | 57.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 12.51 Gb Free Space | 11.19% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 272.37 Gb Free Space | 58.48% Space Free | Partition Type: NTFS

Computer Name: GUEST-PC | User Name: Guest PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 11:24:02 | 021,259,768 | ---- | M] () -- C:\Program Files\foxit software\Foxit Reader\Foxit Reader.exe
PRC - [2012/01/05 03:26:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Guest PC\Desktop\OTL.exe
PRC - [2011/12/23 21:00:50 | 011,106,880 | ---- | M] (Ventis Media Inc.) -- C:\Program Files\MediaMonkey\MediaMonkey.exe
PRC - [2011/12/22 08:05:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/14 03:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/12/14 03:59:19 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2011/12/14 03:41:55 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2011/11/16 13:21:02 | 001,009,152 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
PRC - [2011/11/16 13:19:42 | 000,066,048 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
PRC - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2011/10/28 17:20:16 | 000,286,736 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/07/26 21:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2011/07/26 21:18:24 | 002,495,056 | ---- | M] (Plex, Inc.) -- C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2011/06/23 20:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/25 12:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Guest PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/12 14:32:06 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/01/12 14:13:16 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/18 22:45:32 | 000,065,536 | ---- | M] (Edwin Hermann [edwin@www.co.nz]) -- C:\Program Files\Now Playing Tool for OtsAV\Now Playing Tool for OtsAV.exe
PRC - [2010/07/27 01:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/08/28 18:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/07/13 17:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE


========== Modules (No Company Name) ==========

MOD - [2012/01/05 11:24:02 | 021,259,768 | ---- | M] () -- C:\Program Files\foxit software\Foxit Reader\Foxit Reader.exe
MOD - [2011/12/31 07:20:48 | 000,581,632 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\MediaMonkey\Plugins\f_aac_codec.dll
MOD - [2011/12/23 21:01:52 | 000,842,816 | ---- | M] () -- C:\Program Files\MediaMonkey\UPnP.dll
MOD - [2011/12/23 21:01:40 | 000,222,272 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_wma.dll
MOD - [2011/12/23 21:01:38 | 000,164,928 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_vorbis.dll
MOD - [2011/12/23 21:01:36 | 000,333,888 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_wave.dll
MOD - [2011/12/23 21:01:34 | 000,327,232 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_mpc.dll
MOD - [2011/12/23 21:01:34 | 000,246,848 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_ogg.dll
MOD - [2011/12/23 21:01:30 | 000,326,720 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_ape.dll
MOD - [2011/12/23 21:01:30 | 000,154,176 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_flac.dll
MOD - [2011/12/23 21:01:28 | 000,300,096 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_USBMass1.dll
MOD - [2011/12/23 21:01:26 | 000,399,424 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_iRiverH.dll
MOD - [2011/12/23 21:01:18 | 000,378,432 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\out_WASAPI.dll
MOD - [2011/12/23 21:01:18 | 000,347,712 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\out_MMDS.dll
MOD - [2011/12/23 21:01:18 | 000,103,488 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_wmp3.dll
MOD - [2011/12/23 21:01:16 | 000,265,280 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_MPG.dll
MOD - [2011/12/23 21:01:16 | 000,137,792 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_video.dll
MOD - [2011/12/23 21:01:16 | 000,081,472 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_wav.dll
MOD - [2011/12/23 21:01:16 | 000,055,360 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_mfaudio.dll
MOD - [2011/12/23 21:01:14 | 000,391,232 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_aac.dll
MOD - [2011/12/23 21:01:14 | 000,384,064 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_MP4.dll
MOD - [2011/12/23 21:01:14 | 000,348,736 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_mkv.dll
MOD - [2011/12/23 21:01:14 | 000,306,240 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_AVI.dll
MOD - [2011/12/23 21:01:14 | 000,260,160 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_FLV.dll
MOD - [2011/12/23 21:01:14 | 000,185,408 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_flac_codec.dll
MOD - [2011/12/23 21:01:12 | 001,116,736 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_iPhone.dll
MOD - [2011/12/23 21:01:12 | 001,031,232 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_iPod.dll
MOD - [2011/12/23 21:01:12 | 000,407,616 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\d_WMDM.dll
MOD - [2011/12/23 21:01:10 | 000,054,336 | ---- | M] () -- C:\Program Files\MediaMonkey\MMHelper.dll
MOD - [2011/12/23 21:01:08 | 000,132,160 | ---- | M] () -- C:\Program Files\MediaMonkey\WMAuth.dll
MOD - [2011/12/23 21:01:00 | 000,103,488 | ---- | M] () -- C:\Program Files\MediaMonkey\Equalize.dll
MOD - [2011/12/23 20:55:12 | 000,367,616 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\f_WMV.dll
MOD - [2011/12/23 20:55:10 | 000,671,744 | ---- | M] () -- C:\Program Files\MediaMonkey\iPhoneCalc.dll
MOD - [2011/12/23 20:54:36 | 000,581,632 | ---- | M] () -- C:\Program Files\MediaMonkey\SQLite3MM.dll
MOD - [2011/12/23 19:04:34 | 000,077,824 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\in_mpc.dll
MOD - [2011/12/23 19:04:34 | 000,013,824 | ---- | M] () -- C:\Program Files\MediaMonkey\Plugins\out_wave.dll
MOD - [2011/12/22 08:05:42 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/24 10:26:24 | 000,233,472 | ---- | M] () -- C:\Program Files\foxit software\Foxit Reader\plugins\Speech.fpi
MOD - [2011/11/16 13:19:42 | 000,066,048 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/26 21:19:38 | 000,032,848 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2011/07/26 21:19:36 | 000,044,112 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2011/07/26 21:19:36 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2011/07/26 21:19:34 | 000,195,664 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2011/07/26 21:19:34 | 000,057,424 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2011/07/26 21:19:32 | 000,841,296 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2011/07/26 21:19:30 | 000,824,912 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2011/07/26 21:19:30 | 000,049,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2011/07/26 21:19:28 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2011/07/26 21:19:26 | 000,365,648 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2011/07/26 21:19:26 | 000,131,152 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_elementtree.pyd
MOD - [2011/07/26 21:19:24 | 000,093,776 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2011/07/26 21:19:22 | 000,589,904 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2011/07/26 21:19:22 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2011/07/26 21:19:20 | 000,134,224 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2011/07/26 21:19:14 | 000,628,816 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\tag.dll
MOD - [2011/07/26 21:19:10 | 000,526,464 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\sqlite3.dll
MOD - [2011/07/26 21:19:08 | 000,086,608 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2011/07/26 21:19:06 | 000,150,096 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2011/07/26 21:19:00 | 000,173,136 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxslt.dll
MOD - [2011/07/26 21:18:58 | 001,009,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxml2.dll
MOD - [2011/07/26 21:18:56 | 000,063,056 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libexslt.dll
MOD - [2011/07/26 21:18:34 | 000,373,328 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\CORE_RL_Magick++_.dll
MOD - [2011/07/26 21:18:34 | 000,178,256 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\CORE_RL_lcms_.dll
MOD - [2011/07/26 21:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/12/14 03:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/16 13:21:02 | 001,009,152 | ---- | M] () [Auto | Running] -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe -- (tvMobiliService)
SRV - [2011/11/02 08:24:04 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/10/28 17:20:16 | 000,286,736 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/09/26 09:05:32 | 008,158,720 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/09/26 08:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/05/23 05:27:08 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/12 14:32:06 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2011/01/12 14:13:16 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/11/20 04:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 04:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 04:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/07/27 01:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/05/23 08:40:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/05/23 07:43:33 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/28 18:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2012/01/07 06:01:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD49FA98-6DEA-47FC-855A-E42E5C79FDF8}\MpKsl7bd28618.sys -- (MpKsl7bd28618)
DRV - [2012/01/06 22:44:18 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD49FA98-6DEA-47FC-855A-E42E5C79FDF8}\MpKsl8fbd32ca.sys -- (MpKsl8fbd32ca)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/30 08:07:06 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/10/07 03:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) Intel®
DRV - [2010/09/22 15:17:32 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpdispm.sys -- (RDPDISPM)
DRV - [2010/06/25 09:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010/05/31 10:58:33 | 006,638,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel®
DRV - [2010/04/14 00:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/03/17 12:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 12:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/18 09:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/12/15 09:23:00 | 000,899,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud)
DRV - [2009/12/03 15:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/09/07 08:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/07/13 16:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 15:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/06/25 06:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 06:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/11/19 09:41:08 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudioDevice_383.sys -- (WsAudioDevice_383)
DRV - [2008/07/22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8118

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DCF4DF&PC=DCF4&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=Z011&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: {F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}:1.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {210249CE-F888-11DD-B868-4CB456D89593}:3.0.2
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:1.99.20110227
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Sonne DVD Creator\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Sonne DVD Creator\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Sonne DVD Creator\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Sonne DVD Creator\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/09 11:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 08:05:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/07 05:49:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/09 11:15:01 | 000,000,000 | ---D | M]

[2010/04/18 16:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Extensions
[2012/01/06 06:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions
[2012/01/04 06:04:58 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/08/31 03:21:03 | 000,000,000 | ---D | M] (OpenDownload²) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593}
[2011/08/11 22:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/11/07 20:33:42 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2011/11/18 22:02:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/12/24 07:45:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/06 06:21:52 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\foxmarks@kei.com
[2011/03/23 07:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\nostmp
[2011/12/17 09:31:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\piclens@cooliris.com
[2011/12/18 09:52:24 | 000,000,000 | ---D | M] (Yontoo Layers (Drop Down Deals)) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\plugin@yontoo.com
[2011/12/02 06:32:02 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\video.downloader.plugin@ffpimp.com
[2010/07/16 08:05:24 | 000,001,832 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Mozilla\Firefox\Profiles\bwzt28yc.default\searchplugins\bing.xml
[2010/12/16 17:12:47 | 000,002,246 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Mozilla\Firefox\Profiles\bwzt28yc.default\searchplugins\google--nibbo.xml
[2011/06/16 22:48:03 | 000,005,117 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Mozilla\Firefox\Profiles\bwzt28yc.default\searchplugins\search.xml
[2010/11/29 20:52:26 | 000,004,140 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Mozilla\Firefox\Profiles\bwzt28yc.default\searchplugins\youtube.xml
[2011/11/25 10:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\{19D3B002-1AD1-4A69-A5B3-AA98773DBB86}.XPI
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\GUEST PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWZT28YC.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2011/12/22 08:05:43 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/26 10:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/03 20:58:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/23 09:05:34 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/07 05:56:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers (Drop Down Deals)) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - Startup: C:\Users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Guest PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6532C855-9422-451A-99F9-2DA517254BD8}: DhcpNameServer = 192.168.1.1 68.238.64.12 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBF87322-DFA9-4567-BA65-F1C56DD284C8}: DhcpNameServer = 192.168.1.1 68.238.64.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2012/01/07 05:56:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/07 05:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/06 07:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/05 16:50:31 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\Documents\Personal Video Database
[2012/01/05 16:50:21 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Personal Video Database
[2012/01/05 16:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Video Database
[2012/01/05 16:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Personal Video Database
[2012/01/05 15:45:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
[2012/01/05 15:45:30 | 000,000,000 | ---D | C] -- C:\inetpub
[2012/01/05 08:23:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/05 08:20:30 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Local\temp
[2012/01/05 07:31:43 | 008,821,856 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Guest PC\Desktop\AppRemover.exe
[2012/01/05 07:25:31 | 004,370,492 | R--- | C] (Swearware) -- C:\Users\Guest PC\Desktop\ComboFix.exe
[2012/01/05 04:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer
[2012/01/05 04:44:52 | 025,476,564 | ---- | C] (Hervé Leclerc (HeL) ) -- C:\Users\Guest PC\Desktop\WampServer2.2a-x32.exe
[2012/01/05 03:26:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Guest PC\Desktop\OTL.exe
[2012/01/05 03:18:32 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Guest PC\Desktop\tdsskiller.exe
[2012/01/04 17:53:08 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Local\Plex Media Server
[2012/01/04 17:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2012/01/04 17:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\Plex
[2012/01/04 15:57:58 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\Desktop\gmer
[2012/01/04 15:39:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Guest PC\Desktop\dds.com
[2012/01/04 07:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2012/01/04 07:30:23 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Guest PC\Desktop\thekiss.com
[2011/12/31 08:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TVMOBiLi
[2011/12/31 08:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\TVMOBiLi
[2011/12/29 09:06:53 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RadioDJ
[2011/12/29 09:01:51 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ots Labs
[2011/12/29 08:36:34 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Local\Conceiva
[2011/12/29 08:08:03 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\MediaMonkey
[2011/12/29 08:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2011/12/29 01:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011/12/28 07:55:35 | 004,200,024 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf400.dll
[2011/12/28 07:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2011/12/26 23:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/26 21:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2011/12/22 19:30:01 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2011/12/22 19:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2011/12/22 19:29:25 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Winamp
[2011/12/22 19:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/12/18 09:54:20 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\Documents\Downloads
[2011/12/18 08:57:19 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Foxit Software
[2011/12/18 08:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\foxit software
[2011/12/17 09:02:22 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Nitro PDF
[2011/12/17 08:57:19 | 000,026,400 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2011/12/17 08:57:19 | 000,017,696 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2011/12/17 08:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2011/12/17 08:51:26 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\Downloaded Installations
[2011/12/11 10:47:00 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\PFStaticIP
[2011/12/11 08:09:41 | 000,000,000 | ---D | C] -- C:\Users\Guest PC\AppData\Roaming\AVG
[2011/12/11 08:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/11 07:54:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/12/11 07:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/11 07:30:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/11 06:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

========== Files - Modified Within 30 Days ==========

[2012/01/07 06:09:52 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 06:09:52 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 06:07:52 | 000,659,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/07 06:07:52 | 000,117,000 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/07 06:00:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/07 06:00:43 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/07 05:56:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/06 22:47:49 | 000,879,683 | ---- | M] () -- C:\Users\Guest PC\Desktop\SecurityCheck.exe
[2012/01/05 16:50:13 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Personal Video Database.lnk
[2012/01/05 07:31:45 | 008,821,856 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Guest PC\Desktop\AppRemover.exe
[2012/01/05 07:25:33 | 004,370,492 | R--- | M] (Swearware) -- C:\Users\Guest PC\Desktop\ComboFix.exe
[2012/01/05 04:46:00 | 025,476,564 | ---- | M] (Hervé Leclerc (HeL) ) -- C:\Users\Guest PC\Desktop\WampServer2.2a-x32.exe
[2012/01/05 03:26:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Guest PC\Desktop\OTL.exe
[2012/01/05 03:18:44 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Guest PC\Desktop\tdsskiller.exe
[2012/01/04 15:57:23 | 000,294,216 | ---- | M] () -- C:\Users\Guest PC\Desktop\gmer.zip
[2012/01/04 15:39:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Guest PC\Desktop\dds.com
[2012/01/04 15:38:45 | 000,000,000 | ---- | M] () -- C:\Users\Guest PC\defogger_reenable
[2012/01/04 15:38:03 | 000,050,477 | ---- | M] () -- C:\Users\Guest PC\Desktop\Defogger.exe
[2012/01/04 07:45:48 | 000,001,105 | ---- | M] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2012/01/04 07:45:48 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2012/01/04 07:30:36 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Guest PC\Desktop\thekiss.com
[2012/01/04 07:10:38 | 000,001,560 | ---- | M] () -- C:\Users\Guest PC\Desktop\iExplore.exe.lnk
[2011/12/31 08:46:29 | 000,002,160 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVMOBiLiArtworkManager.lnk
[2011/12/31 08:46:29 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\TVMOBiLi.lnk
[2011/12/29 08:32:13 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI
[2011/12/29 08:08:03 | 000,001,023 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MediaMonkey.lnk
[2011/12/29 01:27:31 | 000,064,000 | ---- | M] () -- C:\Users\Guest PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 20:38:44 | 003,790,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/28 07:55:08 | 000,000,120 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2011/12/28 07:28:11 | 000,007,608 | ---- | M] () -- C:\Users\Guest PC\AppData\Local\Resmon.ResmonCfg
[2011/12/28 06:23:36 | 000,001,095 | ---- | M] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/26 23:49:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/25 12:34:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\HP_192.168.0.137_CN08SC23C705H5
[2011/12/22 19:30:01 | 000,000,965 | ---- | M] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/12/22 08:06:26 | 000,002,002 | ---- | M] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/19 21:10:57 | 000,011,634 | -HS- | M] () -- C:\Users\Guest PC\AppData\Local\gvwxmx4a6mpq6fpy7ogq7g473s8k
[2011/12/19 21:10:57 | 000,011,634 | -HS- | M] () -- C:\ProgramData\gvwxmx4a6mpq6fpy7ogq7g473s8k
[2011/12/17 09:56:16 | 000,002,624 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/16 07:12:22 | 000,000,132 | ---- | M] () -- C:\Users\Guest PC\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/16 07:09:08 | 000,001,456 | ---- | M] () -- C:\Users\Guest PC\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/01/06 22:47:16 | 000,879,683 | ---- | C] () -- C:\Users\Guest PC\Desktop\SecurityCheck.exe
[2012/01/05 16:50:13 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Personal Video Database.lnk
[2012/01/04 15:57:21 | 000,294,216 | ---- | C] () -- C:\Users\Guest PC\Desktop\gmer.zip
[2012/01/04 15:38:45 | 000,000,000 | ---- | C] () -- C:\Users\Guest PC\defogger_reenable
[2012/01/04 15:37:48 | 000,050,477 | ---- | C] () -- C:\Users\Guest PC\Desktop\Defogger.exe
[2012/01/04 07:45:48 | 000,001,105 | ---- | C] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2012/01/04 07:45:48 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\DriveImage XML.lnk
[2012/01/04 07:03:14 | 000,001,560 | ---- | C] () -- C:\Users\Guest PC\Desktop\iExplore.exe.lnk
[2011/12/31 08:46:29 | 000,002,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVMOBiLiArtworkManager.lnk
[2011/12/31 08:46:29 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\TVMOBiLi.lnk
[2011/12/29 08:08:03 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MediaMonkey.lnk
[2011/12/29 01:44:42 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2011/12/28 07:28:11 | 000,007,608 | ---- | C] () -- C:\Users\Guest PC\AppData\Local\Resmon.ResmonCfg
[2011/12/28 06:23:36 | 000,001,095 | ---- | C] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/26 23:49:33 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/26 23:49:02 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/25 12:34:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\HP_192.168.0.137_CN08SC23C705H5
[2011/12/22 19:30:01 | 000,000,965 | ---- | C] () -- C:\Users\Guest PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/12/19 20:10:32 | 000,011,634 | -HS- | C] () -- C:\Users\Guest PC\AppData\Local\gvwxmx4a6mpq6fpy7ogq7g473s8k
[2011/12/19 20:10:32 | 000,011,634 | -HS- | C] () -- C:\ProgramData\gvwxmx4a6mpq6fpy7ogq7g473s8k
[2011/12/19 19:44:28 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2011/10/20 10:19:00 | 000,000,132 | ---- | C] () -- C:\Users\Guest PC\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/10/20 09:25:37 | 000,001,456 | ---- | C] () -- C:\Users\Guest PC\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/19 11:03:21 | 000,000,058 | ---- | C] () -- C:\Windows\DPHPedit.INI
[2011/10/15 17:29:04 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/10/15 17:07:28 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/09/11 05:51:44 | 000,000,600 | ---- | C] () -- C:\Users\Guest PC\AppData\Local\PUTTY.RND
[2011/09/10 10:49:50 | 000,000,600 | ---- | C] () -- C:\Users\Guest PC\AppData\Roaming\winscp.rnd
[2011/07/10 08:36:55 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI
[2011/07/09 11:06:50 | 000,205,815 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/07/04 15:35:18 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/06/30 05:44:57 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2011/06/06 23:17:20 | 000,200,416 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/24 06:02:26 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/04/20 09:35:26 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/04/20 09:31:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/11 18:09:18 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/29 14:58:55 | 000,000,110 | ---- | C] () -- C:\Windows\edcast_aacp.ini
[2011/03/19 10:06:02 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/19 10:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/28 07:49:34 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/02/28 07:49:34 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/02/08 21:16:22 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/12/26 06:02:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/26 06:02:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/26 06:02:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/26 06:02:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/26 06:02:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/11 12:05:30 | 000,064,000 | ---- | C] () -- C:\Users\Guest PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/25 09:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/06/16 16:22:01 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/23 08:45:52 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB1090.ini
[2010/05/23 08:45:52 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB0910.ini
[2010/05/23 08:45:52 | 000,001,346 | ---- | C] () -- C:\ProgramData\cfSB1100.ini
[2010/05/23 08:45:52 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfSB0300.ini
[2010/05/23 08:45:52 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfSB0471.ini
[2010/05/23 08:45:52 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfSB0490.ini
[2010/05/23 08:45:52 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfSB0560.ini
[2010/05/23 08:45:52 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0271.ini
[2010/05/23 08:45:52 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0270.ini
[2010/05/23 08:45:52 | 000,000,590 | ---- | C] () -- C:\ProgramData\cfSB0950.ini
[2010/05/23 08:02:44 | 000,177,664 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/05/23 08:02:44 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/05/23 07:48:23 | 000,033,327 | ---- | C] () -- C:\Windows\System32\kschimp.ini
[2010/05/23 07:48:23 | 000,000,029 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010/05/23 07:48:21 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfgks150plus.ini
[2010/05/23 07:48:21 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfgks50.ini
[2010/05/23 07:48:20 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfgBennu.ini
[2010/05/23 07:48:20 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfgks500.ini
[2010/05/23 07:48:20 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfgks550.ini
[2010/05/23 07:48:20 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfgks150.ini
[2010/05/23 07:48:20 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfgks200.ini
[2010/05/23 07:48:19 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfgks100.ini
[2010/05/23 07:48:02 | 000,028,635 | ---- | C] () -- C:\Windows\System32\ksaud.ini
[2010/01/29 13:21:20 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/12/02 18:39:02 | 020,317,504 | ---- | C] () -- C:\Windows\System32\TrueSuiteCoInst02020000.dll
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 003,790,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,659,752 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,117,000 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2001/08/06 19:16:34 | 000,045,056 | ---- | C] () -- C:\Windows\OTS_UI.EXE

========== LOP Check ==========

[2010/12/20 20:04:54 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\Abyssmedia
[2011/01/12 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\AnvSoft
[2011/04/29 08:17:20 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\Artisteer
[2011/12/11 08:13:30 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\AVG
[2011/08/17 15:55:07 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\avidemux
[2011/07/18 19:51:19 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\Azureus
[2011/09/11 10:56:03 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\calibre
[2011/11/08 20:26:16 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\Canon
[2011/10/20 10:00:34 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/15 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/10 19:20:37 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/05/22 09:54:57 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\com.Shutterfly.ExpressUploader
[2011/09/08 11:30:55 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\COWON
[2011/06/30 05:44:57 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\DonationCoder
[2011/12/17 08:51:26 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\Downloaded Installations
[2012/01/07 06:02:38 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\Dropbox
[2011/12/14 16:45:40 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\FileZilla
[2011/12/18 08:57:19 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\Foxit Software
[2011/01/13 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\GetRightToGo
[2011/06/02 07:21:04 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\gtk-2.0
[2011/08/15 06:29:07 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\HandBrake
[2011/06/02 06:24:42 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\iPodder
[2012/01/06 07:35:45 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\MediaMonkey
[2011/10/15 17:17:02 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\MySQL
[2011/12/17 09:03:30 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\Nitro PDF
[2011/10/30 10:09:29 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\Notepad++
[2010/05/22 09:14:25 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\NVD
[2010/11/16 09:02:18 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\OpenOffice.org
[2012/01/05 16:53:43 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\Personal Video Database
[2011/12/11 21:30:10 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\PFStaticIP
[2011/05/23 12:53:16 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\PhotoScape
[2011/05/23 05:09:25 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\SoftGrid Client
[2011/09/14 16:59:52 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\Spotify
[2011/11/20 08:37:37 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/04/29 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\Stardock
[2011/06/08 06:13:10 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\SystemRequirementsLab
[2011/02/17 07:23:08 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\TeamViewer
[2010/05/22 09:14:38 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\TP
[2011/02/08 06:49:47 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\TrulyMail
[2012/01/05 09:42:30 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\uTorrent
[2010/07/11 11:41:39 | 000,000,000 | ---D | M] -- C:\Users\Guest PC\AppData\Roaming\Win7codecs
[2011/12/26 19:17:16 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/22 08:05:41 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/22 08:05:41 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/22 08:05:41 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/22 08:05:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe"

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-03 03:54:33

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Edited by elpage, 07 January 2012 - 09:33 AM.


#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:23 AM

Posted 08 January 2012 - 05:28 AM

Hi el page!

Happy Weekend!!

Did you set this proxy in Internet explorer?

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8118


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    [2011/12/18 09:52:24 | 000,000,000 | ---D | M] (Yontoo Layers (Drop Down Deals)) -- C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\plugin@yontoo.com
    O2 - BHO: (Yontoo Layers (Drop Down Deals)) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll File not found
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    [2011/12/19 21:10:57 | 000,011,634 | -HS- | M] () -- C:\Users\Guest PC\AppData\Local\gvwxmx4a6mpq6fpy7ogq7g473s8k
    [2011/12/19 21:10:57 | 000,011,634 | -HS- | M] () -- C:\ProgramData\gvwxmx4a6mpq6fpy7ogq7g473s8k
    [2011/12/19 20:10:32 | 000,011,634 | -HS- | C] () -- C:\Users\Guest PC\AppData\Local\gvwxmx4a6mpq6fpy7ogq7g473s8k
    [2011/12/19 20:10:32 | 000,011,634 | -HS- | C] () -- C:\ProgramData\gvwxmx4a6mpq6fpy7ogq7g473s8k
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 elpage

elpage
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 08 January 2012 - 11:18 AM

Good (place applicable time period), Agent ST

What an adventure! I did not knowlingly set the "ProxyServer" = localhost:8118. I do have a number of various programs on my machine that may be using that. Plex Media Server, MediaMonkey Media Server, Teamviewer, PeerBlock, and more... How can I tell if this is a part of this Win & Security 2012 mess?

Attempting to access prweb.com, radio-info.com, nctimes.com, after doing this most recent fix and get unable to connect page. Netvibes.com doesn't load properly. It loads like an index page, no html. The sites are accessible on my other computer. Looking like I will have a big job ahead of me in the future

Thanks for the help. U da fo shizzle ma wizzle. Enjoy your week. el page

Here is the OTL log.

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\Guest PC\AppData\Roaming\mozilla\Firefox\Profiles\bwzt28yc.default\extensions\plugin@yontoo.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
C:\Users\Guest PC\AppData\Local\gvwxmx4a6mpq6fpy7ogq7g473s8k moved successfully.
C:\ProgramData\gvwxmx4a6mpq6fpy7ogq7g473s8k moved successfully.
File C:\Users\Guest PC\AppData\Local\gvwxmx4a6mpq6fpy7ogq7g473s8k not found.
File C:\ProgramData\gvwxmx4a6mpq6fpy7ogq7g473s8k not found.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\Hosts
C:\Users\Guest PC\Desktop\cmd.bat deleted successfully.
C:\Users\Guest PC\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Guest PC\Desktop\cmd.bat deleted successfully.
C:\Users\Guest PC\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.Guest-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest PC
->Temp folder emptied: 10755429 bytes
->Temporary Internet Files folder emptied: 5312260 bytes
->Java cache emptied: 1315371 bytes
->FireFox cache emptied: 180477022 bytes
->Flash cache emptied: 2036 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 557617 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 189.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.Guest-PC
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Guest PC
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01082012_075202

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP000000011BD1B74CFC6F5F5E not found!

Registry entries deleted on Reboot...

Edited by elpage, 08 January 2012 - 12:04 PM.


#13 elpage

elpage
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 08 January 2012 - 11:51 AM

:whistle:

Edited by elpage, 08 January 2012 - 11:54 AM.


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:23 AM

Posted 09 January 2012 - 03:58 AM

Hi!

I'm going to give you a script to remove the proxy set in Internet Explorer, and if we need to we can always add it back, but I'm thinking that the proxy was set by the infection you had.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8118
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Attempting to access prweb.com, radio-info.com, nctimes.com, after doing this most recent fix and get unable to connect page. Netvibes.com doesn't load properly. It loads like an index page, no html. The sites are accessible on my other computer. Looking like I will have a big job ahead of me in the future

Does this occur wih all internet browsers or just one in particular??

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 elpage

elpage
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 09 January 2012 - 09:58 AM

Hi ST,

I only use Firefox, however, the same resulted when I used IE Tab 2. As before, the unable to connect was random and intermittent. Yesterdays occurrence was the first since we started the fixes. I am able to access all currently, thank you very much...

I am unaware of any issues at this time. Honestly, this old laptop hasn't worked this well in years. Thanks again for all of your help. As I am certain you hear this daily, but I am so so grateful that you take the time to assist when I thought all is lost and I'd have to re-brick this machine. :bowdown:

Just waiting for your final blessing.

Here is the latest log from OTL.

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\Hosts
C:\Users\Guest PC\Desktop\cmd.bat deleted successfully.
C:\Users\Guest PC\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Guest PC\Desktop\cmd.bat deleted successfully.
C:\Users\Guest PC\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.Guest-PC
->Temp folder emptied: 17413 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 11274862 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest PC
->Temp folder emptied: 99485350 bytes
->Temporary Internet Files folder emptied: 1377657 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 101084314 bytes
->Flash cache emptied: 756 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 551498 bytes
RecycleBin emptied: 1215059759 bytes

Total Files Cleaned = 1,363.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.Guest-PC
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Guest PC
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.Guest-PC

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: Guest PC
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01092012_062957

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP000000020137EB6EEA7A6787 not found!

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users