Jump to content

Gators

Honorary Members
  • Posts

    27
  • Joined

  • Last visited

Everything posted by Gators

  1. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.13.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 E127811 :: SZMISLAPTOP [administrator] 12/13/2012 9:09:19 AM mbam-log-2012-12-13 (09-09-19).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 409470 Time elapsed: 58 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\jonathang\AppData\Local\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully. (end)
  2. Here's the log All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Run\\taupse deleted successfully. ========== FILES ========== File\Folder C:\Users\jonathang\AppData\Roaming\taupse.dll not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\jonathang\Desktop\cmd.bat deleted successfully. C:\Users\jonathang\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: jonathang ->Temp folder emptied: 5322456 bytes ->Temporary Internet Files folder emptied: 13195309 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 247550183 bytes ->Flash cache emptied: 5888 bytes User: Public User: user ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: user.szmislaptop ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: v00sb2 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10510282 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 264.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12122012_073356 Files\Folders moved on Reboot... C:\Users\jonathang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\windows\temp\asat0000.tmp scheduled to be moved on reboot. File move failed. C:\windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  3. It gets stuck in safe mode as well. It gets stuck saying Processing PRC - File not found --
  4. I am unable to get this fix to run, OTL keeps freezing when I run that fix.
  5. OTL won't give me an extras file anymore, I've followed the instructions exactly as listed above, and tried several times, but no extras at all, only the otl log. Not sure what changed. OTL logfile created on: 12/6/2012 7:08:44 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jonathang\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.88 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.77% Memory free 7.77 Gb Paging File | 5.94 Gb Available in Paging File | 76.48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.99 Gb Total Space | 210.28 Gb Free Space | 70.57% Space Free | Partition Type: NTFS Drive D: | 100.00 Mb Total Space | 86.23 Mb Free Space | 86.24% Space Free | Partition Type: NTFS Computer Name: SZMISLAPTOP | User Name: E127811 | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012/12/05 07:10:43 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/12/03 07:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe PRC - [2012/11/22 00:52:04 | 003,430,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012/11/20 07:00:29 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe PRC - [2012/11/17 06:10:26 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\jonathang\AppData\Local\Akamai\netsession_win.exe PRC - [2012/08/31 07:36:18 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe PRC - [2011/12/09 09:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2011/07/25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010/11/17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/08/23 06:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2010/08/13 16:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe PRC - [2010/08/06 13:52:40 | 000,085,528 | ---- | M] (DameWare Development) -- C:\Windows\SysWOW64\DWRCST.EXE PRC - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) -- C:\Windows\SysWOW64\DWRCS.EXE PRC - [2009/12/24 20:52:12 | 000,169,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe PRC - [2009/12/24 20:52:06 | 000,927,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngserver.exe PRC - [2009/12/24 20:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngtray.exe PRC - [2009/12/24 18:18:46 | 000,073,728 | R--- | M] () -- C:\Program Files (x86)\Symantec\Ghost\db\..\bin\rteng9.exe PRC - [2009/04/02 15:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe PRC - [2008/08/16 16:44:08 | 000,070,968 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe ========== Modules (No Company Name) ========== MOD - [2012/12/05 07:10:43 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/11/20 07:00:29 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll MOD - [2012/11/14 07:00:00 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\df85a94db4f59fa483bce708f4a54643\IAStorUtil.ni.dll MOD - [2012/11/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStorCommon.ni.dll MOD - [2012/11/14 06:33:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012/11/14 06:32:46 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012/11/14 06:32:42 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012/11/14 06:32:32 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012/11/14 06:32:29 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012/11/14 06:32:26 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012/11/14 06:32:25 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012/11/14 06:32:20 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2011/07/25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ========== Services (SafeList) ========== SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV:64bit: - [2011/06/29 09:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® SRV:64bit: - [2011/06/22 13:01:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV:64bit: - [2011/06/22 13:01:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV:64bit: - [2010/12/23 13:23:48 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2010/12/23 13:14:10 | 000,992,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7) SRV:64bit: - [2010/12/23 13:07:12 | 000,845,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010/02/10 16:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/12/05 07:10:43 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/22 00:52:04 | 003,430,824 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012/11/20 07:00:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/08/31 07:36:18 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost) SRV - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011/02/07 17:40:08 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/10/14 15:40:22 | 002,002,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten) SRV - [2010/10/14 15:30:30 | 001,938,424 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe -- (ntrtscan) SRV - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\SysWOW64\DWRCS.EXE -- (DWMRCS) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/07 09:44:48 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw) SRV - [2010/01/07 09:42:22 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2009/12/24 20:52:12 | 000,169,352 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe -- (NGDBSERV) SRV - [2009/12/24 20:52:06 | 000,927,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Ghost\ngserver.exe -- (NGSERVER) SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/11/14 16:33:20 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/26 07:24:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/22 11:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler) DRV:64bit: - [2011/07/20 08:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011/07/15 20:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2011/06/28 02:12:42 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL) DRV:64bit: - [2011/06/22 13:01:46 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv) DRV:64bit: - [2011/05/26 09:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011/03/23 12:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR) DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/03 11:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR) DRV:64bit: - [2010/12/21 08:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010/11/20 05:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010/11/20 03:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010/11/20 03:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010/11/08 17:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/09/30 11:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/09/30 11:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/07/21 12:47:40 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp) DRV:64bit: - [2010/07/21 12:47:16 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf) DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/05/09 20:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2007/05/09 20:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) DRV:64bit: - [2007/05/09 20:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64) DRV:64bit: - [2007/02/15 01:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd) DRV - [2012/07/17 12:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter) DRV - [2012/07/17 12:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter) DRV - [2012/07/17 12:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt) DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.BC.COM;*BOISEINC.COM;*BOISEBUILDING.COM;*BOISEPAPER.COM;*BOISESPLOX.COM;*.DMSI.COM;jk*;*.imercer.com;<local>;*.ctcwaco.com;*.boiseaspen.com;*.boisecascadewellness.com;*polaris.com;*.boisehealthychoices.com;*.diverseearth.com;*.bctruck.com;*.boisetruck.com;*.hexacomb.*;*.falconboard.*;*.bcconnect.com IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = BO00SPARRAY.BC.COM:80 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "mail.yahoo.com" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 07:10:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/05 07:10:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}: C:\Users\jonathang\AppData\Local\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}\ [2012/10/29 08:06:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 07:10:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/05 07:10:39 | 000,000,000 | ---D | M] [2012/11/26 09:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonathang\AppData\Roaming\mozilla\Extensions [2012/12/05 07:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/12/05 07:10:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll [2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll [2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll [2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012/11/19 22:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/11/19 22:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\SysNative\ExplorerFrame.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.EXE (DameWare Development) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [NGTray] C:\Program Files (x86)\Symantec\Ghost\ngtray.exe (Symantec Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.5.0_15\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [Akamai NetSession Interface] C:\Users\jonathang\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [skyDrive] C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [taupse] "C:\Windows\System32\rundll32.exe" "C:\Users\jonathang\AppData\Roaming\taupse.dll",AsString File not found O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [WebcamMaxAutoRun] C:\Program Files (x86)\WebcamMax\WebcamMax.exe (CoolwareMax) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\RunOnce: [uninstall C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..Trusted Domains: dell.com ([www] http in Trusted sites) O15 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..Trusted Domains: tharco.com ([slzts] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://symantec.webex.com/client/T27L10NSP32EP5/support/ieatgpc1.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.10 10.1.2.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bc.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F2DD49A-9ABB-4D68-9FC0-2556BF2BB748}: DhcpNameServer = 10.1.1.10 10.1.2.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{998E82DF-15CC-4522-AD6D-706472B56844}: DhcpNameServer = 10.1.1.10 10.1.2.10 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/05 13:35:12 | 000,000,000 | ---D | C] -- C:\windows\SysNative\ja [2012/12/05 13:35:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\tr [2012/12/05 13:35:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\nl [2012/12/05 13:35:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\hu [2012/12/05 13:35:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\es [2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\zh-CHT [2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\zh-CHS [2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\sv [2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\ru [2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\pt [2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\pl [2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\ko [2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\it [2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\fr [2012/12/05 13:35:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\de [2012/12/05 13:35:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\cs [2012/12/05 13:35:07 | 000,000,000 | ---D | C] -- C:\windows\ADAM [2012/12/05 07:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/12/04 07:13:07 | 000,000,000 | ---D | C] -- C:\_OTL [2012/12/03 08:16:37 | 000,000,000 | ---D | C] -- C:\mame [2012/12/03 07:08:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe [2012/11/30 08:55:02 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\TeamViewer [2012/11/30 08:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2012/11/30 06:59:06 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\mbar [2012/11/29 13:48:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\jonathang\Desktop\dds.scr [2012/11/26 13:14:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\log [2012/11/26 13:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro OfficeScan Client [2012/11/26 13:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012/11/26 13:13:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Trend Micro [2012/11/26 13:12:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/11/26 10:22:22 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Malwarebytes [2012/11/26 10:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/26 10:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/26 10:22:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/11/26 10:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/26 09:13:34 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Mozilla [2012/11/26 09:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/11/26 08:39:39 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\Old Firefox Data-1 [2012/11/21 07:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2012/11/21 07:57:58 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2012/11/20 15:19:25 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\Old Firefox Data [2012/11/20 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\9slf0ns3.default-1353453563337 [2012/11/14 16:33:20 | 000,066,728 | ---- | C] (Eugene V. Muzychenko) -- C:\windows\SysNative\drivers\vrtaucbl.sys [2012/11/14 16:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable [2012/11/14 16:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable [2012/11/14 15:55:17 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Client [2012/11/14 15:55:04 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Deployment [2012/11/14 15:55:04 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Apps [2012/11/14 13:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamTalk 4 [2012/11/14 13:13:35 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\BearWare.dk [2012/11/14 13:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\TeamTalk4 [2012/11/11 12:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series [2012/11/11 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2012/11/11 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool [2012/11/11 12:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities [2012/11/11 12:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2012/11/11 12:13:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\STRING [2012/11/11 12:13:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2012/11/11 12:13:19 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information [2012/11/11 12:12:37 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ ========== Files - Modified Within 30 Days ========== [2012/12/06 07:00:29 | 000,741,200 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/12/06 07:00:29 | 000,636,792 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/12/06 07:00:29 | 000,110,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/12/06 07:00:27 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/06 07:00:27 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/06 06:57:02 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/06 06:54:08 | 000,027,913 | ---- | M] () -- C:\windows\cfgall.ini [2012/12/06 06:52:57 | 000,008,002 | RHS- | M] () -- C:\Users\jonathang\ntuser.pol [2012/12/06 06:52:47 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/06 06:52:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/12/06 06:52:28 | 3127,652,352 | -HS- | M] () -- C:\hiberfil.sys [2012/12/05 15:54:51 | 000,002,220 | -H-- | M] () -- C:\Users\jonathang\Documents\Default.rdp [2012/12/05 15:28:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/12/05 13:35:03 | 000,000,435 | ---- | M] () -- C:\windows\SysNative\dsac.exe.config [2012/12/05 12:11:13 | 000,002,035 | ---- | M] () -- C:\Users\jonathang\Desktop\Documents.lnk [2012/12/05 12:11:13 | 000,001,445 | ---- | M] () -- C:\Users\jonathang\Desktop\Phone Book.lnk [2012/12/05 12:10:58 | 000,048,632 | ---- | M] () -- C:\Users\jonathang\Desktop\Pancake-bunnyfirst.jpg [2012/12/05 10:47:12 | 000,002,172 | ---- | M] () -- C:\Users\jonathang\Desktop\foreman's office.udf [2012/12/05 10:46:12 | 000,007,571 | ---- | M] () -- C:\Users\jonathang\Desktop\file room.udf [2012/12/05 10:29:07 | 000,025,743 | ---- | M] () -- C:\Users\jonathang\Desktop\bookmarks-2012-12-05.json [2012/12/04 07:15:59 | 000,006,463 | ---- | M] () -- C:\Users\jonathang\AppData\Local\chromeupdate.crx [2012/12/03 07:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe [2012/12/03 06:59:57 | 000,436,760 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/11/30 08:59:41 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2012/11/29 13:48:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\jonathang\Desktop\dds.scr [2012/11/28 15:57:39 | 000,000,412 | ---- | M] () -- C:\Users\jonathang\Documents\spider.sav [2012/11/26 13:13:19 | 000,002,920 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2012/11/26 10:23:15 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/26 09:13:27 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/11/21 07:57:59 | 000,001,279 | ---- | M] () -- C:\Users\jonathang\Desktop\Revo Uninstaller.lnk [2012/11/21 07:21:14 | 000,002,661 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Outlook 2010.lnk [2012/11/19 07:12:25 | 000,001,239 | ---- | M] () -- C:\Users\jonathang\Desktop\Master Computer Inventory - Shortcut.lnk [2012/11/19 07:12:05 | 000,001,015 | ---- | M] () -- C:\Users\jonathang\Desktop\SAP Backup Tape Log - Shortcut.lnk [2012/11/19 07:11:37 | 000,000,355 | ---- | M] () -- C:\Users\jonathang\Desktop\Computer - Shortcut.lnk [2012/11/14 16:33:20 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) -- C:\windows\SysNative\drivers\vrtaucbl.sys [2012/11/14 13:13:35 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\TeamTalk.lnk ========== Files Created - No Company Name ========== [2012/12/05 13:35:07 | 000,000,435 | ---- | C] () -- C:\windows\SysNative\dsac.exe.config [2012/12/05 13:20:33 | 251,170,997 | ---- | C] () -- C:\Users\jonathang\Desktop\Windows6.1-KB958830-x64-RefreshPkg.msu [2012/12/05 12:10:57 | 000,048,632 | ---- | C] () -- C:\Users\jonathang\Desktop\Pancake-bunnyfirst.jpg [2012/12/05 10:47:12 | 000,002,172 | ---- | C] () -- C:\Users\jonathang\Desktop\foreman's office.udf [2012/12/05 10:46:11 | 000,007,571 | ---- | C] () -- C:\Users\jonathang\Desktop\file room.udf [2012/12/05 10:29:07 | 000,025,743 | ---- | C] () -- C:\Users\jonathang\Desktop\bookmarks-2012-12-05.json [2012/12/04 07:15:59 | 000,006,463 | ---- | C] () -- C:\Users\jonathang\AppData\Local\chromeupdate.crx [2012/11/30 08:59:41 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2012/11/30 08:59:41 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2012/11/27 08:58:56 | 000,001,445 | ---- | C] () -- C:\Users\jonathang\Desktop\Phone Book.lnk [2012/11/26 13:16:16 | 000,027,913 | ---- | C] () -- C:\windows\cfgall.ini [2012/11/26 13:13:18 | 000,002,920 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2012/11/26 10:22:16 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/26 09:13:27 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/11/26 09:13:27 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/11/21 07:57:59 | 000,001,279 | ---- | C] () -- C:\Users\jonathang\Desktop\Revo Uninstaller.lnk [2012/11/19 07:12:25 | 000,001,239 | ---- | C] () -- C:\Users\jonathang\Desktop\Master Computer Inventory - Shortcut.lnk [2012/11/19 07:12:05 | 000,001,015 | ---- | C] () -- C:\Users\jonathang\Desktop\SAP Backup Tape Log - Shortcut.lnk [2012/11/19 07:11:37 | 000,000,355 | ---- | C] () -- C:\Users\jonathang\Desktop\Computer - Shortcut.lnk [2012/11/14 13:13:35 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\TeamTalk.lnk [2012/11/14 05:13:00 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/14 05:03:58 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/11 12:13:14 | 000,014,592 | ---- | C] () -- C:\windows\SysWow64\CNC1741D.TBL [2012/11/11 12:13:14 | 000,014,592 | ---- | C] () -- C:\windows\SysNative\CNC1741D.TBL [2012/10/11 10:54:21 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll [2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012/09/27 13:13:31 | 000,000,245 | ---- | C] () -- C:\windows\ODBCINST.INI [2012/09/10 09:53:23 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\h5menu32.dll [2012/09/10 09:53:23 | 000,095,744 | ---- | C] () -- C:\windows\SysWow64\h5rtf32.dll [2012/09/10 09:53:23 | 000,051,200 | ---- | C] () -- C:\windows\SysWow64\h5tool32.dll [2012/09/10 09:53:22 | 001,064,960 | ---- | C] () -- C:\windows\SysWow64\h5krnl32.dll [2012/09/10 09:53:22 | 000,188,928 | ---- | C] () -- C:\windows\SysWow64\h5icon32.dll [2012/05/30 09:14:40 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\instsrv.exe [2012/05/30 09:14:40 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\srvany.exe [2012/05/07 12:54:51 | 000,011,622 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/05/07 12:13:44 | 000,001,198 | ---- | C] () -- C:\windows\SAPLOGON.INI [2012/05/07 12:13:44 | 000,000,106 | ---- | C] () -- C:\windows\saproute.ini [2012/05/07 12:13:44 | 000,000,059 | ---- | C] () -- C:\windows\sapini.dat [2012/05/07 12:13:44 | 000,000,030 | ---- | C] () -- C:\windows\SAPMSG.INI [2012/05/07 12:07:51 | 000,015,872 | ---- | C] () -- C:\windows\SysWow64\vtssm32.dll [2012/05/07 11:42:19 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI [2012/05/07 10:39:25 | 000,008,002 | RHS- | C] () -- C:\Users\jonathang\ntuser.pol [2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012/03/19 22:31:16 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/02/09 20:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini ========== ZeroAccess Check ========== [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/12/05 15:53:31 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\.purple [2012/11/14 13:13:35 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\BearWare.dk [2012/10/01 08:17:55 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\DAEMON Tools Lite [2012/06/02 21:59:27 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\DameWare Development [2012/06/02 21:58:36 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\DWMRCMSI [2012/10/31 13:52:18 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\gtk-2.0 [2012/07/26 06:24:16 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\ICAClient [2012/07/27 13:18:14 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\ImgBurn [2012/08/29 12:46:31 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\PrimoPDF [2012/12/05 07:28:41 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\SAP [2012/09/06 13:59:53 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\ScanSoft [2012/12/05 08:15:19 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\ShoreWare Client [2012/12/03 07:01:48 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\TeamViewer [2012/09/09 09:35:46 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\WebcamMax [2012/07/26 07:29:33 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\wootalyzer ========== Purity Check ========== < End of report >
  6. Well, it let me paste the image of the error, but apparently it won't actually post that. Ok, got this error on the reboot: There was an error starting C:\Users\jonathang\AppData\Roaming\taupse.dll The specified module could not be found.
  7. Here is the log All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Run\\taupse deleted successfully. C:\Users\jonathang\AppData\Roaming\taupse.dll moved successfully. C:\Users\jonathang\AppData\Roaming\Uckag folder moved successfully. C:\Users\jonathang\AppData\Roaming\Suobuz folder moved successfully. C:\Users\jonathang\AppData\Roaming\Pohiap folder moved successfully. C:\Users\jonathang\AppData\Roaming\Yfseic folder moved successfully. C:\Users\jonathang\AppData\Roaming\Evki folder moved successfully. C:\Users\jonathang\AppData\Roaming\Akufi folder moved successfully. C:\Users\jonathang\AppData\Roaming\apstcs.dll moved successfully. C:\Users\jonathang\AppData\Local\chromeupdate.crx moved successfully. C:\Users\jonathang\AppData\Roaming\wsabrt.dll moved successfully. C:\Users\jonathang\AppData\Roaming\pobnet.dll moved successfully. C:\Users\jonathang\AppData\Roaming\vcatm.dll moved successfully. File C:\Users\jonathang\AppData\Roaming\taupse.dll not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\jonathang\Desktop\cmd.bat deleted successfully. C:\Users\jonathang\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: jonathang ->Temp folder emptied: 419561577 bytes ->Temporary Internet Files folder emptied: 151504809 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 362726893 bytes ->Flash cache emptied: 22080 bytes User: Public User: user ->Temp folder emptied: 32799 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: user.szmislaptop ->Temp folder emptied: 33737 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: v00sb2 ->Temp folder emptied: 3483136 bytes ->Temporary Internet Files folder emptied: 7924204 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 245887426 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72702 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,136.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 12042012_071307 Files\Folders moved on Reboot... C:\Users\jonathang\AppData\Local\Temp\ExchangePerflog_8484fa31604fd3c3cfcccd43.dat moved successfully. C:\Users\jonathang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\jonathang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{33447FC6-FE77-4A86-AFF8-B2307EF6BE32}.tmp not found! File\Folder C:\Users\jonathang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5AAD09F4-3B05-41A7-8480-69C3D2178824}.tmp not found! File\Folder C:\Users\jonathang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6ECE1367-A0E5-434D-93A2-9A89F34658BB}.tmp not found! File move failed. C:\windows\temp\asat0000.tmp scheduled to be moved on reboot. File move failed. C:\windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  8. Here's the Extras.txt OTL Extras logfile created on: 12/3/2012 7:09:26 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jonathang\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.88 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 63.61% Memory free 7.77 Gb Paging File | 6.21 Gb Available in Paging File | 80.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.99 Gb Total Space | 210.03 Gb Free Space | 70.48% Space Free | Partition Type: NTFS Drive D: | 100.00 Mb Total Space | 86.23 Mb Free Space | 86.24% Space Free | Partition Type: NTFS Computer Name: SZMISLAPTOP | User Name: E127811 | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.) "C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D418077-C996-43F3-BB11-C9ECB7F200C0}" = lport=445 | protocol=6 | dir=in | app=system | "{1055FF3C-2179-4901-A99C-D27A0D966840}" = rport=445 | protocol=6 | dir=out | app=system | "{476D3B14-A957-4E48-A03B-FBB813159BF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{48CA2469-CA2F-4027-8B5D-B32015FB451B}" = rport=138 | protocol=17 | dir=out | app=system | "{4CDE4D31-79D0-49E9-BCC6-FDE84AB4954F}" = lport=60303 | protocol=6 | dir=in | name=trend micro officescan listener | "{64333325-06C7-4AF2-8E86-FF87C7B48489}" = lport=138 | protocol=17 | dir=in | app=system | "{65BA2E7F-7332-46CB-8D59-0513359122AC}" = rport=137 | protocol=17 | dir=out | app=system | "{6E1EFA56-AF29-41A8-A9BD-D4AC6EE87517}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{7BFB6816-C3B6-4529-AEBD-FE769BA9D48A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C6CD7FD-4A07-4A38-9820-11354D66C799}" = lport=60303 | protocol=6 | dir=in | name=trend micro officescan listener | "{8C00E67E-B42B-47F6-8FDC-EDF95B62B143}" = lport=139 | protocol=6 | dir=in | app=system | "{DDFF753A-F282-40A6-98CF-5DF533D583EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DE9B524D-0C05-4106-9375-6AD78C359E1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F990E784-71AB-407B-A09B-A0AEB62A954C}" = rport=139 | protocol=6 | dir=out | app=system | "{FAEE3762-368E-4529-B886-4A623576F6F6}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0ED330EF-CD87-4D1A-AB9A-8C23C6529A6C}" = dir=in | app=c:\users\jonathang\appdata\local\microsoft\skydrive\skydrive.exe | "{1358487E-6EFE-4D32-9591-06A0501AD3F8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{16D21015-0913-427D-9A52-B0A870DA5F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{2BA733A7-D3DB-4100-B75E-F926F852EF0C}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\ghost\ngserver.exe | "{44FBE3C6-0C03-4F13-802B-6E0A0C72D3BE}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\ghost\ngserver.exe | "{5F02085B-4DEA-427F-A922-84B101EEC7F3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{5F5DDB47-F502-4C07-8401-96F515569CE0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{64632FFB-9820-44BC-AA09-8CF0C2C898AC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{6D32AA97-DF97-4DC3-AC11-078A3C9F24F0}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\ghost\ghostsrv.exe | "{6F3E74C0-D56A-4F2D-95BA-2EA12FA32385}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\ghost\ngserver.exe | "{796DC5B6-3723-4AC2-A37B-B797E49EBED4}" = protocol=17 | dir=in | app=c:\program files\teamtalk4\teamtalk4.exe | "{82F0B269-FD0C-4627-8802-835A3BE178E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{9E6A791C-2374-4FF3-860E-3D5D530DD568}" = protocol=6 | dir=in | app=c:\program files\teamtalk4\teamtalk4.exe | "{ACD709AB-0EB4-4C13-8C26-911658A35A3E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{B1AC695A-DC72-4FDE-B7F9-B11E8CEBE2FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\dwrcs.exe | "{B8807862-9DBA-462A-BE52-EFEEFCD2E925}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BA10D1B5-9C1E-4D05-82BC-011EA055B3D3}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\ghost\ngserver.exe | "{BAE00A80-5FCF-4EB1-BFDF-F9D9A87D1FE4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BF36351A-09AE-4CA7-A175-DCA62289A897}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D29BA67F-6AF8-49AB-A796-A19DECE2EBBD}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\ghost\ghostsrv.exe | "{D42A13CE-8EBD-490F-8D8C-64B4EFC51B34}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E307D3A6-8483-4F49-8A51-FF979828573A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "TCP Query User{0F29C952-5A8A-482B-A09B-E4334CEA143D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{28FB4876-3318-4C2C-8972-3C5C08B9E794}C:\program files (x86)\sap\frontend\sapgui\saplgpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sap\frontend\sapgui\saplgpad.exe | "UDP Query User{121CB841-89B2-4EA4-A967-7B994EBAAD3D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{5DB45AE7-A84E-4245-826B-0C43E0648D49}C:\program files (x86)\sap\frontend\sapgui\saplgpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sap\frontend\sapgui\saplgpad.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel® PROSet/Wireless WiFi Software "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel® Network Connections 16.5.2.0 "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FE16E275-3784-461D-9BA0-7310C8826050}" = Dell ControlVault Host Components Installer 64 bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "ProInst" = Intel PROSet Wireless "PROSetDX" = Intel® Network Connections 16.5.2.0 "TeamTalk4_is1" = TeamTalk 4 "Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10 "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard "{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver "{1611A5CF-50B8-4669-98BF-087A28A8CB49}" = Microsoft Conferencing Add-in for Microsoft Office Outlook "{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{30ECE66A-C503-4E88-9E3D-4962F568C05E}" = IXOS-eCON Clients Languages "{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15 "{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4CAFC761-61D3-4C6E-98BE-AFA292050EF4}" = DameWare Mini Remote Control "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{57F1AB5A-0B9A-4229-B231-B1516A33DCD4}" = VMware Infrastructure Client 2.5 "{59F1FCCB-1523-423E-9ECE-4DAC8F329007}" = ShoreTel Communicator "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010 "{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A172C9C8-1C70-11D6-A246-0001020BC164}" = IXOS-eCON Clients "{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0 "{BE8585BF-DC7A-4AE0-0A2E-000007493152}" = Symantec Ghost Console and Standard Tools "{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86) "{D93B70D2-4DA4-4F6F-9DC8-72D08F74A386}" = VMware Infrastructure Update "{E518C80C-C549-40E1-844C-669ED64195D3}" = FTP Surfer "{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ArtiosCAD Viewer" = ArtiosCAD Viewer "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "DAEMON Tools Lite" = DAEMON Tools Lite "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "ImgBurn" = ImgBurn "InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "mIRC" = mIRC "Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.STANDARD" = Microsoft Office Standard 2010 "Pidgin" = Pidgin "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software "Revo Uninstaller" = Revo Uninstaller 1.94 "SAPGUI710" = SAP GUI for Windows 7.20 "SystemTools DumpSec" = SystemTools DumpSec "TeamViewer 8" = TeamViewer 8 "Vivitar Experience Image Manager" = Vivitar Experience Image Manager "VLC media player" = VLC media player 2.0.3 "WebcamMax" = WebcamMax "Winamp" = Winamp "Wootalyzer" = Wootalyzer! ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "07c83f7d54f0ed58" = Client "ActiveTouchMeetingClient" = Cisco WebEx Meetings "Akamai" = Akamai NetSession Interface "SkyDriveSetup.exe" = Microsoft SkyDrive "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/20/2012 7:31:41 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 16.0.2.4680 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1078 Start Time: 01cdc776fd22b5d5 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 6c0c955f-336a-11e2-833b-9cb70deb5e99 Error - 11/20/2012 7:32:00 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 16.0.2.4680 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1b7c Start Time: 01cdc77732acae0b Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 78600dd1-336a-11e2-833b-9cb70deb5e99 Error - 11/20/2012 7:40:47 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 16.0.2.4680 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2f8 Start Time: 01cdc7773dd8bd81 Termination Time: 15 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: b246d33b-336b-11e2-833b-9cb70deb5e99 Error - 11/20/2012 7:55:45 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 16.0.2.4680 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1514 Start Time: 01cdc77a7c60f006 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: c99f723b-336d-11e2-833b-9cb70deb5e99 Error - 11/21/2012 10:54:28 AM | Computer Name = SZMISLAPTOP.bc.com | Source = WinMgmt | ID = 10 Description = Error - 11/21/2012 10:55:06 AM | Computer Name = SZMISLAPTOP.bc.com | Source = KIXTART | ID = 5 Description = Error - 11/21/2012 11:07:11 AM | Computer Name = SZMISLAPTOP.bc.com | Source = WinMgmt | ID = 10 Description = Error - 11/21/2012 11:07:49 AM | Computer Name = SZMISLAPTOP.bc.com | Source = KIXTART | ID = 5 Description = Error - 11/21/2012 11:23:04 AM | Computer Name = SZMISLAPTOP.bc.com | Source = WinMgmt | ID = 10 Description = Error - 11/21/2012 11:23:25 AM | Computer Name = SZMISLAPTOP.bc.com | Source = KIXTART | ID = 5 Description = Error - 11/21/2012 11:31:14 AM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 17.0.0.4706 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: a7c Start Time: 01cdc7fced0c821a Termination Time: 16 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 7829468a-33f0-11e2-818d-9cb70deb5e99 [ System Events ] Error - 11/20/2012 1:37:51 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NetBT | ID = 4319 Description = A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error - 11/20/2012 1:38:01 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NetBT | ID = 4319 Description = A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error - 11/20/2012 1:38:02 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NetBT | ID = 4319 Description = A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error - 11/20/2012 6:56:54 PM | Computer Name = SZMISLAPTOP.bc.com | Source = DCOM | ID = 10010 Description = Error - 11/20/2012 8:03:01 PM | Computer Name = SZMISLAPTOP.bc.com | Source = DCOM | ID = 10010 Description = Error - 11/21/2012 5:08:57 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Microsoft-Windows-GroupPolicy | ID = 1054 Description = The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly. Error - 11/21/2012 6:53:50 PM | Computer Name = SZMISLAPTOP.bc.com | Source = DCOM | ID = 10006 Description = Error - 11/26/2012 10:56:00 AM | Computer Name = SZMISLAPTOP.bc.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain BCC due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 11/26/2012 2:47:14 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NetBT | ID = 4319 Description = A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error - 11/26/2012 5:26:42 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain BCC due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. < End of report >
  9. Ok, here's the OTL.txt OTL logfile created on: 12/3/2012 7:09:26 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jonathang\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.88 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 63.61% Memory free 7.77 Gb Paging File | 6.21 Gb Available in Paging File | 80.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.99 Gb Total Space | 210.03 Gb Free Space | 70.48% Space Free | Partition Type: NTFS Drive D: | 100.00 Mb Total Space | 86.23 Mb Free Space | 86.24% Space Free | Partition Type: NTFS Computer Name: SZMISLAPTOP | User Name: E127811 | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012/12/03 07:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe PRC - [2012/11/22 00:52:04 | 003,430,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012/11/17 06:10:26 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\jonathang\AppData\Local\Akamai\netsession_win.exe PRC - [2012/08/31 07:36:18 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe PRC - [2012/05/06 20:36:06 | 000,049,340 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe PRC - [2011/12/09 09:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2011/07/25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010/11/17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/08/23 06:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2010/08/13 16:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe PRC - [2010/08/06 13:52:40 | 000,085,528 | ---- | M] (DameWare Development) -- C:\Windows\SysWOW64\DWRCST.EXE PRC - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) -- C:\Windows\SysWOW64\DWRCS.EXE PRC - [2009/12/24 20:52:12 | 000,169,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe PRC - [2009/12/24 20:52:06 | 000,927,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngserver.exe PRC - [2009/12/24 20:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngtray.exe PRC - [2009/12/24 18:18:46 | 000,073,728 | R--- | M] () -- C:\Program Files (x86)\Symantec\Ghost\db\..\bin\rteng9.exe PRC - [2009/04/02 15:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe PRC - [2008/08/16 16:44:08 | 000,070,968 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe ========== Modules (No Company Name) ========== MOD - [2012/11/14 07:00:00 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\df85a94db4f59fa483bce708f4a54643\IAStorUtil.ni.dll MOD - [2012/11/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStorCommon.ni.dll MOD - [2012/11/14 06:33:10 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll MOD - [2012/11/14 06:33:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012/11/14 06:32:46 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012/11/14 06:32:42 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012/11/14 06:32:32 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012/11/14 06:32:29 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012/11/14 06:32:26 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012/11/14 06:32:25 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012/11/14 06:32:20 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012/10/29 08:06:35 | 000,466,432 | ---- | M] () -- C:\Users\jonathang\AppData\Roaming\taupse.dll MOD - [2012/05/30 06:53:40 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll MOD - [2012/05/30 06:53:40 | 000,535,264 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll MOD - [2012/05/30 06:53:40 | 000,482,872 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll MOD - [2012/05/30 06:53:40 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll MOD - [2012/05/30 06:53:40 | 000,219,305 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll MOD - [2012/05/30 06:53:40 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll MOD - [2012/05/30 06:53:40 | 000,095,189 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll MOD - [2012/05/30 06:53:40 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll MOD - [2012/05/30 06:53:40 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll MOD - [2012/05/06 20:36:08 | 000,036,068 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll MOD - [2012/05/06 20:36:08 | 000,030,333 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll MOD - [2012/05/06 20:36:08 | 000,024,487 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll MOD - [2012/05/06 20:36:08 | 000,024,106 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll MOD - [2012/05/06 20:36:08 | 000,023,455 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll MOD - [2012/05/06 20:36:08 | 000,022,901 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll MOD - [2012/05/06 20:36:08 | 000,017,951 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll MOD - [2012/05/06 20:36:08 | 000,013,589 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll MOD - [2012/05/06 20:36:06 | 000,338,072 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll MOD - [2012/05/06 20:36:06 | 000,303,303 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll MOD - [2012/05/06 20:36:06 | 000,256,529 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll MOD - [2012/05/06 20:36:06 | 000,194,434 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll MOD - [2012/05/06 20:36:06 | 000,184,224 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll MOD - [2012/05/06 20:36:06 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll MOD - [2012/05/06 20:36:06 | 000,121,476 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll MOD - [2012/05/06 20:36:06 | 000,096,443 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll MOD - [2012/05/06 20:36:06 | 000,092,138 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll MOD - [2012/05/06 20:36:06 | 000,088,548 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll MOD - [2012/05/06 20:36:06 | 000,079,775 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll MOD - [2012/05/06 20:36:06 | 000,073,584 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll MOD - [2012/05/06 20:36:06 | 000,063,229 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll MOD - [2012/05/06 20:36:06 | 000,045,348 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll MOD - [2012/05/06 20:36:06 | 000,039,509 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll MOD - [2012/05/06 20:36:06 | 000,023,390 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll MOD - [2012/05/06 20:36:06 | 000,022,335 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll MOD - [2012/05/06 20:36:06 | 000,019,854 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll MOD - [2012/05/06 20:36:06 | 000,019,058 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll MOD - [2012/05/06 20:36:06 | 000,018,502 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll MOD - [2012/05/06 20:36:06 | 000,017,519 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll MOD - [2012/05/06 20:36:06 | 000,014,951 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll MOD - [2012/05/06 20:36:06 | 000,014,905 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll MOD - [2012/05/06 20:36:06 | 000,014,619 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll MOD - [2012/05/06 20:36:06 | 000,013,528 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll MOD - [2012/05/06 20:36:06 | 000,012,665 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll MOD - [2012/05/06 20:36:06 | 000,012,177 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll MOD - [2012/05/06 20:36:06 | 000,011,669 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll MOD - [2012/05/06 20:36:06 | 000,011,163 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll MOD - [2012/05/06 20:36:06 | 000,010,860 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll MOD - [2012/05/06 20:36:06 | 000,010,624 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll MOD - [2012/05/06 20:36:06 | 000,010,232 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll MOD - [2012/05/06 20:36:06 | 000,010,203 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll MOD - [2012/05/06 20:36:06 | 000,010,075 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll MOD - [2012/05/06 20:36:06 | 000,010,026 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll MOD - [2012/05/06 20:36:06 | 000,009,126 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll MOD - [2012/05/06 20:36:06 | 000,008,793 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll MOD - [2012/05/06 20:36:06 | 000,007,899 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll MOD - [2012/05/06 20:36:06 | 000,007,511 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll MOD - [2012/05/06 20:36:06 | 000,007,162 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll MOD - [2012/05/06 20:36:04 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll MOD - [2012/05/06 20:36:04 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll MOD - [2012/05/06 20:35:14 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll MOD - [2012/05/06 20:35:12 | 002,719,062 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll MOD - [2012/05/06 20:35:12 | 001,206,642 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll MOD - [2012/05/06 20:35:12 | 000,173,805 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll MOD - [2012/05/06 20:35:08 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll MOD - [2011/07/25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV:64bit: - [2011/06/29 09:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® SRV:64bit: - [2011/06/22 13:01:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV:64bit: - [2011/06/22 13:01:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV:64bit: - [2010/12/23 13:23:48 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2010/12/23 13:14:10 | 000,992,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7) SRV:64bit: - [2010/12/23 13:07:12 | 000,845,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010/02/10 16:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/11/22 00:52:04 | 003,430,824 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012/11/20 07:00:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/11/19 22:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/08/31 07:36:18 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost) SRV - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011/02/07 17:40:08 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/10/14 15:40:22 | 002,002,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten) SRV - [2010/10/14 15:30:30 | 001,938,424 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe -- (ntrtscan) SRV - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\SysWOW64\DWRCS.EXE -- (DWMRCS) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/07 09:44:48 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw) SRV - [2010/01/07 09:42:22 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2009/12/24 20:52:12 | 000,169,352 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe -- (NGDBSERV) SRV - [2009/12/24 20:52:06 | 000,927,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Ghost\ngserver.exe -- (NGSERVER) SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/11/14 16:33:20 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/26 07:24:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/22 11:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler) DRV:64bit: - [2011/07/20 08:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011/07/15 20:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2011/06/28 02:12:42 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL) DRV:64bit: - [2011/06/22 13:01:46 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv) DRV:64bit: - [2011/05/26 09:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011/03/23 12:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR) DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/03 11:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR) DRV:64bit: - [2010/12/21 08:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010/11/20 05:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010/11/20 03:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010/11/20 03:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010/11/08 17:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/09/30 11:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/09/30 11:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/07/21 12:47:40 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp) DRV:64bit: - [2010/07/21 12:47:16 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf) DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/05/09 20:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2007/05/09 20:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) DRV:64bit: - [2007/05/09 20:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64) DRV:64bit: - [2007/02/15 01:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd) DRV - [2012/07/17 12:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter) DRV - [2012/07/17 12:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter) DRV - [2012/07/17 12:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt) DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.BC.COM;*BOISEINC.COM;*BOISEBUILDING.COM;*BOISEPAPER.COM;*BOISESPLOX.COM;*.DMSI.COM;jk*;*.imercer.com;<local>;*.ctcwaco.com;*.boiseaspen.com;*.boisecascadewellness.com;*polaris.com;*.boisehealthychoices.com;*.diverseearth.com;*.bctruck.com;*.boisetruck.com;*.hexacomb.*;*.falconboard.*;*.bcconnect.com IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = BO00SPARRAY.BC.COM:80 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "mail.yahoo.com" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/26 09:13:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/26 06:56:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}: C:\Users\jonathang\AppData\Local\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}\ [2012/10/29 08:06:35 | 000,000,000 | ---D | M] [2012/11/26 09:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonathang\AppData\Roaming\mozilla\Extensions [2012/11/26 10:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/10/29 08:06:35 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\JONATHANG\APPDATA\LOCAL\{99E47D2D-21E2-11E2-8271-B8AC6F996F26} [2012/11/19 22:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll [2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll [2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll [2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012/11/19 22:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/11/19 22:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\SysNative\ExplorerFrame.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.EXE (DameWare Development) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [NGTray] C:\Program Files (x86)\Symantec\Ghost\ngtray.exe (Symantec Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.5.0_15\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [Akamai NetSession Interface] C:\Users\jonathang\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [skyDrive] C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [taupse] C:\Users\jonathang\AppData\Roaming\taupse.dll () O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [WebcamMaxAutoRun] C:\Program Files (x86)\WebcamMax\WebcamMax.exe (CoolwareMax) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\RunOnce: [uninstall C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..Trusted Domains: dell.com ([www] http in Trusted sites) O15 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..Trusted Domains: tharco.com ([slzts] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://symantec.webex.com/client/T27L10NSP32EP5/support/ieatgpc1.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.10 10.1.2.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bc.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F2DD49A-9ABB-4D68-9FC0-2556BF2BB748}: DhcpNameServer = 10.1.1.10 10.1.2.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{998E82DF-15CC-4522-AD6D-706472B56844}: DhcpNameServer = 10.1.1.10 10.1.2.10 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/03 07:08:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe [2012/11/30 08:55:02 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\TeamViewer [2012/11/30 08:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2012/11/30 06:59:06 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\mbar [2012/11/29 13:48:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\jonathang\Desktop\dds.scr [2012/11/26 13:14:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\log [2012/11/26 13:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro OfficeScan Client [2012/11/26 13:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012/11/26 13:13:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Trend Micro [2012/11/26 13:12:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/11/26 10:22:22 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Malwarebytes [2012/11/26 10:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/26 10:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/26 10:22:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/11/26 10:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/26 09:13:34 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Mozilla [2012/11/26 09:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/11/26 08:39:39 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\Old Firefox Data-1 [2012/11/26 07:25:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll [2012/11/26 07:25:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012/11/26 07:25:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012/11/26 07:25:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys [2012/11/26 07:25:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbGD.sys [2012/11/26 07:25:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys [2012/11/26 07:25:38 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll [2012/11/26 07:25:38 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll [2012/11/26 07:25:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe [2012/11/26 07:25:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe [2012/11/26 07:25:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe [2012/11/26 07:25:38 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll [2012/11/26 07:25:38 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll [2012/11/26 07:25:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll [2012/11/26 07:25:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll [2012/11/26 07:25:38 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll [2012/11/26 07:25:38 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe [2012/11/26 07:25:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll [2012/11/26 07:25:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll [2012/11/26 07:25:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll [2012/11/26 07:25:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll [2012/11/26 07:25:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll [2012/11/26 07:25:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll [2012/11/26 07:25:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll [2012/11/26 07:25:37 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll [2012/11/26 07:17:28 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2012/11/26 07:17:28 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2012/11/26 07:17:15 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll [2012/11/26 07:17:15 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll [2012/11/26 06:57:57 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Uckag [2012/11/26 06:57:57 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Suobuz [2012/11/26 06:57:57 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Pohiap [2012/11/21 08:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/11/21 07:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2012/11/21 07:57:58 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2012/11/20 15:19:25 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\Old Firefox Data [2012/11/20 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\9slf0ns3.default-1353453563337 [2012/11/20 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Yfseic [2012/11/20 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Evki [2012/11/20 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Akufi [2012/11/14 16:33:20 | 000,066,728 | ---- | C] (Eugene V. Muzychenko) -- C:\windows\SysNative\drivers\vrtaucbl.sys [2012/11/14 16:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable [2012/11/14 16:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable [2012/11/14 15:55:17 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Client [2012/11/14 15:55:04 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Deployment [2012/11/14 15:55:04 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Apps [2012/11/14 13:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamTalk 4 [2012/11/14 13:13:35 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\BearWare.dk [2012/11/14 13:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\TeamTalk4 [2012/11/14 05:12:57 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys [2012/11/14 05:12:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll [2012/11/14 05:05:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/11/14 05:05:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/11/14 05:05:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/11/14 05:05:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/11/14 05:05:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/11/14 05:05:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/11/14 05:05:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012/11/14 05:05:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012/11/14 05:05:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/11/14 05:05:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/11/14 05:05:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/11/14 05:05:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012/11/14 05:05:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/11/14 05:05:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/11/14 05:05:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012/11/14 05:04:00 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll [2012/11/14 05:03:58 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll [2012/11/14 05:03:58 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe [2012/11/14 05:03:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll [2012/11/13 14:53:15 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2012/11/13 14:53:15 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2012/11/13 14:53:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2012/11/13 14:53:03 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll [2012/11/13 14:53:03 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2012/11/13 14:53:03 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll [2012/11/13 14:53:03 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2012/11/13 14:53:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll [2012/11/13 14:53:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll [2012/11/13 14:52:16 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2012/11/13 14:52:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2012/11/11 12:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series [2012/11/11 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2012/11/11 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool [2012/11/11 12:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities [2012/11/11 12:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2012/11/11 12:13:54 | 000,366,592 | ---- | C] (CANON INC.) -- C:\windows\SysWow64\CNMNPPM.DLL [2012/11/11 12:13:54 | 000,359,936 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMN6PPM.DLL [2012/11/11 12:13:54 | 000,039,424 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMN6UI.DLL [2012/11/11 12:13:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\STRING [2012/11/11 12:13:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2012/11/11 12:13:19 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information [2012/11/11 12:13:14 | 001,324,544 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNC340C.dll [2012/11/11 12:13:14 | 000,346,624 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNC340L.dll [2012/11/11 12:13:14 | 000,307,200 | ---- | C] (CANON INC.) -- C:\windows\SysWow64\CNC340L.dll [2012/11/11 12:13:14 | 000,109,568 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNC340I.dll [2012/11/11 12:13:14 | 000,102,400 | ---- | C] (CANON INC.) -- C:\windows\SysWow64\CNC340U.dll [2012/11/11 12:13:14 | 000,017,920 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNHMCA6.dll [2012/11/11 12:13:14 | 000,015,872 | ---- | C] (CANON INC.) -- C:\windows\SysWow64\CNHMCA.dll [2012/11/11 12:13:01 | 000,385,024 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMLMA5.DLL [2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkSE.DLL [2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkRU.DLL [2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkPL.DLL [2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkNL.DLL [2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkID.DLL [2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkGR.DLL [2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkFI.DLL [2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkTR.DLL [2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkTH.DLL [2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkNO.DLL [2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkKR.DLL [2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkHU.DLL [2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkDK.DLL [2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkCZ.DLL [2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkAR.DLL [2012/11/11 12:12:52 | 000,002,048 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkTW.DLL [2012/11/11 12:12:52 | 000,002,048 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkCN.DLL [2012/11/11 12:12:51 | 000,343,552 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCF2Lk.DLL [2012/11/11 12:12:51 | 000,182,272 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFMSk.EXE [2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkUS.DLL [2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkPT.DLL [2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkIT.DLL [2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkFR.DLL [2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkES.DLL [2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkDE.DLL [2012/11/11 12:12:51 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkJP.DLL [2012/11/11 12:12:48 | 000,245,760 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMIUA5.DLL [2012/11/11 12:12:48 | 000,103,424 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNC340O.dll [2012/11/11 12:12:37 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2012/10/29 08:05:41 | 000,166,400 | ---- | C] (PixArt Imaging Incorporation) -- C:\Users\jonathang\AppData\Roaming\apstcs.dll ========== Files - Modified Within 30 Days ========== [2012/12/03 07:11:10 | 000,006,463 | ---- | M] () -- C:\Users\jonathang\AppData\Local\chromeupdate.crx [2012/12/03 07:08:40 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/03 07:08:40 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/03 07:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe [2012/12/03 07:06:38 | 000,741,200 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/12/03 07:06:38 | 000,636,792 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/12/03 07:06:38 | 000,110,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/12/03 07:02:36 | 000,027,913 | ---- | M] () -- C:\windows\cfgall.ini [2012/12/03 07:00:19 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/03 06:59:57 | 000,436,760 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/12/03 06:59:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/12/03 06:59:29 | 3127,652,352 | -HS- | M] () -- C:\hiberfil.sys [2012/11/30 15:57:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/30 15:46:28 | 000,002,226 | -H-- | M] () -- C:\Users\jonathang\Documents\Default.rdp [2012/11/30 15:28:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/11/30 08:59:41 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2012/11/30 06:54:56 | 000,008,002 | RHS- | M] () -- C:\Users\jonathang\ntuser.pol [2012/11/29 13:48:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\jonathang\Desktop\dds.scr [2012/11/28 15:57:39 | 000,000,412 | ---- | M] () -- C:\Users\jonathang\Documents\spider.sav [2012/11/28 12:43:45 | 000,001,445 | ---- | M] () -- C:\Users\jonathang\Desktop\Phone Book.lnk [2012/11/26 13:13:19 | 000,002,920 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2012/11/26 10:23:15 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/26 09:13:27 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/11/21 07:57:59 | 000,001,279 | ---- | M] () -- C:\Users\jonathang\Desktop\Revo Uninstaller.lnk [2012/11/21 07:21:14 | 000,002,661 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Outlook 2010.lnk [2012/11/20 07:00:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/11/20 07:00:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012/11/19 07:12:25 | 000,001,239 | ---- | M] () -- C:\Users\jonathang\Desktop\Master Computer Inventory - Shortcut.lnk [2012/11/19 07:12:05 | 000,001,015 | ---- | M] () -- C:\Users\jonathang\Desktop\SAP Backup Tape Log - Shortcut.lnk [2012/11/19 07:11:37 | 000,000,355 | ---- | M] () -- C:\Users\jonathang\Desktop\Computer - Shortcut.lnk [2012/11/14 16:33:20 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) -- C:\windows\SysNative\drivers\vrtaucbl.sys [2012/11/14 13:13:35 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\TeamTalk.lnk ========== Files Created - No Company Name ========== [2012/11/30 08:59:41 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2012/11/30 08:59:41 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2012/11/30 07:52:34 | 000,006,463 | ---- | C] () -- C:\Users\jonathang\AppData\Local\chromeupdate.crx [2012/11/27 08:58:56 | 000,001,445 | ---- | C] () -- C:\Users\jonathang\Desktop\Phone Book.lnk [2012/11/26 13:16:16 | 000,027,913 | ---- | C] () -- C:\windows\cfgall.ini [2012/11/26 13:13:18 | 000,002,920 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2012/11/26 10:22:16 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/26 09:13:27 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/11/26 09:13:27 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/11/21 07:57:59 | 000,001,279 | ---- | C] () -- C:\Users\jonathang\Desktop\Revo Uninstaller.lnk [2012/11/19 07:12:25 | 000,001,239 | ---- | C] () -- C:\Users\jonathang\Desktop\Master Computer Inventory - Shortcut.lnk [2012/11/19 07:12:05 | 000,001,015 | ---- | C] () -- C:\Users\jonathang\Desktop\SAP Backup Tape Log - Shortcut.lnk [2012/11/19 07:11:37 | 000,000,355 | ---- | C] () -- C:\Users\jonathang\Desktop\Computer - Shortcut.lnk [2012/11/14 13:13:35 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\TeamTalk.lnk [2012/11/14 05:13:00 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/14 05:03:58 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/11 12:13:14 | 000,014,592 | ---- | C] () -- C:\windows\SysWow64\CNC1741D.TBL [2012/11/11 12:13:14 | 000,014,592 | ---- | C] () -- C:\windows\SysNative\CNC1741D.TBL [2012/11/02 06:57:22 | 000,003,960 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\wsabrt.dll [2012/11/02 06:54:59 | 000,003,960 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\pobnet.dll [2012/11/02 06:53:33 | 000,003,960 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\vcatm.dll [2012/10/29 08:06:31 | 000,466,432 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\taupse.dll [2012/10/11 10:54:21 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll [2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012/09/27 13:13:31 | 000,000,245 | ---- | C] () -- C:\windows\ODBCINST.INI [2012/09/10 09:53:23 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\h5menu32.dll [2012/09/10 09:53:23 | 000,095,744 | ---- | C] () -- C:\windows\SysWow64\h5rtf32.dll [2012/09/10 09:53:23 | 000,051,200 | ---- | C] () -- C:\windows\SysWow64\h5tool32.dll [2012/09/10 09:53:22 | 001,064,960 | ---- | C] () -- C:\windows\SysWow64\h5krnl32.dll [2012/09/10 09:53:22 | 000,188,928 | ---- | C] () -- C:\windows\SysWow64\h5icon32.dll [2012/05/30 09:14:40 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\instsrv.exe [2012/05/30 09:14:40 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\srvany.exe [2012/05/07 12:54:51 | 000,011,622 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/05/07 12:13:44 | 000,001,198 | ---- | C] () -- C:\windows\SAPLOGON.INI [2012/05/07 12:13:44 | 000,000,106 | ---- | C] () -- C:\windows\saproute.ini [2012/05/07 12:13:44 | 000,000,059 | ---- | C] () -- C:\windows\sapini.dat [2012/05/07 12:13:44 | 000,000,030 | ---- | C] () -- C:\windows\SAPMSG.INI [2012/05/07 12:07:51 | 000,015,872 | ---- | C] () -- C:\windows\SysWow64\vtssm32.dll [2012/05/07 11:42:19 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI [2012/05/07 10:39:25 | 000,008,002 | RHS- | C] () -- C:\Users\jonathang\ntuser.pol [2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012/03/19 22:31:16 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/02/09 20:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini ========== ZeroAccess Check ========== [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
  10. Here is the system log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.494000 GHz Memory total: 4170203136, free: 2512916480 ------------ Kernel report ------------ 11/30/2012 07:10:49 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\iaStorV.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\stdcfltn.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\dwvkbd64.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vpcnfltr.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\tmlwf.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\vpcvmm.sys \SystemRoot\system32\DRIVERS\tmtdi.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\e1c62x64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\NETwNs64.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\o2sdjw7x64.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\DRIVERS\O2MDFw7x64.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\Apfiltr.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\accelern.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\vrtaucbl.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\vpcusb.sys \SystemRoot\system32\DRIVERS\usbrpm.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\vpchbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\cvusbdrv.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\drivers\LVUSBS64.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\drivers\luafv.sys \??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys \??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\DRIVERS\scfilter.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\tmwfp.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\clbcatq.dll \Windows\System32\msctf.dll \Windows\System32\usp10.dll \Windows\System32\iertutil.dll \Windows\System32\comdlg32.dll \Windows\System32\wininet.dll \Windows\System32\nsi.dll \Windows\System32\ole32.dll \Windows\System32\shlwapi.dll \Windows\System32\kernel32.dll \Windows\System32\imm32.dll \Windows\System32\msvcrt.dll \Windows\System32\advapi32.dll \Windows\System32\ws2_32.dll \Windows\System32\Wldap32.dll \Windows\System32\setupapi.dll \Windows\System32\oleaut32.dll \Windows\System32\rpcrt4.dll \Windows\System32\urlmon.dll \Windows\System32\gdi32.dll \Windows\System32\user32.dll \Windows\System32\normaliz.dll \Windows\System32\imagehlp.dll \Windows\System32\psapi.dll \Windows\System32\sechost.dll \Windows\System32\lpk.dll \Windows\System32\difxapi.dll \Windows\System32\shell32.dll \Windows\System32\comctl32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\wintrust.dll \Windows\System32\crypt32.dll \Windows\System32\KernelBase.dll \Windows\System32\devobj.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa80062f9060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa80050a1050 Lower Device Driver Name: \Driver\iaStor\ Driver name found: iaStor DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.11.30.07 Downloaded database version: v2012.11.29.01 Initializing... Done! Scanning directory: C:\windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80062f9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80062f9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80062f9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800618bbf0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\ DevicePointer: 0xfffffa800509e8f0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80050a1050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Upper DeviceData: 0xfffff8a00c26bb10, 0xfffffa80062f9060, 0xfffffa8004738530 Lower DeviceData: 0xfffff8a00d464a70, 0xfffffa80050a1050, 0xfffffa80046b1090 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: B0ED0D35 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 206848 Numsec = 624932864 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Done! Performing system, memory and registry scan... Infected: C:\Users\jonathang\Local Settings\Application Data\chromeupdate.crx --> [Trojan.Agent] Infected: C:\Users\jonathang\AppData\Local\chromeupdate.crx --> [Trojan.Agent] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occured ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.494000 GHz Memory total: 4170203136, free: 2641285120 Here is the mbar-log-2012-11-30 Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.30.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 E127811 :: SZMISLAPTOP [administrator] 11/30/2012 7:26:00 AM mbar-log-2012-11-30 (07-26-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 28447 Time elapsed: 14 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\jonathang\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> Delete on reboot. [1658dae3421b1a1c749ba20b1be8fe02] C:\Users\jonathang\AppData\Local\chromeupdate.crx (Trojan.Agent) -> Delete on reboot. [6e00b70687d665d1ba561e8f6d967888] (end)
  11. I ran into an issue with firefox acting up recently. This led me to finding an extension that I didn't add, which would come back after a full uninstall/reinstall of firefox, which someone identified as malware. I did manage to remove this extension, and it hasn't come back. I'm unsure if this is connected to the current issue or not, but it led me to running a malwarebytes scan and keeping a closer eye on things. I updated and ran malwarebytes, and it found things it identified as trojans, 4 of them. I removed them, and it rebooted. The next day, I ran another scan, figuring I'll run daily scans for now until I'm sure things are cool. It found 2. I removed them. Ran it again, found the same 2 again. Here's the log I get: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.29.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 E127811 :: SZMISLAPTOP [administrator] 11/29/2012 8:51:10 AM mbam-log-2012-11-29 (09-55-14).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 412315 Time elapsed: 57 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\jonathang\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> No action taken. C:\Users\jonathang\AppData\Local\chromeupdate.crx (Trojan.Agent) -> No action taken. (end) Now, I've actually browsed out to the appdata path and deleted that chromeupdate.crx file myself, and seen it gone, and then ran another malwarebytes scan, and it shows up again. The local settings\application data path, however, I can't even get to. I have my computer set to show hidden folder, yet there is no local settings folder visible in my jonathang folder, and if I try to enter the path in the address field it tells me that access is denied, despite the fact I'm an administrator on this computer. Not sure why malwarebytes isn't removing what it is finding, but I need some help here. I've also run the dds script, and attached are the logs. attach.txt dds.txt
  12. I ran into an issue with firefox acting up recently. This led me to finding an extension that I didn't add, which would come back after a full uninstall/reinstall of firefox, which someone identified as malware. I did manage to remove this extension, and it hasn't come back. I'm unsure if this is connected to the current issue or not, but it led me to running a malwarebytes scan and keeping a closer eye on things. I updated and ran malwarebytes, and it found things it identified as trojans, 4 of them. I removed them, and it rebooted. The next day, I ran another scan, figuring I'll run daily scans for now until I'm sure things are cool. It found 2. I removed them. Ran it again, found the same 2 again. Here's the log I get: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.29.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 E127811 :: SZMISLAPTOP [administrator] 11/29/2012 8:51:10 AM mbam-log-2012-11-29 (09-55-14).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 412315 Time elapsed: 57 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\jonathang\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> No action taken. C:\Users\jonathang\AppData\Local\chromeupdate.crx (Trojan.Agent) -> No action taken. (end) Now, I've actually browsed out to the appdata path and deleted that chromeupdate.crx file myself, and seen it gone, and then ran another malwarebytes scan, and it shows up again. The local settings\application data path, however, I can't even get to. I have my computer set to show hidden folder, yet there is no local settings folder visible in my jonathang folder, and if I try to enter the path in the address field it tells me that access is denied, despite the fact I'm an administrator on this computer. Not sure why malwarebytes isn't removing what it is finding, but I need some help here.
  13. I got the impression they are since they are asking for an order reference number.
  14. But that's a pay service. That's not going to help me in this case. If I can't get help resolving this issue, then at least hide this thread from view until I can come back here with a resolution. There's nothing I hate more than finding a forum thread with my problem, only to find it end without a solution, and I don't want to cause that frustration for others.
  15. Ok. Only 2 new lines this time. [\\SLZTS4] 00000001 0.00000000 [5720] SNACNP::NPGetCaps::WNNC_NET_TYPE 00000002 0.00010929 [5720] SNACNP::NPGetCaps::WNNC_USER 00000003 0.00021536 [5720] SNACNP::NPGetCaps::WNNC_CONNECTION 00000004 0.00032298 [5720] SNACNP::NPGetCaps::WNNC_ENUMERATION 00000005 0.00042906 [5720] SNACNP::NPGetCaps::WNNC_ADMIN 00000006 0.00053504 [5720] SNACNP::NPGetCaps::WNNC_DIALOG 00000007 212.33447266 [928] LUMan: Client has a LU schedule 00000008 212.33505249 [928] LUMan: Client has a LU schedule
  16. I did as instructed again, and here is how it happened: I do the save as, the log window stays blank. I go to run the malwarebytes program through the start menu, the first 6 lines of the log are created. I wait a while for the program to actually open. This is a long wait. This time I decided to open the task manager to watch the mbam.exe process. It is sitting there, the amount of memory it is using continues to grow. It got past 900,000 k before it failed. I then get the error message. I click ok. Error message goes away, that's that. I close the debug tool, this time my log file is smaller than the last. Only those 6 lines. [\\SLZTS4] 00000001 0.00000000 [4408] SNACNP::NPGetCaps::WNNC_NET_TYPE 00000002 0.00010162 [4408] SNACNP::NPGetCaps::WNNC_USER 00000003 0.00020087 [4408] SNACNP::NPGetCaps::WNNC_CONNECTION 00000004 0.00029937 [4408] SNACNP::NPGetCaps::WNNC_ENUMERATION 00000005 0.00039789 [4408] SNACNP::NPGetCaps::WNNC_ADMIN 00000006 0.00049620 [4408] SNACNP::NPGetCaps::WNNC_DIALOG I am doing as you ask, and this is the log you get from the process you instructed me to do. To further troubleshoot and help you, so that I can try to give you more to go on, I'm going to delete rules.ref, and repeat the procedure. It finds the database isn't there and tries to download a new one. It downloads, 6.99 MB Nothing shows up in the log through all of this. Then it downloads 9.40 MB In installs the latest version. Was there a recent update? I could have sworn I installed the latest version a few days ago when I did an uninstall, clean, and reinstall. After the install, those same 6 log lines appear again. Stuck again, black rectangle in the middle of the screen. This time, there are 3 processes running in the task manager, mbam.exe, mbam-setup.exe, and mbam-setup.tmp. But there isn't a steady growth of memory use for any of them. Still waiting... Holy crap, woot bag of crap is up (not related to case) Can't get buy page for the crap to load (still not related to case) Memory is starting to grow for the mbam.exe process, up to 400,000 K. Memory got over 950,000 K, suddenly drops. Idling at 82,020 K. At some point while the memory was growing, the same 6 lines were logged again, so 12 lines of log now. Oh, there it is....error message shows up again, under the log program. Same error as always. I click ok, the setup in the task bar goes away, all is closed. Log once again is: [\\SLZTS4] 00000001 0.00000000 [5100] SNACNP::NPGetCaps::WNNC_NET_TYPE 00000002 0.00009991 [5100] SNACNP::NPGetCaps::WNNC_USER 00000003 0.00020006 [5100] SNACNP::NPGetCaps::WNNC_CONNECTION 00000004 0.00029933 [5100] SNACNP::NPGetCaps::WNNC_ENUMERATION 00000005 0.00039865 [5100] SNACNP::NPGetCaps::WNNC_ADMIN 00000006 0.00049789 [5100] SNACNP::NPGetCaps::WNNC_DIALOG 00000007 506.15301514 [3128] SNACNP::NPGetCaps::WNNC_NET_TYPE 00000008 506.15313721 [3128] SNACNP::NPGetCaps::WNNC_USER 00000009 506.15322876 [3128] SNACNP::NPGetCaps::WNNC_CONNECTION 00000010 506.15328979 [3128] SNACNP::NPGetCaps::WNNC_ENUMERATION 00000011 506.15341187 [3128] SNACNP::NPGetCaps::WNNC_ADMIN 00000012 506.15350342 [3128] SNACNP::NPGetCaps::WNNC_DIALOG 00000013 740.25268555 [5620] SNACNP::NPGetCaps::WNNC_NET_TYPE 00000014 740.25280762 [5620] SNACNP::NPGetCaps::WNNC_USER 00000015 740.25286865 [5620] SNACNP::NPGetCaps::WNNC_CONNECTION 00000016 740.25292969 [5620] SNACNP::NPGetCaps::WNNC_ENUMERATION 00000017 740.25305176 [5620] SNACNP::NPGetCaps::WNNC_ADMIN 00000018 740.25311279 [5620] SNACNP::NPGetCaps::WNNC_DIALOG Sorry I can't provide you with a more useful log, but hopefully with this info we can determine what to do next to continue troubleshooting.
  17. I suppose it would help if after browsing for the file, I actually clicked the attach this file button.MBAM Debug.zip
  18. I'm not asking as a business, I'm asking as a user.
  19. I have a server with windows server 2003 that had some folders set to invisible mode, something I've noticed malwares doing recently. So I decided to run a malwarebytes scan. But I absolutely cannot get Malwarebytes to run at all. The error I consistently get is: An error has occurred. Please report this error code to our support team. PROGRAM_ERROR_LOAD_DATABASE (8, 8, CreateSKD) Not enough storage is available to process this command. Here's what I've done. I've run a Symantec antivirus scan, nothing turned up. I've uninstalled and reinstalled, it fails when doing a definitions update. I've deleted the rules.ref file, it tries to update, and fails. I've tried copying an updated rules.ref from another server, I still get the same error. How do I resolve this issue?
  20. This doesn't work, I copied the file, but it still says the database is old.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.