Gators
-
Posts
27 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Gators
-
-
Ran another scan, and it's clean now.
-
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.13.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
E127811 :: SZMISLAPTOP [administrator]
12/13/2012 9:09:19 AM
mbam-log-2012-12-13 (09-09-19).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 409470
Time elapsed: 58 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\jonathang\AppData\Local\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
-
Here's the log
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Run\\taupse deleted successfully.
========== FILES ==========
File\Folder C:\Users\jonathang\AppData\Roaming\taupse.dll not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jonathang\Desktop\cmd.bat deleted successfully.
C:\Users\jonathang\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: jonathang
->Temp folder emptied: 5322456 bytes
->Temporary Internet Files folder emptied: 13195309 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 247550183 bytes
->Flash cache emptied: 5888 bytes
User: Public
User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: user.szmislaptop
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: v00sb2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10510282 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 264.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12122012_073356
Files\Folders moved on Reboot...
C:\Users\jonathang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\windows\temp\asat0000.tmp scheduled to be moved on reboot.
File move failed. C:\windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
It gets stuck in safe mode as well. It gets stuck saying Processing PRC - File not found --
-
I am unable to get this fix to run, OTL keeps freezing when I run that fix.
-
OTL won't give me an extras file anymore, I've followed the instructions exactly as listed above, and tried several times, but no extras at all, only the otl log. Not sure what changed.
OTL logfile created on: 12/6/2012 7:08:44 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jonathang\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.88 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.77% Memory free
7.77 Gb Paging File | 5.94 Gb Available in Paging File | 76.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 210.28 Gb Free Space | 70.57% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 86.23 Mb Free Space | 86.24% Space Free | Partition Type: NTFS
Computer Name: SZMISLAPTOP | User Name: E127811 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2012/12/05 07:10:43 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/12/03 07:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe
PRC - [2012/11/22 00:52:04 | 003,430,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/11/20 07:00:29 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/11/17 06:10:26 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\jonathang\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/08/31 07:36:18 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2011/12/09 09:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/07/25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/11/17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/08/23 06:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010/08/13 16:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2010/08/06 13:52:40 | 000,085,528 | ---- | M] (DameWare Development) -- C:\Windows\SysWOW64\DWRCST.EXE
PRC - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) -- C:\Windows\SysWOW64\DWRCS.EXE
PRC - [2009/12/24 20:52:12 | 000,169,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe
PRC - [2009/12/24 20:52:06 | 000,927,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngserver.exe
PRC - [2009/12/24 20:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngtray.exe
PRC - [2009/12/24 18:18:46 | 000,073,728 | R--- | M] () -- C:\Program Files (x86)\Symantec\Ghost\db\..\bin\rteng9.exe
PRC - [2009/04/02 15:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2008/08/16 16:44:08 | 000,070,968 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
========== Modules (No Company Name) ==========
MOD - [2012/12/05 07:10:43 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/20 07:00:29 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/11/14 07:00:00 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\df85a94db4f59fa483bce708f4a54643\IAStorUtil.ni.dll
MOD - [2012/11/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStorCommon.ni.dll
MOD - [2012/11/14 06:33:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 06:32:46 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/14 06:32:42 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/14 06:32:32 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/14 06:32:29 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/14 06:32:26 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/14 06:32:25 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/14 06:32:20 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011/07/25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
========== Services (SafeList) ==========
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/06/29 09:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2011/06/22 13:01:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2011/06/22 13:01:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2010/12/23 13:23:48 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/23 13:14:10 | 000,992,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)
SRV:64bit: - [2010/12/23 13:07:12 | 000,845,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/02/10 16:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/05 07:10:43 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/22 00:52:04 | 003,430,824 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/11/20 07:00:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/31 07:36:18 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/02/07 17:40:08 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/14 15:40:22 | 002,002,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2010/10/14 15:30:30 | 001,938,424 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe -- (ntrtscan)
SRV - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\SysWOW64\DWRCS.EXE -- (DWMRCS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/07 09:44:48 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/01/07 09:42:22 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/12/24 20:52:12 | 000,169,352 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe -- (NGDBSERV)
SRV - [2009/12/24 20:52:06 | 000,927,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Ghost\ngserver.exe -- (NGSERVER)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/11/14 16:33:20 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 07:24:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011/07/20 08:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/07/15 20:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/06/28 02:12:42 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2011/06/22 13:01:46 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/05/26 09:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/03/23 12:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/03 11:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2010/12/21 08:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 05:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 03:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 03:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/08 17:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/30 11:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 11:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/07/21 12:47:40 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010/07/21 12:47:16 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/09 20:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/05/09 20:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2007/05/09 20:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2007/02/15 01:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd)
DRV - [2012/07/17 12:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2012/07/17 12:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2012/07/17 12:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.BC.COM;*BOISEINC.COM;*BOISEBUILDING.COM;*BOISEPAPER.COM;*BOISESPLOX.COM;*.DMSI.COM;jk*;*.imercer.com;<local>;*.ctcwaco.com;*.boiseaspen.com;*.boisecascadewellness.com;*polaris.com;*.boisehealthychoices.com;*.diverseearth.com;*.bctruck.com;*.boisetruck.com;*.hexacomb.*;*.falconboard.*;*.bcconnect.com
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = BO00SPARRAY.BC.COM:80
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "mail.yahoo.com"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 07:10:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/05 07:10:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}: C:\Users\jonathang\AppData\Local\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}\ [2012/10/29 08:06:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 07:10:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/05 07:10:39 | 000,000,000 | ---D | M]
[2012/11/26 09:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonathang\AppData\Roaming\mozilla\Extensions
[2012/12/05 07:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 07:10:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll
[2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/11/19 22:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/19 22:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\SysNative\ExplorerFrame.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [intelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.EXE (DameWare Development)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NGTray] C:\Program Files (x86)\Symantec\Ghost\ngtray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.5.0_15\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [Akamai NetSession Interface] C:\Users\jonathang\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [skyDrive] C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [taupse] "C:\Windows\System32\rundll32.exe" "C:\Users\jonathang\AppData\Roaming\taupse.dll",AsString File not found
O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [WebcamMaxAutoRun] C:\Program Files (x86)\WebcamMax\WebcamMax.exe (CoolwareMax)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\RunOnce: [uninstall C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..Trusted Domains: dell.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..Trusted Domains: tharco.com ([slzts] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://symantec.webex.com/client/T27L10NSP32EP5/support/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.10 10.1.2.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F2DD49A-9ABB-4D68-9FC0-2556BF2BB748}: DhcpNameServer = 10.1.1.10 10.1.2.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{998E82DF-15CC-4522-AD6D-706472B56844}: DhcpNameServer = 10.1.1.10 10.1.2.10
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/05 13:35:12 | 000,000,000 | ---D | C] -- C:\windows\SysNative\ja
[2012/12/05 13:35:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\tr
[2012/12/05 13:35:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\nl
[2012/12/05 13:35:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\hu
[2012/12/05 13:35:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\es
[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\zh-CHT
[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\zh-CHS
[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\sv
[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\ru
[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\pt
[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\pl
[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\ko
[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\it
[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\fr
[2012/12/05 13:35:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\de
[2012/12/05 13:35:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\cs
[2012/12/05 13:35:07 | 000,000,000 | ---D | C] -- C:\windows\ADAM
[2012/12/05 07:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/04 07:13:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/03 08:16:37 | 000,000,000 | ---D | C] -- C:\mame
[2012/12/03 07:08:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe
[2012/11/30 08:55:02 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\TeamViewer
[2012/11/30 08:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/11/30 06:59:06 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\mbar
[2012/11/29 13:48:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\jonathang\Desktop\dds.scr
[2012/11/26 13:14:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\log
[2012/11/26 13:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro OfficeScan Client
[2012/11/26 13:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/11/26 13:13:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Trend Micro
[2012/11/26 13:12:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/26 10:22:22 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Malwarebytes
[2012/11/26 10:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/26 10:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/26 10:22:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/11/26 10:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/26 09:13:34 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Mozilla
[2012/11/26 09:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/26 08:39:39 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\Old Firefox Data-1
[2012/11/21 07:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/11/21 07:57:58 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/11/20 15:19:25 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\Old Firefox Data
[2012/11/20 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\9slf0ns3.default-1353453563337
[2012/11/14 16:33:20 | 000,066,728 | ---- | C] (Eugene V. Muzychenko) -- C:\windows\SysNative\drivers\vrtaucbl.sys
[2012/11/14 16:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
[2012/11/14 16:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable
[2012/11/14 15:55:17 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Client
[2012/11/14 15:55:04 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Deployment
[2012/11/14 15:55:04 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Apps
[2012/11/14 13:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamTalk 4
[2012/11/14 13:13:35 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\BearWare.dk
[2012/11/14 13:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\TeamTalk4
[2012/11/11 12:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series
[2012/11/11 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/11/11 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2012/11/11 12:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2012/11/11 12:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/11/11 12:13:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\STRING
[2012/11/11 12:13:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/11/11 12:13:19 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information
[2012/11/11 12:12:37 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
========== Files - Modified Within 30 Days ==========
[2012/12/06 07:00:29 | 000,741,200 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/06 07:00:29 | 000,636,792 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/06 07:00:29 | 000,110,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/06 07:00:27 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 07:00:27 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 06:57:02 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/06 06:54:08 | 000,027,913 | ---- | M] () -- C:\windows\cfgall.ini
[2012/12/06 06:52:57 | 000,008,002 | RHS- | M] () -- C:\Users\jonathang\ntuser.pol
[2012/12/06 06:52:47 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/06 06:52:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/06 06:52:28 | 3127,652,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/05 15:54:51 | 000,002,220 | -H-- | M] () -- C:\Users\jonathang\Documents\Default.rdp
[2012/12/05 15:28:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/05 13:35:03 | 000,000,435 | ---- | M] () -- C:\windows\SysNative\dsac.exe.config
[2012/12/05 12:11:13 | 000,002,035 | ---- | M] () -- C:\Users\jonathang\Desktop\Documents.lnk
[2012/12/05 12:11:13 | 000,001,445 | ---- | M] () -- C:\Users\jonathang\Desktop\Phone Book.lnk
[2012/12/05 12:10:58 | 000,048,632 | ---- | M] () -- C:\Users\jonathang\Desktop\Pancake-bunnyfirst.jpg
[2012/12/05 10:47:12 | 000,002,172 | ---- | M] () -- C:\Users\jonathang\Desktop\foreman's office.udf
[2012/12/05 10:46:12 | 000,007,571 | ---- | M] () -- C:\Users\jonathang\Desktop\file room.udf
[2012/12/05 10:29:07 | 000,025,743 | ---- | M] () -- C:\Users\jonathang\Desktop\bookmarks-2012-12-05.json
[2012/12/04 07:15:59 | 000,006,463 | ---- | M] () -- C:\Users\jonathang\AppData\Local\chromeupdate.crx
[2012/12/03 07:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe
[2012/12/03 06:59:57 | 000,436,760 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/11/30 08:59:41 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012/11/29 13:48:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\jonathang\Desktop\dds.scr
[2012/11/28 15:57:39 | 000,000,412 | ---- | M] () -- C:\Users\jonathang\Documents\spider.sav
[2012/11/26 13:13:19 | 000,002,920 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/11/26 10:23:15 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/26 09:13:27 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/21 07:57:59 | 000,001,279 | ---- | M] () -- C:\Users\jonathang\Desktop\Revo Uninstaller.lnk
[2012/11/21 07:21:14 | 000,002,661 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Outlook 2010.lnk
[2012/11/19 07:12:25 | 000,001,239 | ---- | M] () -- C:\Users\jonathang\Desktop\Master Computer Inventory - Shortcut.lnk
[2012/11/19 07:12:05 | 000,001,015 | ---- | M] () -- C:\Users\jonathang\Desktop\SAP Backup Tape Log - Shortcut.lnk
[2012/11/19 07:11:37 | 000,000,355 | ---- | M] () -- C:\Users\jonathang\Desktop\Computer - Shortcut.lnk
[2012/11/14 16:33:20 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) -- C:\windows\SysNative\drivers\vrtaucbl.sys
[2012/11/14 13:13:35 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\TeamTalk.lnk
========== Files Created - No Company Name ==========
[2012/12/05 13:35:07 | 000,000,435 | ---- | C] () -- C:\windows\SysNative\dsac.exe.config
[2012/12/05 13:20:33 | 251,170,997 | ---- | C] () -- C:\Users\jonathang\Desktop\Windows6.1-KB958830-x64-RefreshPkg.msu
[2012/12/05 12:10:57 | 000,048,632 | ---- | C] () -- C:\Users\jonathang\Desktop\Pancake-bunnyfirst.jpg
[2012/12/05 10:47:12 | 000,002,172 | ---- | C] () -- C:\Users\jonathang\Desktop\foreman's office.udf
[2012/12/05 10:46:11 | 000,007,571 | ---- | C] () -- C:\Users\jonathang\Desktop\file room.udf
[2012/12/05 10:29:07 | 000,025,743 | ---- | C] () -- C:\Users\jonathang\Desktop\bookmarks-2012-12-05.json
[2012/12/04 07:15:59 | 000,006,463 | ---- | C] () -- C:\Users\jonathang\AppData\Local\chromeupdate.crx
[2012/11/30 08:59:41 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012/11/30 08:59:41 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012/11/27 08:58:56 | 000,001,445 | ---- | C] () -- C:\Users\jonathang\Desktop\Phone Book.lnk
[2012/11/26 13:16:16 | 000,027,913 | ---- | C] () -- C:\windows\cfgall.ini
[2012/11/26 13:13:18 | 000,002,920 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/11/26 10:22:16 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/26 09:13:27 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/26 09:13:27 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/21 07:57:59 | 000,001,279 | ---- | C] () -- C:\Users\jonathang\Desktop\Revo Uninstaller.lnk
[2012/11/19 07:12:25 | 000,001,239 | ---- | C] () -- C:\Users\jonathang\Desktop\Master Computer Inventory - Shortcut.lnk
[2012/11/19 07:12:05 | 000,001,015 | ---- | C] () -- C:\Users\jonathang\Desktop\SAP Backup Tape Log - Shortcut.lnk
[2012/11/19 07:11:37 | 000,000,355 | ---- | C] () -- C:\Users\jonathang\Desktop\Computer - Shortcut.lnk
[2012/11/14 13:13:35 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\TeamTalk.lnk
[2012/11/14 05:13:00 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 05:03:58 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/11 12:13:14 | 000,014,592 | ---- | C] () -- C:\windows\SysWow64\CNC1741D.TBL
[2012/11/11 12:13:14 | 000,014,592 | ---- | C] () -- C:\windows\SysNative\CNC1741D.TBL
[2012/10/11 10:54:21 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/09/27 13:13:31 | 000,000,245 | ---- | C] () -- C:\windows\ODBCINST.INI
[2012/09/10 09:53:23 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\h5menu32.dll
[2012/09/10 09:53:23 | 000,095,744 | ---- | C] () -- C:\windows\SysWow64\h5rtf32.dll
[2012/09/10 09:53:23 | 000,051,200 | ---- | C] () -- C:\windows\SysWow64\h5tool32.dll
[2012/09/10 09:53:22 | 001,064,960 | ---- | C] () -- C:\windows\SysWow64\h5krnl32.dll
[2012/09/10 09:53:22 | 000,188,928 | ---- | C] () -- C:\windows\SysWow64\h5icon32.dll
[2012/05/30 09:14:40 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\instsrv.exe
[2012/05/30 09:14:40 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\srvany.exe
[2012/05/07 12:54:51 | 000,011,622 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/07 12:13:44 | 000,001,198 | ---- | C] () -- C:\windows\SAPLOGON.INI
[2012/05/07 12:13:44 | 000,000,106 | ---- | C] () -- C:\windows\saproute.ini
[2012/05/07 12:13:44 | 000,000,059 | ---- | C] () -- C:\windows\sapini.dat
[2012/05/07 12:13:44 | 000,000,030 | ---- | C] () -- C:\windows\SAPMSG.INI
[2012/05/07 12:07:51 | 000,015,872 | ---- | C] () -- C:\windows\SysWow64\vtssm32.dll
[2012/05/07 11:42:19 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/05/07 10:39:25 | 000,008,002 | RHS- | C] () -- C:\Users\jonathang\ntuser.pol
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/03/19 22:31:16 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/02/09 20:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini
========== ZeroAccess Check ==========
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/12/05 15:53:31 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\.purple
[2012/11/14 13:13:35 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\BearWare.dk
[2012/10/01 08:17:55 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\DAEMON Tools Lite
[2012/06/02 21:59:27 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\DameWare Development
[2012/06/02 21:58:36 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\DWMRCMSI
[2012/10/31 13:52:18 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\gtk-2.0
[2012/07/26 06:24:16 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\ICAClient
[2012/07/27 13:18:14 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\ImgBurn
[2012/08/29 12:46:31 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\PrimoPDF
[2012/12/05 07:28:41 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\SAP
[2012/09/06 13:59:53 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\ScanSoft
[2012/12/05 08:15:19 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\ShoreWare Client
[2012/12/03 07:01:48 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\TeamViewer
[2012/09/09 09:35:46 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\WebcamMax
[2012/07/26 07:29:33 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\wootalyzer
========== Purity Check ==========
< End of report >
-
Well, it let me paste the image of the error, but apparently it won't actually post that. Ok, got this error on the reboot: There was an error starting C:\Users\jonathang\AppData\Roaming\taupse.dll The specified module could not be found.
-
On reboot, this error came up:
-
Here is the log
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Run\\taupse deleted successfully.
C:\Users\jonathang\AppData\Roaming\taupse.dll moved successfully.
C:\Users\jonathang\AppData\Roaming\Uckag folder moved successfully.
C:\Users\jonathang\AppData\Roaming\Suobuz folder moved successfully.
C:\Users\jonathang\AppData\Roaming\Pohiap folder moved successfully.
C:\Users\jonathang\AppData\Roaming\Yfseic folder moved successfully.
C:\Users\jonathang\AppData\Roaming\Evki folder moved successfully.
C:\Users\jonathang\AppData\Roaming\Akufi folder moved successfully.
C:\Users\jonathang\AppData\Roaming\apstcs.dll moved successfully.
C:\Users\jonathang\AppData\Local\chromeupdate.crx moved successfully.
C:\Users\jonathang\AppData\Roaming\wsabrt.dll moved successfully.
C:\Users\jonathang\AppData\Roaming\pobnet.dll moved successfully.
C:\Users\jonathang\AppData\Roaming\vcatm.dll moved successfully.
File C:\Users\jonathang\AppData\Roaming\taupse.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jonathang\Desktop\cmd.bat deleted successfully.
C:\Users\jonathang\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: jonathang
->Temp folder emptied: 419561577 bytes
->Temporary Internet Files folder emptied: 151504809 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 362726893 bytes
->Flash cache emptied: 22080 bytes
User: Public
User: user
->Temp folder emptied: 32799 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: user.szmislaptop
->Temp folder emptied: 33737 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: v00sb2
->Temp folder emptied: 3483136 bytes
->Temporary Internet Files folder emptied: 7924204 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 245887426 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72702 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,136.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 12042012_071307
Files\Folders moved on Reboot...
C:\Users\jonathang\AppData\Local\Temp\ExchangePerflog_8484fa31604fd3c3cfcccd43.dat moved successfully.
C:\Users\jonathang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\jonathang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{33447FC6-FE77-4A86-AFF8-B2307EF6BE32}.tmp not found!
File\Folder C:\Users\jonathang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5AAD09F4-3B05-41A7-8480-69C3D2178824}.tmp not found!
File\Folder C:\Users\jonathang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6ECE1367-A0E5-434D-93A2-9A89F34658BB}.tmp not found!
File move failed. C:\windows\temp\asat0000.tmp scheduled to be moved on reboot.
File move failed. C:\windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Here's the Extras.txt
OTL Extras logfile created on: 12/3/2012 7:09:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jonathang\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.88 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 63.61% Memory free
7.77 Gb Paging File | 6.21 Gb Available in Paging File | 80.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 210.03 Gb Free Space | 70.48% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 86.23 Mb Free Space | 86.24% Space Free | Partition Type: NTFS
Computer Name: SZMISLAPTOP | User Name: E127811 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.)
"C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D418077-C996-43F3-BB11-C9ECB7F200C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{1055FF3C-2179-4901-A99C-D27A0D966840}" = rport=445 | protocol=6 | dir=out | app=system |
"{476D3B14-A957-4E48-A03B-FBB813159BF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{48CA2469-CA2F-4027-8B5D-B32015FB451B}" = rport=138 | protocol=17 | dir=out | app=system |
"{4CDE4D31-79D0-49E9-BCC6-FDE84AB4954F}" = lport=60303 | protocol=6 | dir=in | name=trend micro officescan listener |
"{64333325-06C7-4AF2-8E86-FF87C7B48489}" = lport=138 | protocol=17 | dir=in | app=system |
"{65BA2E7F-7332-46CB-8D59-0513359122AC}" = rport=137 | protocol=17 | dir=out | app=system |
"{6E1EFA56-AF29-41A8-A9BD-D4AC6EE87517}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{7BFB6816-C3B6-4529-AEBD-FE769BA9D48A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C6CD7FD-4A07-4A38-9820-11354D66C799}" = lport=60303 | protocol=6 | dir=in | name=trend micro officescan listener |
"{8C00E67E-B42B-47F6-8FDC-EDF95B62B143}" = lport=139 | protocol=6 | dir=in | app=system |
"{DDFF753A-F282-40A6-98CF-5DF533D583EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE9B524D-0C05-4106-9375-6AD78C359E1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F990E784-71AB-407B-A09B-A0AEB62A954C}" = rport=139 | protocol=6 | dir=out | app=system |
"{FAEE3762-368E-4529-B886-4A623576F6F6}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ED330EF-CD87-4D1A-AB9A-8C23C6529A6C}" = dir=in | app=c:\users\jonathang\appdata\local\microsoft\skydrive\skydrive.exe |
"{1358487E-6EFE-4D32-9591-06A0501AD3F8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{16D21015-0913-427D-9A52-B0A870DA5F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2BA733A7-D3DB-4100-B75E-F926F852EF0C}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\ghost\ngserver.exe |
"{44FBE3C6-0C03-4F13-802B-6E0A0C72D3BE}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\ghost\ngserver.exe |
"{5F02085B-4DEA-427F-A922-84B101EEC7F3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{5F5DDB47-F502-4C07-8401-96F515569CE0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{64632FFB-9820-44BC-AA09-8CF0C2C898AC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{6D32AA97-DF97-4DC3-AC11-078A3C9F24F0}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\ghost\ghostsrv.exe |
"{6F3E74C0-D56A-4F2D-95BA-2EA12FA32385}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\ghost\ngserver.exe |
"{796DC5B6-3723-4AC2-A37B-B797E49EBED4}" = protocol=17 | dir=in | app=c:\program files\teamtalk4\teamtalk4.exe |
"{82F0B269-FD0C-4627-8802-835A3BE178E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9E6A791C-2374-4FF3-860E-3D5D530DD568}" = protocol=6 | dir=in | app=c:\program files\teamtalk4\teamtalk4.exe |
"{ACD709AB-0EB4-4C13-8C26-911658A35A3E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{B1AC695A-DC72-4FDE-B7F9-B11E8CEBE2FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\dwrcs.exe |
"{B8807862-9DBA-462A-BE52-EFEEFCD2E925}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BA10D1B5-9C1E-4D05-82BC-011EA055B3D3}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\ghost\ngserver.exe |
"{BAE00A80-5FCF-4EB1-BFDF-F9D9A87D1FE4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF36351A-09AE-4CA7-A175-DCA62289A897}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D29BA67F-6AF8-49AB-A796-A19DECE2EBBD}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\ghost\ghostsrv.exe |
"{D42A13CE-8EBD-490F-8D8C-64B4EFC51B34}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E307D3A6-8483-4F49-8A51-FF979828573A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"TCP Query User{0F29C952-5A8A-482B-A09B-E4334CEA143D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{28FB4876-3318-4C2C-8972-3C5C08B9E794}C:\program files (x86)\sap\frontend\sapgui\saplgpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sap\frontend\sapgui\saplgpad.exe |
"UDP Query User{121CB841-89B2-4EA4-A967-7B994EBAAD3D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{5DB45AE7-A84E-4245-826B-0C43E0648D49}C:\program files (x86)\sap\frontend\sapgui\saplgpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sap\frontend\sapgui\saplgpad.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel® PROSet/Wireless WiFi Software
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel® Network Connections 16.5.2.0
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE16E275-3784-461D-9BA0-7310C8826050}" = Dell ControlVault Host Components Installer 64 bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel® Network Connections 16.5.2.0
"TeamTalk4_is1" = TeamTalk 4
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{1611A5CF-50B8-4669-98BF-087A28A8CB49}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{30ECE66A-C503-4E88-9E3D-4962F568C05E}" = IXOS-eCON Clients Languages
"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4CAFC761-61D3-4C6E-98BE-AFA292050EF4}" = DameWare Mini Remote Control
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{57F1AB5A-0B9A-4229-B231-B1516A33DCD4}" = VMware Infrastructure Client 2.5
"{59F1FCCB-1523-423E-9ECE-4DAC8F329007}" = ShoreTel Communicator
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A172C9C8-1C70-11D6-A246-0001020BC164}" = IXOS-eCON Clients
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{BE8585BF-DC7A-4AE0-0A2E-000007493152}" = Symantec Ghost Console and Standard Tools
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{D93B70D2-4DA4-4F6F-9DC8-72D08F74A386}" = VMware Infrastructure Update
"{E518C80C-C549-40E1-844C-669ED64195D3}" = FTP Surfer
"{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArtiosCAD Viewer" = ArtiosCAD Viewer
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"DAEMON Tools Lite" = DAEMON Tools Lite
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"ImgBurn" = ImgBurn
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"mIRC" = mIRC
"Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.STANDARD" = Microsoft Office Standard 2010
"Pidgin" = Pidgin
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Revo Uninstaller" = Revo Uninstaller 1.94
"SAPGUI710" = SAP GUI for Windows 7.20
"SystemTools DumpSec" = SystemTools DumpSec
"TeamViewer 8" = TeamViewer 8
"Vivitar Experience Image Manager" = Vivitar Experience Image Manager
"VLC media player" = VLC media player 2.0.3
"WebcamMax" = WebcamMax
"Winamp" = Winamp
"Wootalyzer" = Wootalyzer!
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"07c83f7d54f0ed58" = Client
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Akamai" = Akamai NetSession Interface
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/20/2012 7:31:41 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 16.0.2.4680 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1078 Start
Time: 01cdc776fd22b5d5 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 6c0c955f-336a-11e2-833b-9cb70deb5e99
Error - 11/20/2012 7:32:00 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 16.0.2.4680 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1b7c Start
Time: 01cdc77732acae0b Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 78600dd1-336a-11e2-833b-9cb70deb5e99
Error - 11/20/2012 7:40:47 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 16.0.2.4680 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2f8 Start
Time: 01cdc7773dd8bd81 Termination Time: 15 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: b246d33b-336b-11e2-833b-9cb70deb5e99
Error - 11/20/2012 7:55:45 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 16.0.2.4680 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1514 Start
Time: 01cdc77a7c60f006 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: c99f723b-336d-11e2-833b-9cb70deb5e99
Error - 11/21/2012 10:54:28 AM | Computer Name = SZMISLAPTOP.bc.com | Source = WinMgmt | ID = 10
Description =
Error - 11/21/2012 10:55:06 AM | Computer Name = SZMISLAPTOP.bc.com | Source = KIXTART | ID = 5
Description =
Error - 11/21/2012 11:07:11 AM | Computer Name = SZMISLAPTOP.bc.com | Source = WinMgmt | ID = 10
Description =
Error - 11/21/2012 11:07:49 AM | Computer Name = SZMISLAPTOP.bc.com | Source = KIXTART | ID = 5
Description =
Error - 11/21/2012 11:23:04 AM | Computer Name = SZMISLAPTOP.bc.com | Source = WinMgmt | ID = 10
Description =
Error - 11/21/2012 11:23:25 AM | Computer Name = SZMISLAPTOP.bc.com | Source = KIXTART | ID = 5
Description =
Error - 11/21/2012 11:31:14 AM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 17.0.0.4706 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a7c Start
Time: 01cdc7fced0c821a Termination Time: 16 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 7829468a-33f0-11e2-818d-9cb70deb5e99
[ System Events ]
Error - 11/20/2012 1:37:51 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.
Error - 11/20/2012 1:38:01 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.
Error - 11/20/2012 1:38:02 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.
Error - 11/20/2012 6:56:54 PM | Computer Name = SZMISLAPTOP.bc.com | Source = DCOM | ID = 10010
Description =
Error - 11/20/2012 8:03:01 PM | Computer Name = SZMISLAPTOP.bc.com | Source = DCOM | ID = 10010
Description =
Error - 11/21/2012 5:08:57 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Microsoft-Windows-GroupPolicy | ID = 1054
Description = The processing of Group Policy failed. Windows could not obtain the
name of a domain controller. This could be caused by a name resolution failure.
Verify your Domain Name System (DNS) is configured and working correctly.
Error - 11/21/2012 6:53:50 PM | Computer Name = SZMISLAPTOP.bc.com | Source = DCOM | ID = 10006
Description =
Error - 11/26/2012 10:56:00 AM | Computer Name = SZMISLAPTOP.bc.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain BCC due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.
Error - 11/26/2012 2:47:14 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.
Error - 11/26/2012 5:26:42 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain BCC due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.
< End of report >
-
Ok, here's the OTL.txt
OTL logfile created on: 12/3/2012 7:09:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jonathang\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.88 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 63.61% Memory free
7.77 Gb Paging File | 6.21 Gb Available in Paging File | 80.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 210.03 Gb Free Space | 70.48% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 86.23 Mb Free Space | 86.24% Space Free | Partition Type: NTFS
Computer Name: SZMISLAPTOP | User Name: E127811 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2012/12/03 07:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe
PRC - [2012/11/22 00:52:04 | 003,430,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/11/17 06:10:26 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\jonathang\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/08/31 07:36:18 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2012/05/06 20:36:06 | 000,049,340 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe
PRC - [2011/12/09 09:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/07/25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/11/17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/08/23 06:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010/08/13 16:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2010/08/06 13:52:40 | 000,085,528 | ---- | M] (DameWare Development) -- C:\Windows\SysWOW64\DWRCST.EXE
PRC - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) -- C:\Windows\SysWOW64\DWRCS.EXE
PRC - [2009/12/24 20:52:12 | 000,169,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe
PRC - [2009/12/24 20:52:06 | 000,927,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngserver.exe
PRC - [2009/12/24 20:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngtray.exe
PRC - [2009/12/24 18:18:46 | 000,073,728 | R--- | M] () -- C:\Program Files (x86)\Symantec\Ghost\db\..\bin\rteng9.exe
PRC - [2009/04/02 15:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2008/08/16 16:44:08 | 000,070,968 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
========== Modules (No Company Name) ==========
MOD - [2012/11/14 07:00:00 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\df85a94db4f59fa483bce708f4a54643\IAStorUtil.ni.dll
MOD - [2012/11/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStorCommon.ni.dll
MOD - [2012/11/14 06:33:10 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/14 06:33:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 06:32:46 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/14 06:32:42 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/14 06:32:32 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/14 06:32:29 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/14 06:32:26 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/14 06:32:25 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/14 06:32:20 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/10/29 08:06:35 | 000,466,432 | ---- | M] () -- C:\Users\jonathang\AppData\Roaming\taupse.dll
MOD - [2012/05/30 06:53:40 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2012/05/30 06:53:40 | 000,535,264 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
MOD - [2012/05/30 06:53:40 | 000,482,872 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll
MOD - [2012/05/30 06:53:40 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2012/05/30 06:53:40 | 000,219,305 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2012/05/30 06:53:40 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2012/05/30 06:53:40 | 000,095,189 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
MOD - [2012/05/30 06:53:40 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2012/05/30 06:53:40 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
MOD - [2012/05/06 20:36:08 | 000,036,068 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
MOD - [2012/05/06 20:36:08 | 000,030,333 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
MOD - [2012/05/06 20:36:08 | 000,024,487 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
MOD - [2012/05/06 20:36:08 | 000,024,106 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll
MOD - [2012/05/06 20:36:08 | 000,023,455 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
MOD - [2012/05/06 20:36:08 | 000,022,901 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
MOD - [2012/05/06 20:36:08 | 000,017,951 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
MOD - [2012/05/06 20:36:08 | 000,013,589 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
MOD - [2012/05/06 20:36:06 | 000,338,072 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll
MOD - [2012/05/06 20:36:06 | 000,303,303 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
MOD - [2012/05/06 20:36:06 | 000,256,529 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll
MOD - [2012/05/06 20:36:06 | 000,194,434 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll
MOD - [2012/05/06 20:36:06 | 000,184,224 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll
MOD - [2012/05/06 20:36:06 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
MOD - [2012/05/06 20:36:06 | 000,121,476 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
MOD - [2012/05/06 20:36:06 | 000,096,443 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
MOD - [2012/05/06 20:36:06 | 000,092,138 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
MOD - [2012/05/06 20:36:06 | 000,088,548 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
MOD - [2012/05/06 20:36:06 | 000,079,775 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll
MOD - [2012/05/06 20:36:06 | 000,073,584 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
MOD - [2012/05/06 20:36:06 | 000,063,229 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
MOD - [2012/05/06 20:36:06 | 000,045,348 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
MOD - [2012/05/06 20:36:06 | 000,039,509 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
MOD - [2012/05/06 20:36:06 | 000,023,390 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
MOD - [2012/05/06 20:36:06 | 000,022,335 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll
MOD - [2012/05/06 20:36:06 | 000,019,854 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
MOD - [2012/05/06 20:36:06 | 000,019,058 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
MOD - [2012/05/06 20:36:06 | 000,018,502 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
MOD - [2012/05/06 20:36:06 | 000,017,519 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
MOD - [2012/05/06 20:36:06 | 000,014,951 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
MOD - [2012/05/06 20:36:06 | 000,014,905 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll
MOD - [2012/05/06 20:36:06 | 000,014,619 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
MOD - [2012/05/06 20:36:06 | 000,013,528 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll
MOD - [2012/05/06 20:36:06 | 000,012,665 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll
MOD - [2012/05/06 20:36:06 | 000,012,177 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
MOD - [2012/05/06 20:36:06 | 000,011,669 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
MOD - [2012/05/06 20:36:06 | 000,011,163 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll
MOD - [2012/05/06 20:36:06 | 000,010,860 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
MOD - [2012/05/06 20:36:06 | 000,010,624 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
MOD - [2012/05/06 20:36:06 | 000,010,232 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll
MOD - [2012/05/06 20:36:06 | 000,010,203 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
MOD - [2012/05/06 20:36:06 | 000,010,075 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll
MOD - [2012/05/06 20:36:06 | 000,010,026 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll
MOD - [2012/05/06 20:36:06 | 000,009,126 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll
MOD - [2012/05/06 20:36:06 | 000,008,793 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
MOD - [2012/05/06 20:36:06 | 000,007,899 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
MOD - [2012/05/06 20:36:06 | 000,007,511 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
MOD - [2012/05/06 20:36:06 | 000,007,162 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll
MOD - [2012/05/06 20:36:04 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll
MOD - [2012/05/06 20:36:04 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2012/05/06 20:35:14 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll
MOD - [2012/05/06 20:35:12 | 002,719,062 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
MOD - [2012/05/06 20:35:12 | 001,206,642 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll
MOD - [2012/05/06 20:35:12 | 000,173,805 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
MOD - [2012/05/06 20:35:08 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll
MOD - [2011/07/25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Services (SafeList) ==========
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/06/29 09:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2011/06/22 13:01:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2011/06/22 13:01:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2010/12/23 13:23:48 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/23 13:14:10 | 000,992,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)
SRV:64bit: - [2010/12/23 13:07:12 | 000,845,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/02/10 16:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/22 00:52:04 | 003,430,824 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/11/20 07:00:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/19 22:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/31 07:36:18 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/02/07 17:40:08 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/14 15:40:22 | 002,002,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2010/10/14 15:30:30 | 001,938,424 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe -- (ntrtscan)
SRV - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\SysWOW64\DWRCS.EXE -- (DWMRCS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/07 09:44:48 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/01/07 09:42:22 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009/12/24 20:52:12 | 000,169,352 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe -- (NGDBSERV)
SRV - [2009/12/24 20:52:06 | 000,927,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Ghost\ngserver.exe -- (NGSERVER)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/11/14 16:33:20 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 07:24:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2011/07/20 08:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/07/15 20:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/06/28 02:12:42 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2011/06/22 13:01:46 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/05/26 09:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/03/23 12:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/03 11:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2010/12/21 08:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 05:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 03:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 03:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/08 17:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/30 11:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 11:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/07/21 12:47:40 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010/07/21 12:47:16 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/09 20:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/05/09 20:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2007/05/09 20:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2007/02/15 01:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd)
DRV - [2012/07/17 12:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2012/07/17 12:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2012/07/17 12:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.BC.COM;*BOISEINC.COM;*BOISEBUILDING.COM;*BOISEPAPER.COM;*BOISESPLOX.COM;*.DMSI.COM;jk*;*.imercer.com;<local>;*.ctcwaco.com;*.boiseaspen.com;*.boisecascadewellness.com;*polaris.com;*.boisehealthychoices.com;*.diverseearth.com;*.bctruck.com;*.boisetruck.com;*.hexacomb.*;*.falconboard.*;*.bcconnect.com
IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = BO00SPARRAY.BC.COM:80
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "mail.yahoo.com"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/26 09:13:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/26 06:56:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}: C:\Users\jonathang\AppData\Local\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}\ [2012/10/29 08:06:35 | 000,000,000 | ---D | M]
[2012/11/26 09:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonathang\AppData\Roaming\mozilla\Extensions
[2012/11/26 10:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/29 08:06:35 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\JONATHANG\APPDATA\LOCAL\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}
[2012/11/19 22:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll
[2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/11/19 22:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/19 22:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\SysNative\ExplorerFrame.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [intelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.EXE (DameWare Development)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NGTray] C:\Program Files (x86)\Symantec\Ghost\ngtray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.5.0_15\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [Akamai NetSession Interface] C:\Users\jonathang\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [skyDrive] C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [taupse] C:\Users\jonathang\AppData\Roaming\taupse.dll ()
O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [WebcamMaxAutoRun] C:\Program Files (x86)\WebcamMax\WebcamMax.exe (CoolwareMax)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\RunOnce: [uninstall C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..Trusted Domains: dell.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..Trusted Domains: tharco.com ([slzts] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://symantec.webex.com/client/T27L10NSP32EP5/support/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.10 10.1.2.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bc.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F2DD49A-9ABB-4D68-9FC0-2556BF2BB748}: DhcpNameServer = 10.1.1.10 10.1.2.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{998E82DF-15CC-4522-AD6D-706472B56844}: DhcpNameServer = 10.1.1.10 10.1.2.10
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/03 07:08:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe
[2012/11/30 08:55:02 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\TeamViewer
[2012/11/30 08:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/11/30 06:59:06 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\mbar
[2012/11/29 13:48:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\jonathang\Desktop\dds.scr
[2012/11/26 13:14:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\log
[2012/11/26 13:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro OfficeScan Client
[2012/11/26 13:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/11/26 13:13:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Trend Micro
[2012/11/26 13:12:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/26 10:22:22 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Malwarebytes
[2012/11/26 10:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/26 10:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/26 10:22:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/11/26 10:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/26 09:13:34 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Mozilla
[2012/11/26 09:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/26 08:39:39 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\Old Firefox Data-1
[2012/11/26 07:25:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll
[2012/11/26 07:25:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/11/26 07:25:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/11/26 07:25:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys
[2012/11/26 07:25:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbGD.sys
[2012/11/26 07:25:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys
[2012/11/26 07:25:38 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2012/11/26 07:25:38 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2012/11/26 07:25:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2012/11/26 07:25:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2012/11/26 07:25:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe
[2012/11/26 07:25:38 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2012/11/26 07:25:38 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2012/11/26 07:25:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
[2012/11/26 07:25:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll
[2012/11/26 07:25:38 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll
[2012/11/26 07:25:38 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe
[2012/11/26 07:25:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll
[2012/11/26 07:25:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll
[2012/11/26 07:25:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2012/11/26 07:25:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll
[2012/11/26 07:25:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2012/11/26 07:25:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll
[2012/11/26 07:25:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll
[2012/11/26 07:25:37 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2012/11/26 07:17:28 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/11/26 07:17:28 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012/11/26 07:17:15 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/11/26 07:17:15 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/11/26 06:57:57 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Uckag
[2012/11/26 06:57:57 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Suobuz
[2012/11/26 06:57:57 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Pohiap
[2012/11/21 08:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/21 07:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/11/21 07:57:58 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/11/20 15:19:25 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\Old Firefox Data
[2012/11/20 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\9slf0ns3.default-1353453563337
[2012/11/20 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Yfseic
[2012/11/20 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Evki
[2012/11/20 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Akufi
[2012/11/14 16:33:20 | 000,066,728 | ---- | C] (Eugene V. Muzychenko) -- C:\windows\SysNative\drivers\vrtaucbl.sys
[2012/11/14 16:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
[2012/11/14 16:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable
[2012/11/14 15:55:17 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Client
[2012/11/14 15:55:04 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Deployment
[2012/11/14 15:55:04 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Apps
[2012/11/14 13:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamTalk 4
[2012/11/14 13:13:35 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\BearWare.dk
[2012/11/14 13:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\TeamTalk4
[2012/11/14 05:12:57 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012/11/14 05:12:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012/11/14 05:05:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/11/14 05:05:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/11/14 05:05:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/11/14 05:05:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/11/14 05:05:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/11/14 05:05:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/11/14 05:05:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/11/14 05:05:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/11/14 05:05:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/11/14 05:05:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/11/14 05:05:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/11/14 05:05:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/11/14 05:05:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/11/14 05:05:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/11/14 05:05:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/11/14 05:04:00 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012/11/14 05:03:58 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012/11/14 05:03:58 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012/11/14 05:03:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012/11/13 14:53:15 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012/11/13 14:53:15 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012/11/13 14:53:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2012/11/13 14:53:03 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012/11/13 14:53:03 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012/11/13 14:53:03 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012/11/13 14:53:03 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012/11/13 14:53:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012/11/13 14:53:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012/11/13 14:52:16 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012/11/13 14:52:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2012/11/11 12:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series
[2012/11/11 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/11/11 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2012/11/11 12:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2012/11/11 12:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/11/11 12:13:54 | 000,366,592 | ---- | C] (CANON INC.) -- C:\windows\SysWow64\CNMNPPM.DLL
[2012/11/11 12:13:54 | 000,359,936 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMN6PPM.DLL
[2012/11/11 12:13:54 | 000,039,424 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMN6UI.DLL
[2012/11/11 12:13:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\STRING
[2012/11/11 12:13:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/11/11 12:13:19 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information
[2012/11/11 12:13:14 | 001,324,544 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNC340C.dll
[2012/11/11 12:13:14 | 000,346,624 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNC340L.dll
[2012/11/11 12:13:14 | 000,307,200 | ---- | C] (CANON INC.) -- C:\windows\SysWow64\CNC340L.dll
[2012/11/11 12:13:14 | 000,109,568 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNC340I.dll
[2012/11/11 12:13:14 | 000,102,400 | ---- | C] (CANON INC.) -- C:\windows\SysWow64\CNC340U.dll
[2012/11/11 12:13:14 | 000,017,920 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNHMCA6.dll
[2012/11/11 12:13:14 | 000,015,872 | ---- | C] (CANON INC.) -- C:\windows\SysWow64\CNHMCA.dll
[2012/11/11 12:13:01 | 000,385,024 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMLMA5.DLL
[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkSE.DLL
[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkRU.DLL
[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkPL.DLL
[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkNL.DLL
[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkID.DLL
[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkGR.DLL
[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkFI.DLL
[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkTR.DLL
[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkTH.DLL
[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkNO.DLL
[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkKR.DLL
[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkHU.DLL
[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkDK.DLL
[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkCZ.DLL
[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkAR.DLL
[2012/11/11 12:12:52 | 000,002,048 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkTW.DLL
[2012/11/11 12:12:52 | 000,002,048 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkCN.DLL
[2012/11/11 12:12:51 | 000,343,552 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCF2Lk.DLL
[2012/11/11 12:12:51 | 000,182,272 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFMSk.EXE
[2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkUS.DLL
[2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkPT.DLL
[2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkIT.DLL
[2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkFR.DLL
[2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkES.DLL
[2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkDE.DLL
[2012/11/11 12:12:51 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkJP.DLL
[2012/11/11 12:12:48 | 000,245,760 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMIUA5.DLL
[2012/11/11 12:12:48 | 000,103,424 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNC340O.dll
[2012/11/11 12:12:37 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/10/29 08:05:41 | 000,166,400 | ---- | C] (PixArt Imaging Incorporation) -- C:\Users\jonathang\AppData\Roaming\apstcs.dll
========== Files - Modified Within 30 Days ==========
[2012/12/03 07:11:10 | 000,006,463 | ---- | M] () -- C:\Users\jonathang\AppData\Local\chromeupdate.crx
[2012/12/03 07:08:40 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/03 07:08:40 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/03 07:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe
[2012/12/03 07:06:38 | 000,741,200 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/03 07:06:38 | 000,636,792 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/03 07:06:38 | 000,110,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/03 07:02:36 | 000,027,913 | ---- | M] () -- C:\windows\cfgall.ini
[2012/12/03 07:00:19 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/03 06:59:57 | 000,436,760 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/12/03 06:59:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/03 06:59:29 | 3127,652,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/30 15:57:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/30 15:46:28 | 000,002,226 | -H-- | M] () -- C:\Users\jonathang\Documents\Default.rdp
[2012/11/30 15:28:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/30 08:59:41 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012/11/30 06:54:56 | 000,008,002 | RHS- | M] () -- C:\Users\jonathang\ntuser.pol
[2012/11/29 13:48:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\jonathang\Desktop\dds.scr
[2012/11/28 15:57:39 | 000,000,412 | ---- | M] () -- C:\Users\jonathang\Documents\spider.sav
[2012/11/28 12:43:45 | 000,001,445 | ---- | M] () -- C:\Users\jonathang\Desktop\Phone Book.lnk
[2012/11/26 13:13:19 | 000,002,920 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/11/26 10:23:15 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/26 09:13:27 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/21 07:57:59 | 000,001,279 | ---- | M] () -- C:\Users\jonathang\Desktop\Revo Uninstaller.lnk
[2012/11/21 07:21:14 | 000,002,661 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Outlook 2010.lnk
[2012/11/20 07:00:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/11/20 07:00:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/19 07:12:25 | 000,001,239 | ---- | M] () -- C:\Users\jonathang\Desktop\Master Computer Inventory - Shortcut.lnk
[2012/11/19 07:12:05 | 000,001,015 | ---- | M] () -- C:\Users\jonathang\Desktop\SAP Backup Tape Log - Shortcut.lnk
[2012/11/19 07:11:37 | 000,000,355 | ---- | M] () -- C:\Users\jonathang\Desktop\Computer - Shortcut.lnk
[2012/11/14 16:33:20 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) -- C:\windows\SysNative\drivers\vrtaucbl.sys
[2012/11/14 13:13:35 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\TeamTalk.lnk
========== Files Created - No Company Name ==========
[2012/11/30 08:59:41 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012/11/30 08:59:41 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012/11/30 07:52:34 | 000,006,463 | ---- | C] () -- C:\Users\jonathang\AppData\Local\chromeupdate.crx
[2012/11/27 08:58:56 | 000,001,445 | ---- | C] () -- C:\Users\jonathang\Desktop\Phone Book.lnk
[2012/11/26 13:16:16 | 000,027,913 | ---- | C] () -- C:\windows\cfgall.ini
[2012/11/26 13:13:18 | 000,002,920 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/11/26 10:22:16 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/26 09:13:27 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/26 09:13:27 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/21 07:57:59 | 000,001,279 | ---- | C] () -- C:\Users\jonathang\Desktop\Revo Uninstaller.lnk
[2012/11/19 07:12:25 | 000,001,239 | ---- | C] () -- C:\Users\jonathang\Desktop\Master Computer Inventory - Shortcut.lnk
[2012/11/19 07:12:05 | 000,001,015 | ---- | C] () -- C:\Users\jonathang\Desktop\SAP Backup Tape Log - Shortcut.lnk
[2012/11/19 07:11:37 | 000,000,355 | ---- | C] () -- C:\Users\jonathang\Desktop\Computer - Shortcut.lnk
[2012/11/14 13:13:35 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\TeamTalk.lnk
[2012/11/14 05:13:00 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 05:03:58 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/11 12:13:14 | 000,014,592 | ---- | C] () -- C:\windows\SysWow64\CNC1741D.TBL
[2012/11/11 12:13:14 | 000,014,592 | ---- | C] () -- C:\windows\SysNative\CNC1741D.TBL
[2012/11/02 06:57:22 | 000,003,960 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\wsabrt.dll
[2012/11/02 06:54:59 | 000,003,960 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\pobnet.dll
[2012/11/02 06:53:33 | 000,003,960 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\vcatm.dll
[2012/10/29 08:06:31 | 000,466,432 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\taupse.dll
[2012/10/11 10:54:21 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/09/27 13:13:31 | 000,000,245 | ---- | C] () -- C:\windows\ODBCINST.INI
[2012/09/10 09:53:23 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\h5menu32.dll
[2012/09/10 09:53:23 | 000,095,744 | ---- | C] () -- C:\windows\SysWow64\h5rtf32.dll
[2012/09/10 09:53:23 | 000,051,200 | ---- | C] () -- C:\windows\SysWow64\h5tool32.dll
[2012/09/10 09:53:22 | 001,064,960 | ---- | C] () -- C:\windows\SysWow64\h5krnl32.dll
[2012/09/10 09:53:22 | 000,188,928 | ---- | C] () -- C:\windows\SysWow64\h5icon32.dll
[2012/05/30 09:14:40 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\instsrv.exe
[2012/05/30 09:14:40 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\srvany.exe
[2012/05/07 12:54:51 | 000,011,622 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/07 12:13:44 | 000,001,198 | ---- | C] () -- C:\windows\SAPLOGON.INI
[2012/05/07 12:13:44 | 000,000,106 | ---- | C] () -- C:\windows\saproute.ini
[2012/05/07 12:13:44 | 000,000,059 | ---- | C] () -- C:\windows\sapini.dat
[2012/05/07 12:13:44 | 000,000,030 | ---- | C] () -- C:\windows\SAPMSG.INI
[2012/05/07 12:07:51 | 000,015,872 | ---- | C] () -- C:\windows\SysWow64\vtssm32.dll
[2012/05/07 11:42:19 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/05/07 10:39:25 | 000,008,002 | RHS- | C] () -- C:\Users\jonathang\ntuser.pol
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/03/19 22:31:16 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/02/09 20:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini
========== ZeroAccess Check ==========
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
-
Here is the system log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 4170203136, free: 2512916480
------------ Kernel report ------------
11/30/2012 07:10:49
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\dwvkbd64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vpcnfltr.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\tmlwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\vpcvmm.sys
\SystemRoot\system32\DRIVERS\tmtdi.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\o2sdjw7x64.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\O2MDFw7x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\accelern.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\vrtaucbl.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vpcusb.sys
\SystemRoot\system32\DRIVERS\usbrpm.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\vpchbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\cvusbdrv.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\LVUSBS64.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys
\??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\DRIVERS\scfilter.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\tmwfp.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\msctf.dll
\Windows\System32\usp10.dll
\Windows\System32\iertutil.dll
\Windows\System32\comdlg32.dll
\Windows\System32\wininet.dll
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\advapi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\urlmon.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\normaliz.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\sechost.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\shell32.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80062f9060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80050a1050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.30.07
Downloaded database version: v2012.11.29.01
Initializing...
Done!
Scanning directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80062f9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80062f9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80062f9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800618bbf0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa800509e8f0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80050a1050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a00c26bb10, 0xfffffa80062f9060, 0xfffffa8004738530
Lower DeviceData: 0xfffff8a00d464a70, 0xfffffa80050a1050, 0xfffffa80046b1090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B0ED0D35
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 206848 Numsec = 624932864
Partition file system is NTFS
Partition is bootable
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Infected: C:\Users\jonathang\Local Settings\Application Data\chromeupdate.crx --> [Trojan.Agent]
Infected: C:\Users\jonathang\AppData\Local\chromeupdate.crx --> [Trojan.Agent]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occured
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 4170203136, free: 2641285120
Here is the mbar-log-2012-11-30
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.11.30.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
E127811 :: SZMISLAPTOP [administrator]
11/30/2012 7:26:00 AM
mbar-log-2012-11-30 (07-26-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 28447
Time elapsed: 14 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\jonathang\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> Delete on reboot. [1658dae3421b1a1c749ba20b1be8fe02]
C:\Users\jonathang\AppData\Local\chromeupdate.crx (Trojan.Agent) -> Delete on reboot. [6e00b70687d665d1ba561e8f6d967888]
(end)
-
I ran into an issue with firefox acting up recently. This led me to finding an extension that I didn't add, which would come back after a full uninstall/reinstall of firefox, which someone identified as malware. I did manage to remove this extension, and it hasn't come back. I'm unsure if this is connected to the current issue or not, but it led me to running a malwarebytes scan and keeping a closer eye on things.
I updated and ran malwarebytes, and it found things it identified as trojans, 4 of them. I removed them, and it rebooted.
The next day, I ran another scan, figuring I'll run daily scans for now until I'm sure things are cool. It found 2. I removed them. Ran it again, found the same 2 again. Here's the log I get:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.29.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
E127811 :: SZMISLAPTOP [administrator]
11/29/2012 8:51:10 AM
mbam-log-2012-11-29 (09-55-14).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 412315
Time elapsed: 57 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\jonathang\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> No action taken.
C:\Users\jonathang\AppData\Local\chromeupdate.crx (Trojan.Agent) -> No action taken.
(end)
Now, I've actually browsed out to the appdata path and deleted that chromeupdate.crx file myself, and seen it gone, and then ran another malwarebytes scan, and it shows up again.
The local settings\application data path, however, I can't even get to. I have my computer set to show hidden folder, yet there is no local settings folder visible in my jonathang folder, and if I try to enter the path in the address field it tells me that access is denied, despite the fact I'm an administrator on this computer.
Not sure why malwarebytes isn't removing what it is finding, but I need some help here.
I've also run the dds script, and attached are the logs.
-
I ran into an issue with firefox acting up recently. This led me to finding an extension that I didn't add, which would come back after a full uninstall/reinstall of firefox, which someone identified as malware. I did manage to remove this extension, and it hasn't come back. I'm unsure if this is connected to the current issue or not, but it led me to running a malwarebytes scan and keeping a closer eye on things.
I updated and ran malwarebytes, and it found things it identified as trojans, 4 of them. I removed them, and it rebooted.
The next day, I ran another scan, figuring I'll run daily scans for now until I'm sure things are cool. It found 2. I removed them. Ran it again, found the same 2 again. Here's the log I get:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.29.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
E127811 :: SZMISLAPTOP [administrator]
11/29/2012 8:51:10 AM
mbam-log-2012-11-29 (09-55-14).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 412315
Time elapsed: 57 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\jonathang\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> No action taken.
C:\Users\jonathang\AppData\Local\chromeupdate.crx (Trojan.Agent) -> No action taken.
(end)
Now, I've actually browsed out to the appdata path and deleted that chromeupdate.crx file myself, and seen it gone, and then ran another malwarebytes scan, and it shows up again.
The local settings\application data path, however, I can't even get to. I have my computer set to show hidden folder, yet there is no local settings folder visible in my jonathang folder, and if I try to enter the path in the address field it tells me that access is denied, despite the fact I'm an administrator on this computer.
Not sure why malwarebytes isn't removing what it is finding, but I need some help here.
-
I got the impression they are since they are asking for an order reference number.
-
But that's a pay service.
That's not going to help me in this case.
If I can't get help resolving this issue, then at least hide this thread from view until I can come back here with a resolution. There's nothing I hate more than finding a forum thread with my problem, only to find it end without a solution, and I don't want to cause that frustration for others.
-
Ok, did that. Same results. No change.
-
Ok. Only 2 new lines this time.
[\\SLZTS4]
00000001 0.00000000 [5720] SNACNP::NPGetCaps::WNNC_NET_TYPE
00000002 0.00010929 [5720] SNACNP::NPGetCaps::WNNC_USER
00000003 0.00021536 [5720] SNACNP::NPGetCaps::WNNC_CONNECTION
00000004 0.00032298 [5720] SNACNP::NPGetCaps::WNNC_ENUMERATION
00000005 0.00042906 [5720] SNACNP::NPGetCaps::WNNC_ADMIN
00000006 0.00053504 [5720] SNACNP::NPGetCaps::WNNC_DIALOG
00000007 212.33447266 [928] LUMan: Client has a LU schedule
00000008 212.33505249 [928] LUMan: Client has a LU schedule
-
I did as instructed again, and here is how it happened:
I do the save as, the log window stays blank.
I go to run the malwarebytes program through the start menu, the first 6 lines of the log are created. I wait a while for the program to actually open. This is a long wait.
This time I decided to open the task manager to watch the mbam.exe process. It is sitting there, the amount of memory it is using continues to grow. It got past 900,000 k before it failed.
I then get the error message. I click ok. Error message goes away, that's that.
I close the debug tool, this time my log file is smaller than the last. Only those 6 lines.
[\\SLZTS4]
00000001 0.00000000 [4408] SNACNP::NPGetCaps::WNNC_NET_TYPE
00000002 0.00010162 [4408] SNACNP::NPGetCaps::WNNC_USER
00000003 0.00020087 [4408] SNACNP::NPGetCaps::WNNC_CONNECTION
00000004 0.00029937 [4408] SNACNP::NPGetCaps::WNNC_ENUMERATION
00000005 0.00039789 [4408] SNACNP::NPGetCaps::WNNC_ADMIN
00000006 0.00049620 [4408] SNACNP::NPGetCaps::WNNC_DIALOG
I am doing as you ask, and this is the log you get from the process you instructed me to do.
To further troubleshoot and help you, so that I can try to give you more to go on, I'm going to delete rules.ref, and repeat the procedure.
It finds the database isn't there and tries to download a new one.
It downloads, 6.99 MB
Nothing shows up in the log through all of this.
Then it downloads 9.40 MB
In installs the latest version. Was there a recent update? I could have sworn I installed the latest version a few days ago when I did an uninstall, clean, and reinstall.
After the install, those same 6 log lines appear again.
Stuck again, black rectangle in the middle of the screen.
This time, there are 3 processes running in the task manager, mbam.exe, mbam-setup.exe, and mbam-setup.tmp. But there isn't a steady growth of memory use for any of them.
Still waiting...
Holy crap, woot bag of crap is up (not related to case)
Can't get buy page for the crap to load (still not related to case)
Memory is starting to grow for the mbam.exe process, up to 400,000 K.
Memory got over 950,000 K, suddenly drops.
Idling at 82,020 K.
At some point while the memory was growing, the same 6 lines were logged again, so 12 lines of log now.
Oh, there it is....error message shows up again, under the log program. Same error as always.
I click ok, the setup in the task bar goes away, all is closed.
Log once again is:
[\\SLZTS4]
00000001 0.00000000 [5100] SNACNP::NPGetCaps::WNNC_NET_TYPE
00000002 0.00009991 [5100] SNACNP::NPGetCaps::WNNC_USER
00000003 0.00020006 [5100] SNACNP::NPGetCaps::WNNC_CONNECTION
00000004 0.00029933 [5100] SNACNP::NPGetCaps::WNNC_ENUMERATION
00000005 0.00039865 [5100] SNACNP::NPGetCaps::WNNC_ADMIN
00000006 0.00049789 [5100] SNACNP::NPGetCaps::WNNC_DIALOG
00000007 506.15301514 [3128] SNACNP::NPGetCaps::WNNC_NET_TYPE
00000008 506.15313721 [3128] SNACNP::NPGetCaps::WNNC_USER
00000009 506.15322876 [3128] SNACNP::NPGetCaps::WNNC_CONNECTION
00000010 506.15328979 [3128] SNACNP::NPGetCaps::WNNC_ENUMERATION
00000011 506.15341187 [3128] SNACNP::NPGetCaps::WNNC_ADMIN
00000012 506.15350342 [3128] SNACNP::NPGetCaps::WNNC_DIALOG
00000013 740.25268555 [5620] SNACNP::NPGetCaps::WNNC_NET_TYPE
00000014 740.25280762 [5620] SNACNP::NPGetCaps::WNNC_USER
00000015 740.25286865 [5620] SNACNP::NPGetCaps::WNNC_CONNECTION
00000016 740.25292969 [5620] SNACNP::NPGetCaps::WNNC_ENUMERATION
00000017 740.25305176 [5620] SNACNP::NPGetCaps::WNNC_ADMIN
00000018 740.25311279 [5620] SNACNP::NPGetCaps::WNNC_DIALOG
Sorry I can't provide you with a more useful log, but hopefully with this info we can determine what to do next to continue troubleshooting.
-
I suppose it would help if after browsing for the file, I actually clicked the attach this file button.MBAM Debug.zip
-
-
I'm not asking as a business, I'm asking as a user.
-
I have a server with windows server 2003 that had some folders set to invisible mode, something I've noticed malwares doing recently. So I decided to run a malwarebytes scan. But I absolutely cannot get Malwarebytes to run at all.
The error I consistently get is:
An error has occurred. Please report this error code to our support team.
PROGRAM_ERROR_LOAD_DATABASE (8, 8, CreateSKD)
Not enough storage is available to process this command.
Here's what I've done.
I've run a Symantec antivirus scan, nothing turned up.
I've uninstalled and reinstalled, it fails when doing a definitions update.
I've deleted the rules.ref file, it tries to update, and fails.
I've tried copying an updated rules.ref from another server, I still get the same error.
How do I resolve this issue?
-
This doesn't work, I copied the file, but it still says the database is old.
Malwarebytes isn't getting rid of things it detects
in Resolved Malware Removal Logs
Posted
Looks like it, thanks for your help.