Jump to content

Malwarebytes isn't getting rid of things it detects


Gators

Recommended Posts

I ran into an issue with firefox acting up recently. This led me to finding an extension that I didn't add, which would come back after a full uninstall/reinstall of firefox, which someone identified as malware. I did manage to remove this extension, and it hasn't come back. I'm unsure if this is connected to the current issue or not, but it led me to running a malwarebytes scan and keeping a closer eye on things.

I updated and ran malwarebytes, and it found things it identified as trojans, 4 of them. I removed them, and it rebooted.

The next day, I ran another scan, figuring I'll run daily scans for now until I'm sure things are cool. It found 2. I removed them. Ran it again, found the same 2 again. Here's the log I get:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.29.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

E127811 :: SZMISLAPTOP [administrator]

11/29/2012 8:51:10 AM

mbam-log-2012-11-29 (09-55-14).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 412315

Time elapsed: 57 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\jonathang\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> No action taken.

C:\Users\jonathang\AppData\Local\chromeupdate.crx (Trojan.Agent) -> No action taken.

(end)

Now, I've actually browsed out to the appdata path and deleted that chromeupdate.crx file myself, and seen it gone, and then ran another malwarebytes scan, and it shows up again.

The local settings\application data path, however, I can't even get to. I have my computer set to show hidden folder, yet there is no local settings folder visible in my jonathang folder, and if I try to enter the path in the address field it tells me that access is denied, despite the fact I'm an administrator on this computer.

Not sure why malwarebytes isn't removing what it is finding, but I need some help here.

I've also run the dds script, and attached are the logs.

attach.txt

dds.txt

Link to post
Share on other sites

Hello Gators! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please download Malwarebytes Anti-Rootkit from here.

  1. Unzip the contents to a folder in a convenient location.
  2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
  3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  5. Wait while the system shuts down and the cleanup process is performed.
  6. Please post the two logs produced.

Link to post
Share on other sites

Here is the system log:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.494000 GHz

Memory total: 4170203136, free: 2512916480

------------ Kernel report ------------

11/30/2012 07:10:49

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStorV.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\stdcfltn.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\dwvkbd64.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vpcnfltr.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\tmlwf.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\vpcvmm.sys

\SystemRoot\system32\DRIVERS\tmtdi.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\e1c62x64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\NETwNs64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\o2sdjw7x64.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\system32\DRIVERS\O2MDFw7x64.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\accelern.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\vrtaucbl.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\vpcusb.sys

\SystemRoot\system32\DRIVERS\usbrpm.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\vpchbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\cvusbdrv.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\drivers\LVUSBS64.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys

\??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WinUSB.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\System32\DRIVERS\scfilter.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\tmwfp.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\clbcatq.dll

\Windows\System32\msctf.dll

\Windows\System32\usp10.dll

\Windows\System32\iertutil.dll

\Windows\System32\comdlg32.dll

\Windows\System32\wininet.dll

\Windows\System32\nsi.dll

\Windows\System32\ole32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\kernel32.dll

\Windows\System32\imm32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\advapi32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\setupapi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\urlmon.dll

\Windows\System32\gdi32.dll

\Windows\System32\user32.dll

\Windows\System32\normaliz.dll

\Windows\System32\imagehlp.dll

\Windows\System32\psapi.dll

\Windows\System32\sechost.dll

\Windows\System32\lpk.dll

\Windows\System32\difxapi.dll

\Windows\System32\shell32.dll

\Windows\System32\comctl32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\wintrust.dll

\Windows\System32\crypt32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80062f9060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80050a1050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.11.30.07

Downloaded database version: v2012.11.29.01

Initializing...

Done!

Scanning directory: C:\windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80062f9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80062f9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80062f9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800618bbf0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\

DevicePointer: 0xfffffa800509e8f0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80050a1050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xfffff8a00c26bb10, 0xfffffa80062f9060, 0xfffffa8004738530

Lower DeviceData: 0xfffff8a00d464a70, 0xfffffa80050a1050, 0xfffffa80046b1090

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: B0ED0D35

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 206848 Numsec = 624932864

Partition file system is NTFS

Partition is bootable

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...

Done!

Performing system, memory and registry scan...

Infected: C:\Users\jonathang\Local Settings\Application Data\chromeupdate.crx --> [Trojan.Agent]

Infected: C:\Users\jonathang\AppData\Local\chromeupdate.crx --> [Trojan.Agent]

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occured

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.494000 GHz

Memory total: 4170203136, free: 2641285120

Here is the mbar-log-2012-11-30

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.11.30.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

E127811 :: SZMISLAPTOP [administrator]

11/30/2012 7:26:00 AM

mbar-log-2012-11-30 (07-26-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 28447

Time elapsed: 14 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\jonathang\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> Delete on reboot. [1658dae3421b1a1c749ba20b1be8fe02]

C:\Users\jonathang\AppData\Local\chromeupdate.crx (Trojan.Agent) -> Delete on reboot. [6e00b70687d665d1ba561e8f6d967888]

(end)

Link to post
Share on other sites

Thanks!

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Ok, here's the OTL.txt

OTL logfile created on: 12/3/2012 7:09:26 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jonathang\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 63.61% Memory free

7.77 Gb Paging File | 6.21 Gb Available in Paging File | 80.03% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 297.99 Gb Total Space | 210.03 Gb Free Space | 70.48% Space Free | Partition Type: NTFS

Drive D: | 100.00 Mb Total Space | 86.23 Mb Free Space | 86.24% Space Free | Partition Type: NTFS

Computer Name: SZMISLAPTOP | User Name: E127811 | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2012/12/03 07:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe

PRC - [2012/11/22 00:52:04 | 003,430,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2012/11/17 06:10:26 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\jonathang\AppData\Local\Akamai\netsession_win.exe

PRC - [2012/08/31 07:36:18 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe

PRC - [2012/05/06 20:36:06 | 000,049,340 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe

PRC - [2011/12/09 09:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe

PRC - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011/07/25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

PRC - [2010/11/17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/08/23 06:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

PRC - [2010/08/13 16:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe

PRC - [2010/08/06 13:52:40 | 000,085,528 | ---- | M] (DameWare Development) -- C:\Windows\SysWOW64\DWRCST.EXE

PRC - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) -- C:\Windows\SysWOW64\DWRCS.EXE

PRC - [2009/12/24 20:52:12 | 000,169,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe

PRC - [2009/12/24 20:52:06 | 000,927,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngserver.exe

PRC - [2009/12/24 20:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngtray.exe

PRC - [2009/12/24 18:18:46 | 000,073,728 | R--- | M] () -- C:\Program Files (x86)\Symantec\Ghost\db\..\bin\rteng9.exe

PRC - [2009/04/02 15:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

PRC - [2008/08/16 16:44:08 | 000,070,968 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe

PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/14 07:00:00 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\df85a94db4f59fa483bce708f4a54643\IAStorUtil.ni.dll

MOD - [2012/11/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStorCommon.ni.dll

MOD - [2012/11/14 06:33:10 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll

MOD - [2012/11/14 06:33:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll

MOD - [2012/11/14 06:32:46 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll

MOD - [2012/11/14 06:32:42 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll

MOD - [2012/11/14 06:32:32 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll

MOD - [2012/11/14 06:32:29 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll

MOD - [2012/11/14 06:32:26 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll

MOD - [2012/11/14 06:32:25 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll

MOD - [2012/11/14 06:32:20 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll

MOD - [2012/10/29 08:06:35 | 000,466,432 | ---- | M] () -- C:\Users\jonathang\AppData\Roaming\taupse.dll

MOD - [2012/05/30 06:53:40 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll

MOD - [2012/05/30 06:53:40 | 000,535,264 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll

MOD - [2012/05/30 06:53:40 | 000,482,872 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll

MOD - [2012/05/30 06:53:40 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll

MOD - [2012/05/30 06:53:40 | 000,219,305 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll

MOD - [2012/05/30 06:53:40 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll

MOD - [2012/05/30 06:53:40 | 000,095,189 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll

MOD - [2012/05/30 06:53:40 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll

MOD - [2012/05/30 06:53:40 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll

MOD - [2012/05/06 20:36:08 | 000,036,068 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll

MOD - [2012/05/06 20:36:08 | 000,030,333 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll

MOD - [2012/05/06 20:36:08 | 000,024,487 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll

MOD - [2012/05/06 20:36:08 | 000,024,106 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll

MOD - [2012/05/06 20:36:08 | 000,023,455 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll

MOD - [2012/05/06 20:36:08 | 000,022,901 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll

MOD - [2012/05/06 20:36:08 | 000,017,951 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll

MOD - [2012/05/06 20:36:08 | 000,013,589 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll

MOD - [2012/05/06 20:36:06 | 000,338,072 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll

MOD - [2012/05/06 20:36:06 | 000,303,303 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll

MOD - [2012/05/06 20:36:06 | 000,256,529 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll

MOD - [2012/05/06 20:36:06 | 000,194,434 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll

MOD - [2012/05/06 20:36:06 | 000,184,224 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll

MOD - [2012/05/06 20:36:06 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll

MOD - [2012/05/06 20:36:06 | 000,121,476 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll

MOD - [2012/05/06 20:36:06 | 000,096,443 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll

MOD - [2012/05/06 20:36:06 | 000,092,138 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll

MOD - [2012/05/06 20:36:06 | 000,088,548 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll

MOD - [2012/05/06 20:36:06 | 000,079,775 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll

MOD - [2012/05/06 20:36:06 | 000,073,584 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll

MOD - [2012/05/06 20:36:06 | 000,063,229 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll

MOD - [2012/05/06 20:36:06 | 000,045,348 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll

MOD - [2012/05/06 20:36:06 | 000,039,509 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll

MOD - [2012/05/06 20:36:06 | 000,023,390 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll

MOD - [2012/05/06 20:36:06 | 000,022,335 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll

MOD - [2012/05/06 20:36:06 | 000,019,854 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll

MOD - [2012/05/06 20:36:06 | 000,019,058 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll

MOD - [2012/05/06 20:36:06 | 000,018,502 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll

MOD - [2012/05/06 20:36:06 | 000,017,519 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll

MOD - [2012/05/06 20:36:06 | 000,014,951 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll

MOD - [2012/05/06 20:36:06 | 000,014,905 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll

MOD - [2012/05/06 20:36:06 | 000,014,619 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll

MOD - [2012/05/06 20:36:06 | 000,013,528 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll

MOD - [2012/05/06 20:36:06 | 000,012,665 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll

MOD - [2012/05/06 20:36:06 | 000,012,177 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll

MOD - [2012/05/06 20:36:06 | 000,011,669 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll

MOD - [2012/05/06 20:36:06 | 000,011,163 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll

MOD - [2012/05/06 20:36:06 | 000,010,860 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll

MOD - [2012/05/06 20:36:06 | 000,010,624 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll

MOD - [2012/05/06 20:36:06 | 000,010,232 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll

MOD - [2012/05/06 20:36:06 | 000,010,203 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll

MOD - [2012/05/06 20:36:06 | 000,010,075 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll

MOD - [2012/05/06 20:36:06 | 000,010,026 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll

MOD - [2012/05/06 20:36:06 | 000,009,126 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll

MOD - [2012/05/06 20:36:06 | 000,008,793 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll

MOD - [2012/05/06 20:36:06 | 000,007,899 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll

MOD - [2012/05/06 20:36:06 | 000,007,511 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll

MOD - [2012/05/06 20:36:06 | 000,007,162 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll

MOD - [2012/05/06 20:36:04 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll

MOD - [2012/05/06 20:36:04 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll

MOD - [2012/05/06 20:35:14 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll

MOD - [2012/05/06 20:35:12 | 002,719,062 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll

MOD - [2012/05/06 20:35:12 | 001,206,642 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll

MOD - [2012/05/06 20:35:12 | 000,173,805 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll

MOD - [2012/05/06 20:35:08 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll

MOD - [2011/07/25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Services (SafeList) ==========

SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV:64bit: - [2011/06/29 09:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®

SRV:64bit: - [2011/06/22 13:01:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)

SRV:64bit: - [2011/06/22 13:01:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)

SRV:64bit: - [2010/12/23 13:23:48 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2010/12/23 13:14:10 | 000,992,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)

SRV:64bit: - [2010/12/23 13:07:12 | 000,845,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2010/02/10 16:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/11/22 00:52:04 | 003,430,824 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2012/11/20 07:00:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/11/19 22:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012/08/31 07:36:18 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)

SRV - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2011/02/07 17:40:08 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/10/14 15:40:22 | 002,002,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)

SRV - [2010/10/14 15:30:30 | 001,938,424 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe -- (ntrtscan)

SRV - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\SysWOW64\DWRCS.EXE -- (DWMRCS)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/07 09:44:48 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)

SRV - [2010/01/07 09:42:22 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)

SRV - [2009/12/24 20:52:12 | 000,169,352 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe -- (NGDBSERV)

SRV - [2009/12/24 20:52:06 | 000,927,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Ghost\ngserver.exe -- (NGSERVER)

SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/14 16:33:20 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)

DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/07/26 07:24:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/07/22 11:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)

DRV:64bit: - [2011/07/20 08:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)

DRV:64bit: - [2011/07/15 20:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)

DRV:64bit: - [2011/06/28 02:12:42 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)

DRV:64bit: - [2011/06/22 13:01:46 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)

DRV:64bit: - [2011/05/26 09:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2011/03/23 12:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)

DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/03 11:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)

DRV:64bit: - [2010/12/21 08:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010/11/20 05:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010/11/20 03:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010/11/20 03:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010/11/08 17:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/09/30 11:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/09/30 11:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/07/21 12:47:40 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)

DRV:64bit: - [2010/07/21 12:47:16 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)

DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007/05/09 20:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)

DRV:64bit: - [2007/05/09 20:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)

DRV:64bit: - [2007/05/09 20:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)

DRV:64bit: - [2007/02/15 01:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd)

DRV - [2012/07/17 12:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)

DRV - [2012/07/17 12:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)

DRV - [2012/07/17 12:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.BC.COM;*BOISEINC.COM;*BOISEBUILDING.COM;*BOISEPAPER.COM;*BOISESPLOX.COM;*.DMSI.COM;jk*;*.imercer.com;<local>;*.ctcwaco.com;*.boiseaspen.com;*.boisecascadewellness.com;*polaris.com;*.boisehealthychoices.com;*.diverseearth.com;*.bctruck.com;*.boisetruck.com;*.hexacomb.*;*.falconboard.*;*.bcconnect.com

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = BO00SPARRAY.BC.COM:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "mail.yahoo.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/26 09:13:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/26 06:56:34 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}: C:\Users\jonathang\AppData\Local\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}\ [2012/10/29 08:06:35 | 000,000,000 | ---D | M]

[2012/11/26 09:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonathang\AppData\Roaming\mozilla\Extensions

[2012/11/26 10:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/10/29 08:06:35 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\JONATHANG\APPDATA\LOCAL\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}

[2012/11/19 22:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll

[2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll

[2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll

[2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll

[2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll

[2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll

[2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll

[2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

[2012/11/19 22:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/11/19 22:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\SysNative\ExplorerFrame.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.EXE (DameWare Development)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)

O4 - HKLM..\Run: [NGTray] C:\Program Files (x86)\Symantec\Ghost\ngtray.exe (Symantec Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.5.0_15\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [Akamai NetSession Interface] C:\Users\jonathang\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [skyDrive] C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [taupse] C:\Users\jonathang\AppData\Roaming\taupse.dll ()

O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [WebcamMaxAutoRun] C:\Program Files (x86)\WebcamMax\WebcamMax.exe (CoolwareMax)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\RunOnce: [uninstall C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..Trusted Domains: dell.com ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..Trusted Domains: tharco.com ([slzts] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)

O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://symantec.webex.com/client/T27L10NSP32EP5/support/ieatgpc1.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.10 10.1.2.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bc.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F2DD49A-9ABB-4D68-9FC0-2556BF2BB748}: DhcpNameServer = 10.1.1.10 10.1.2.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{998E82DF-15CC-4522-AD6D-706472B56844}: DhcpNameServer = 10.1.1.10 10.1.2.10

O18:64bit: - Protocol\Handler\ipp - No CLSID value found

O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found

O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/03 07:08:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe

[2012/11/30 08:55:02 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\TeamViewer

[2012/11/30 08:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer

[2012/11/30 06:59:06 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\mbar

[2012/11/29 13:48:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\jonathang\Desktop\dds.scr

[2012/11/26 13:14:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\log

[2012/11/26 13:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro OfficeScan Client

[2012/11/26 13:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012/11/26 13:13:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Trend Micro

[2012/11/26 13:12:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/11/26 10:22:22 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Malwarebytes

[2012/11/26 10:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/26 10:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/26 10:22:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/11/26 10:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/11/26 09:13:34 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Mozilla

[2012/11/26 09:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/11/26 08:39:39 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\Old Firefox Data-1

[2012/11/26 07:25:40 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll

[2012/11/26 07:25:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll

[2012/11/26 07:25:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe

[2012/11/26 07:25:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys

[2012/11/26 07:25:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbGD.sys

[2012/11/26 07:25:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys

[2012/11/26 07:25:38 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll

[2012/11/26 07:25:38 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll

[2012/11/26 07:25:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe

[2012/11/26 07:25:38 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe

[2012/11/26 07:25:38 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe

[2012/11/26 07:25:38 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll

[2012/11/26 07:25:38 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll

[2012/11/26 07:25:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll

[2012/11/26 07:25:38 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpendp_winip.dll

[2012/11/26 07:25:38 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpendp_winip.dll

[2012/11/26 07:25:38 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe

[2012/11/26 07:25:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll

[2012/11/26 07:25:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll

[2012/11/26 07:25:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll

[2012/11/26 07:25:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll

[2012/11/26 07:25:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll

[2012/11/26 07:25:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll

[2012/11/26 07:25:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll

[2012/11/26 07:25:37 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll

[2012/11/26 07:17:28 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll

[2012/11/26 07:17:28 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll

[2012/11/26 07:17:15 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll

[2012/11/26 07:17:15 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll

[2012/11/26 06:57:57 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Uckag

[2012/11/26 06:57:57 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Suobuz

[2012/11/26 06:57:57 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Pohiap

[2012/11/21 08:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/11/21 07:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2012/11/21 07:57:58 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2012/11/20 15:19:25 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\Old Firefox Data

[2012/11/20 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\9slf0ns3.default-1353453563337

[2012/11/20 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Yfseic

[2012/11/20 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Evki

[2012/11/20 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Akufi

[2012/11/14 16:33:20 | 000,066,728 | ---- | C] (Eugene V. Muzychenko) -- C:\windows\SysNative\drivers\vrtaucbl.sys

[2012/11/14 16:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable

[2012/11/14 16:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable

[2012/11/14 15:55:17 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Client

[2012/11/14 15:55:04 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Deployment

[2012/11/14 15:55:04 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Apps

[2012/11/14 13:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamTalk 4

[2012/11/14 13:13:35 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\BearWare.dk

[2012/11/14 13:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\TeamTalk4

[2012/11/14 05:12:57 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys

[2012/11/14 05:12:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll

[2012/11/14 05:05:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012/11/14 05:05:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012/11/14 05:05:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012/11/14 05:05:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012/11/14 05:05:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012/11/14 05:05:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012/11/14 05:05:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2012/11/14 05:05:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2012/11/14 05:05:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2012/11/14 05:05:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2012/11/14 05:05:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2012/11/14 05:05:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2012/11/14 05:05:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2012/11/14 05:05:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2012/11/14 05:05:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

[2012/11/14 05:04:00 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll

[2012/11/14 05:03:58 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll

[2012/11/14 05:03:58 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe

[2012/11/14 05:03:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll

[2012/11/13 14:53:15 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll

[2012/11/13 14:53:15 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll

[2012/11/13 14:53:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll

[2012/11/13 14:53:03 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll

[2012/11/13 14:53:03 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll

[2012/11/13 14:53:03 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll

[2012/11/13 14:53:03 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll

[2012/11/13 14:53:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll

[2012/11/13 14:53:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll

[2012/11/13 14:52:16 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll

[2012/11/13 14:52:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll

[2012/11/11 12:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series

[2012/11/11 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities

[2012/11/11 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool

[2012/11/11 12:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities

[2012/11/11 12:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon

[2012/11/11 12:13:54 | 000,366,592 | ---- | C] (CANON INC.) -- C:\windows\SysWow64\CNMNPPM.DLL

[2012/11/11 12:13:54 | 000,359,936 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMN6PPM.DLL

[2012/11/11 12:13:54 | 000,039,424 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMN6UI.DLL

[2012/11/11 12:13:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\STRING

[2012/11/11 12:13:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

[2012/11/11 12:13:19 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information

[2012/11/11 12:13:14 | 001,324,544 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNC340C.dll

[2012/11/11 12:13:14 | 000,346,624 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNC340L.dll

[2012/11/11 12:13:14 | 000,307,200 | ---- | C] (CANON INC.) -- C:\windows\SysWow64\CNC340L.dll

[2012/11/11 12:13:14 | 000,109,568 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNC340I.dll

[2012/11/11 12:13:14 | 000,102,400 | ---- | C] (CANON INC.) -- C:\windows\SysWow64\CNC340U.dll

[2012/11/11 12:13:14 | 000,017,920 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNHMCA6.dll

[2012/11/11 12:13:14 | 000,015,872 | ---- | C] (CANON INC.) -- C:\windows\SysWow64\CNHMCA.dll

[2012/11/11 12:13:01 | 000,385,024 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMLMA5.DLL

[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkSE.DLL

[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkRU.DLL

[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkPL.DLL

[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkNL.DLL

[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkID.DLL

[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkGR.DLL

[2012/11/11 12:12:52 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkFI.DLL

[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkTR.DLL

[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkTH.DLL

[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkNO.DLL

[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkKR.DLL

[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkHU.DLL

[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkDK.DLL

[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkCZ.DLL

[2012/11/11 12:12:52 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkAR.DLL

[2012/11/11 12:12:52 | 000,002,048 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkTW.DLL

[2012/11/11 12:12:52 | 000,002,048 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkCN.DLL

[2012/11/11 12:12:51 | 000,343,552 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCF2Lk.DLL

[2012/11/11 12:12:51 | 000,182,272 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFMSk.EXE

[2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkUS.DLL

[2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkPT.DLL

[2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkIT.DLL

[2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkFR.DLL

[2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkES.DLL

[2012/11/11 12:12:51 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkDE.DLL

[2012/11/11 12:12:51 | 000,002,560 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNCFLkJP.DLL

[2012/11/11 12:12:48 | 000,245,760 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMIUA5.DLL

[2012/11/11 12:12:48 | 000,103,424 | ---- | C] (Canon Inc.) -- C:\windows\SysNative\CNC340O.dll

[2012/11/11 12:12:37 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ

[2012/10/29 08:05:41 | 000,166,400 | ---- | C] (PixArt Imaging Incorporation) -- C:\Users\jonathang\AppData\Roaming\apstcs.dll

========== Files - Modified Within 30 Days ==========

[2012/12/03 07:11:10 | 000,006,463 | ---- | M] () -- C:\Users\jonathang\AppData\Local\chromeupdate.crx

[2012/12/03 07:08:40 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/03 07:08:40 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/03 07:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe

[2012/12/03 07:06:38 | 000,741,200 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/12/03 07:06:38 | 000,636,792 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/12/03 07:06:38 | 000,110,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/12/03 07:02:36 | 000,027,913 | ---- | M] () -- C:\windows\cfgall.ini

[2012/12/03 07:00:19 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/03 06:59:57 | 000,436,760 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/12/03 06:59:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/12/03 06:59:29 | 3127,652,352 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/30 15:57:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/30 15:46:28 | 000,002,226 | -H-- | M] () -- C:\Users\jonathang\Documents\Default.rdp

[2012/11/30 15:28:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/11/30 08:59:41 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk

[2012/11/30 06:54:56 | 000,008,002 | RHS- | M] () -- C:\Users\jonathang\ntuser.pol

[2012/11/29 13:48:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\jonathang\Desktop\dds.scr

[2012/11/28 15:57:39 | 000,000,412 | ---- | M] () -- C:\Users\jonathang\Documents\spider.sav

[2012/11/28 12:43:45 | 000,001,445 | ---- | M] () -- C:\Users\jonathang\Desktop\Phone Book.lnk

[2012/11/26 13:13:19 | 000,002,920 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2012/11/26 10:23:15 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/26 09:13:27 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/11/21 07:57:59 | 000,001,279 | ---- | M] () -- C:\Users\jonathang\Desktop\Revo Uninstaller.lnk

[2012/11/21 07:21:14 | 000,002,661 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Outlook 2010.lnk

[2012/11/20 07:00:29 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2012/11/20 07:00:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/11/19 07:12:25 | 000,001,239 | ---- | M] () -- C:\Users\jonathang\Desktop\Master Computer Inventory - Shortcut.lnk

[2012/11/19 07:12:05 | 000,001,015 | ---- | M] () -- C:\Users\jonathang\Desktop\SAP Backup Tape Log - Shortcut.lnk

[2012/11/19 07:11:37 | 000,000,355 | ---- | M] () -- C:\Users\jonathang\Desktop\Computer - Shortcut.lnk

[2012/11/14 16:33:20 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) -- C:\windows\SysNative\drivers\vrtaucbl.sys

[2012/11/14 13:13:35 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\TeamTalk.lnk

========== Files Created - No Company Name ==========

[2012/11/30 08:59:41 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk

[2012/11/30 08:59:41 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk

[2012/11/30 07:52:34 | 000,006,463 | ---- | C] () -- C:\Users\jonathang\AppData\Local\chromeupdate.crx

[2012/11/27 08:58:56 | 000,001,445 | ---- | C] () -- C:\Users\jonathang\Desktop\Phone Book.lnk

[2012/11/26 13:16:16 | 000,027,913 | ---- | C] () -- C:\windows\cfgall.ini

[2012/11/26 13:13:18 | 000,002,920 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2012/11/26 10:22:16 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/26 09:13:27 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/11/26 09:13:27 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/11/21 07:57:59 | 000,001,279 | ---- | C] () -- C:\Users\jonathang\Desktop\Revo Uninstaller.lnk

[2012/11/19 07:12:25 | 000,001,239 | ---- | C] () -- C:\Users\jonathang\Desktop\Master Computer Inventory - Shortcut.lnk

[2012/11/19 07:12:05 | 000,001,015 | ---- | C] () -- C:\Users\jonathang\Desktop\SAP Backup Tape Log - Shortcut.lnk

[2012/11/19 07:11:37 | 000,000,355 | ---- | C] () -- C:\Users\jonathang\Desktop\Computer - Shortcut.lnk

[2012/11/14 13:13:35 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\TeamTalk.lnk

[2012/11/14 05:13:00 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/11/14 05:03:58 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/11/11 12:13:14 | 000,014,592 | ---- | C] () -- C:\windows\SysWow64\CNC1741D.TBL

[2012/11/11 12:13:14 | 000,014,592 | ---- | C] () -- C:\windows\SysNative\CNC1741D.TBL

[2012/11/02 06:57:22 | 000,003,960 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\wsabrt.dll

[2012/11/02 06:54:59 | 000,003,960 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\pobnet.dll

[2012/11/02 06:53:33 | 000,003,960 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\vcatm.dll

[2012/10/29 08:06:31 | 000,466,432 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\taupse.dll

[2012/10/11 10:54:21 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll

[2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin

[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin

[2012/09/27 13:13:31 | 000,000,245 | ---- | C] () -- C:\windows\ODBCINST.INI

[2012/09/10 09:53:23 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\h5menu32.dll

[2012/09/10 09:53:23 | 000,095,744 | ---- | C] () -- C:\windows\SysWow64\h5rtf32.dll

[2012/09/10 09:53:23 | 000,051,200 | ---- | C] () -- C:\windows\SysWow64\h5tool32.dll

[2012/09/10 09:53:22 | 001,064,960 | ---- | C] () -- C:\windows\SysWow64\h5krnl32.dll

[2012/09/10 09:53:22 | 000,188,928 | ---- | C] () -- C:\windows\SysWow64\h5icon32.dll

[2012/05/30 09:14:40 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\instsrv.exe

[2012/05/30 09:14:40 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\srvany.exe

[2012/05/07 12:54:51 | 000,011,622 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/05/07 12:13:44 | 000,001,198 | ---- | C] () -- C:\windows\SAPLOGON.INI

[2012/05/07 12:13:44 | 000,000,106 | ---- | C] () -- C:\windows\saproute.ini

[2012/05/07 12:13:44 | 000,000,059 | ---- | C] () -- C:\windows\sapini.dat

[2012/05/07 12:13:44 | 000,000,030 | ---- | C] () -- C:\windows\SAPMSG.INI

[2012/05/07 12:07:51 | 000,015,872 | ---- | C] () -- C:\windows\SysWow64\vtssm32.dll

[2012/05/07 11:42:19 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI

[2012/05/07 10:39:25 | 000,008,002 | RHS- | C] () -- C:\Users\jonathang\ntuser.pol

[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2012/03/19 22:31:16 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/02/09 20:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Link to post
Share on other sites

Here's the Extras.txt

OTL Extras logfile created on: 12/3/2012 7:09:26 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jonathang\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 63.61% Memory free

7.77 Gb Paging File | 6.21 Gb Available in Paging File | 80.03% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 297.99 Gb Total Space | 210.03 Gb Free Space | 70.48% Space Free | Partition Type: NTFS

Drive D: | 100.00 Mb Total Space | 86.23 Mb Free Space | 86.24% Space Free | Partition Type: NTFS

Computer Name: SZMISLAPTOP | User Name: E127811 | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.)

"C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0D418077-C996-43F3-BB11-C9ECB7F200C0}" = lport=445 | protocol=6 | dir=in | app=system |

"{1055FF3C-2179-4901-A99C-D27A0D966840}" = rport=445 | protocol=6 | dir=out | app=system |

"{476D3B14-A957-4E48-A03B-FBB813159BF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{48CA2469-CA2F-4027-8B5D-B32015FB451B}" = rport=138 | protocol=17 | dir=out | app=system |

"{4CDE4D31-79D0-49E9-BCC6-FDE84AB4954F}" = lport=60303 | protocol=6 | dir=in | name=trend micro officescan listener |

"{64333325-06C7-4AF2-8E86-FF87C7B48489}" = lport=138 | protocol=17 | dir=in | app=system |

"{65BA2E7F-7332-46CB-8D59-0513359122AC}" = rport=137 | protocol=17 | dir=out | app=system |

"{6E1EFA56-AF29-41A8-A9BD-D4AC6EE87517}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{7BFB6816-C3B6-4529-AEBD-FE769BA9D48A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7C6CD7FD-4A07-4A38-9820-11354D66C799}" = lport=60303 | protocol=6 | dir=in | name=trend micro officescan listener |

"{8C00E67E-B42B-47F6-8FDC-EDF95B62B143}" = lport=139 | protocol=6 | dir=in | app=system |

"{DDFF753A-F282-40A6-98CF-5DF533D583EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{DE9B524D-0C05-4106-9375-6AD78C359E1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{F990E784-71AB-407B-A09B-A0AEB62A954C}" = rport=139 | protocol=6 | dir=out | app=system |

"{FAEE3762-368E-4529-B886-4A623576F6F6}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0ED330EF-CD87-4D1A-AB9A-8C23C6529A6C}" = dir=in | app=c:\users\jonathang\appdata\local\microsoft\skydrive\skydrive.exe |

"{1358487E-6EFE-4D32-9591-06A0501AD3F8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{16D21015-0913-427D-9A52-B0A870DA5F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{2BA733A7-D3DB-4100-B75E-F926F852EF0C}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\ghost\ngserver.exe |

"{44FBE3C6-0C03-4F13-802B-6E0A0C72D3BE}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\ghost\ngserver.exe |

"{5F02085B-4DEA-427F-A922-84B101EEC7F3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |

"{5F5DDB47-F502-4C07-8401-96F515569CE0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{64632FFB-9820-44BC-AA09-8CF0C2C898AC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |

"{6D32AA97-DF97-4DC3-AC11-078A3C9F24F0}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\ghost\ghostsrv.exe |

"{6F3E74C0-D56A-4F2D-95BA-2EA12FA32385}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\ghost\ngserver.exe |

"{796DC5B6-3723-4AC2-A37B-B797E49EBED4}" = protocol=17 | dir=in | app=c:\program files\teamtalk4\teamtalk4.exe |

"{82F0B269-FD0C-4627-8802-835A3BE178E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{9E6A791C-2374-4FF3-860E-3D5D530DD568}" = protocol=6 | dir=in | app=c:\program files\teamtalk4\teamtalk4.exe |

"{ACD709AB-0EB4-4C13-8C26-911658A35A3E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |

"{B1AC695A-DC72-4FDE-B7F9-B11E8CEBE2FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\dwrcs.exe |

"{B8807862-9DBA-462A-BE52-EFEEFCD2E925}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{BA10D1B5-9C1E-4D05-82BC-011EA055B3D3}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\ghost\ngserver.exe |

"{BAE00A80-5FCF-4EB1-BFDF-F9D9A87D1FE4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{BF36351A-09AE-4CA7-A175-DCA62289A897}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{D29BA67F-6AF8-49AB-A796-A19DECE2EBBD}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\ghost\ghostsrv.exe |

"{D42A13CE-8EBD-490F-8D8C-64B4EFC51B34}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{E307D3A6-8483-4F49-8A51-FF979828573A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |

"TCP Query User{0F29C952-5A8A-482B-A09B-E4334CEA143D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

"TCP Query User{28FB4876-3318-4C2C-8972-3C5C08B9E794}C:\program files (x86)\sap\frontend\sapgui\saplgpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sap\frontend\sapgui\saplgpad.exe |

"UDP Query User{121CB841-89B2-4EA4-A967-7B994EBAAD3D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

"UDP Query User{5DB45AE7-A84E-4245-826B-0C43E0648D49}C:\program files (x86)\sap\frontend\sapgui\saplgpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sap\frontend\sapgui\saplgpad.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers

"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel® PROSet/Wireless WiFi Software

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel® Network Connections 16.5.2.0

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FE16E275-3784-461D-9BA0-7310C8826050}" = Dell ControlVault Host Components Installer 64 bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"ProInst" = Intel PROSet Wireless

"PROSetDX" = Intel® Network Connections 16.5.2.0

"TeamTalk4_is1" = TeamTalk 4

"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10

"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard

"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver

"{1611A5CF-50B8-4669-98BF-087A28A8CB49}" = Microsoft Conferencing Add-in for Microsoft Office Outlook

"{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007

"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth

"{30ECE66A-C503-4E88-9E3D-4962F568C05E}" = IXOS-eCON Clients Languages

"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15

"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{4CAFC761-61D3-4C6E-98BE-AFA292050EF4}" = DameWare Mini Remote Control

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{57F1AB5A-0B9A-4229-B231-B1516A33DCD4}" = VMware Infrastructure Client 2.5

"{59F1FCCB-1523-423E-9ECE-4DAC8F329007}" = ShoreTel Communicator

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010

"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.STANDARD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.STANDARD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.STANDARD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.STANDARD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A172C9C8-1C70-11D6-A246-0001020BC164}" = IXOS-eCON Clients

"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0

"{BE8585BF-DC7A-4AE0-0A2E-000007493152}" = Symantec Ghost Console and Standard Tools

"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)

"{D93B70D2-4DA4-4F6F-9DC8-72D08F74A386}" = VMware Infrastructure Update

"{E518C80C-C549-40E1-844C-669ED64195D3}" = FTP Surfer

"{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"ArtiosCAD Viewer" = ArtiosCAD Viewer

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"DAEMON Tools Lite" = DAEMON Tools Lite

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"ImgBurn" = ImgBurn

"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"mIRC" = mIRC

"Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.STANDARD" = Microsoft Office Standard 2010

"Pidgin" = Pidgin

"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software

"Revo Uninstaller" = Revo Uninstaller 1.94

"SAPGUI710" = SAP GUI for Windows 7.20

"SystemTools DumpSec" = SystemTools DumpSec

"TeamViewer 8" = TeamViewer 8

"Vivitar Experience Image Manager" = Vivitar Experience Image Manager

"VLC media player" = VLC media player 2.0.3

"WebcamMax" = WebcamMax

"Winamp" = Winamp

"Wootalyzer" = Wootalyzer!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"07c83f7d54f0ed58" = Client

"ActiveTouchMeetingClient" = Cisco WebEx Meetings

"Akamai" = Akamai NetSession Interface

"SkyDriveSetup.exe" = Microsoft SkyDrive

"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/20/2012 7:31:41 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 16.0.2.4680 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1078 Start

Time: 01cdc776fd22b5d5 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Report Id: 6c0c955f-336a-11e2-833b-9cb70deb5e99

Error - 11/20/2012 7:32:00 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 16.0.2.4680 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1b7c Start

Time: 01cdc77732acae0b Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Report Id: 78600dd1-336a-11e2-833b-9cb70deb5e99

Error - 11/20/2012 7:40:47 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 16.0.2.4680 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 2f8 Start

Time: 01cdc7773dd8bd81 Termination Time: 15 Application Path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Report Id: b246d33b-336b-11e2-833b-9cb70deb5e99

Error - 11/20/2012 7:55:45 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 16.0.2.4680 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1514 Start

Time: 01cdc77a7c60f006 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Report Id: c99f723b-336d-11e2-833b-9cb70deb5e99

Error - 11/21/2012 10:54:28 AM | Computer Name = SZMISLAPTOP.bc.com | Source = WinMgmt | ID = 10

Description =

Error - 11/21/2012 10:55:06 AM | Computer Name = SZMISLAPTOP.bc.com | Source = KIXTART | ID = 5

Description =

Error - 11/21/2012 11:07:11 AM | Computer Name = SZMISLAPTOP.bc.com | Source = WinMgmt | ID = 10

Description =

Error - 11/21/2012 11:07:49 AM | Computer Name = SZMISLAPTOP.bc.com | Source = KIXTART | ID = 5

Description =

Error - 11/21/2012 11:23:04 AM | Computer Name = SZMISLAPTOP.bc.com | Source = WinMgmt | ID = 10

Description =

Error - 11/21/2012 11:23:25 AM | Computer Name = SZMISLAPTOP.bc.com | Source = KIXTART | ID = 5

Description =

Error - 11/21/2012 11:31:14 AM | Computer Name = SZMISLAPTOP.bc.com | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 17.0.0.4706 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: a7c Start

Time: 01cdc7fced0c821a Termination Time: 16 Application Path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Report Id: 7829468a-33f0-11e2-818d-9cb70deb5e99

[ System Events ]

Error - 11/20/2012 1:37:51 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NetBT | ID = 4319

Description = A duplicate name has been detected on the TCP network. The IP address

of the computer that sent the message is in the data. Use nbtstat -n in a command

window to see which name is in the Conflict state.

Error - 11/20/2012 1:38:01 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NetBT | ID = 4319

Description = A duplicate name has been detected on the TCP network. The IP address

of the computer that sent the message is in the data. Use nbtstat -n in a command

window to see which name is in the Conflict state.

Error - 11/20/2012 1:38:02 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NetBT | ID = 4319

Description = A duplicate name has been detected on the TCP network. The IP address

of the computer that sent the message is in the data. Use nbtstat -n in a command

window to see which name is in the Conflict state.

Error - 11/20/2012 6:56:54 PM | Computer Name = SZMISLAPTOP.bc.com | Source = DCOM | ID = 10010

Description =

Error - 11/20/2012 8:03:01 PM | Computer Name = SZMISLAPTOP.bc.com | Source = DCOM | ID = 10010

Description =

Error - 11/21/2012 5:08:57 PM | Computer Name = SZMISLAPTOP.bc.com | Source = Microsoft-Windows-GroupPolicy | ID = 1054

Description = The processing of Group Policy failed. Windows could not obtain the

name of a domain controller. This could be caused by a name resolution failure.

Verify your Domain Name System (DNS) is configured and working correctly.

Error - 11/21/2012 6:53:50 PM | Computer Name = SZMISLAPTOP.bc.com | Source = DCOM | ID = 10006

Description =

Error - 11/26/2012 10:56:00 AM | Computer Name = SZMISLAPTOP.bc.com | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain BCC due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 11/26/2012 2:47:14 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NetBT | ID = 4319

Description = A duplicate name has been detected on the TCP network. The IP address

of the computer that sent the message is in the data. Use nbtstat -n in a command

window to see which name is in the Conflict state.

Error - 11/26/2012 5:26:42 PM | Computer Name = SZMISLAPTOP.bc.com | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain BCC due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [taupse] C:\Users\jonathang\AppData\Roaming\taupse.dll ()
    [2012/11/26 06:57:57 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Uckag
    [2012/11/26 06:57:57 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Suobuz
    [2012/11/26 06:57:57 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Pohiap
    [2012/11/20 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Yfseic
    [2012/11/20 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Evki
    [2012/11/20 14:54:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Akufi
    [2012/10/29 08:05:41 | 000,166,400 | ---- | C] (PixArt Imaging Incorporation) -- C:\Users\jonathang\AppData\Roaming\apstcs.dll
    [2012/12/03 07:11:10 | 000,006,463 | ---- | M] () -- C:\Users\jonathang\AppData\Local\chromeupdate.crx
    [2012/11/02 06:57:22 | 000,003,960 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\wsabrt.dll
    [2012/11/02 06:54:59 | 000,003,960 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\pobnet.dll
    [2012/11/02 06:53:33 | 000,003,960 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\vcatm.dll
    [2012/10/29 08:06:31 | 000,466,432 | ---- | C] () -- C:\Users\jonathang\AppData\Roaming\taupse.dll
    :files
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
    [clearallrestorepoints]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Here is the log

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Run\\taupse deleted successfully.

C:\Users\jonathang\AppData\Roaming\taupse.dll moved successfully.

C:\Users\jonathang\AppData\Roaming\Uckag folder moved successfully.

C:\Users\jonathang\AppData\Roaming\Suobuz folder moved successfully.

C:\Users\jonathang\AppData\Roaming\Pohiap folder moved successfully.

C:\Users\jonathang\AppData\Roaming\Yfseic folder moved successfully.

C:\Users\jonathang\AppData\Roaming\Evki folder moved successfully.

C:\Users\jonathang\AppData\Roaming\Akufi folder moved successfully.

C:\Users\jonathang\AppData\Roaming\apstcs.dll moved successfully.

C:\Users\jonathang\AppData\Local\chromeupdate.crx moved successfully.

C:\Users\jonathang\AppData\Roaming\wsabrt.dll moved successfully.

C:\Users\jonathang\AppData\Roaming\pobnet.dll moved successfully.

C:\Users\jonathang\AppData\Roaming\vcatm.dll moved successfully.

File C:\Users\jonathang\AppData\Roaming\taupse.dll not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\jonathang\Desktop\cmd.bat deleted successfully.

C:\Users\jonathang\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: jonathang

->Temp folder emptied: 419561577 bytes

->Temporary Internet Files folder emptied: 151504809 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 362726893 bytes

->Flash cache emptied: 22080 bytes

User: Public

User: user

->Temp folder emptied: 32799 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: user.szmislaptop

->Temp folder emptied: 33737 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: v00sb2

->Temp folder emptied: 3483136 bytes

->Temporary Internet Files folder emptied: 7924204 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 245887426 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72702 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,136.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 12042012_071307

Files\Folders moved on Reboot...

C:\Users\jonathang\AppData\Local\Temp\ExchangePerflog_8484fa31604fd3c3cfcccd43.dat moved successfully.

C:\Users\jonathang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\jonathang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{33447FC6-FE77-4A86-AFF8-B2307EF6BE32}.tmp not found!

File\Folder C:\Users\jonathang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5AAD09F4-3B05-41A7-8480-69C3D2178824}.tmp not found!

File\Folder C:\Users\jonathang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6ECE1367-A0E5-434D-93A2-9A89F34658BB}.tmp not found!

File move failed. C:\windows\temp\asat0000.tmp scheduled to be moved on reboot.

File move failed. C:\windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

OTL won't give me an extras file anymore, I've followed the instructions exactly as listed above, and tried several times, but no extras at all, only the otl log. Not sure what changed.

OTL logfile created on: 12/6/2012 7:08:44 AM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jonathang\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.77% Memory free

7.77 Gb Paging File | 5.94 Gb Available in Paging File | 76.48% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 297.99 Gb Total Space | 210.28 Gb Free Space | 70.57% Space Free | Partition Type: NTFS

Drive D: | 100.00 Mb Total Space | 86.23 Mb Free Space | 86.24% Space Free | Partition Type: NTFS

Computer Name: SZMISLAPTOP | User Name: E127811 | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2012/12/05 07:10:43 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/12/03 07:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe

PRC - [2012/11/22 00:52:04 | 003,430,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2012/11/20 07:00:29 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

PRC - [2012/11/17 06:10:26 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\jonathang\AppData\Local\Akamai\netsession_win.exe

PRC - [2012/08/31 07:36:18 | 000,134,456 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe

PRC - [2011/12/09 09:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe

PRC - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011/07/25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

PRC - [2010/11/17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/08/23 06:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

PRC - [2010/08/13 16:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe

PRC - [2010/08/06 13:52:40 | 000,085,528 | ---- | M] (DameWare Development) -- C:\Windows\SysWOW64\DWRCST.EXE

PRC - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) -- C:\Windows\SysWOW64\DWRCS.EXE

PRC - [2009/12/24 20:52:12 | 000,169,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe

PRC - [2009/12/24 20:52:06 | 000,927,112 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngserver.exe

PRC - [2009/12/24 20:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Ghost\ngtray.exe

PRC - [2009/12/24 18:18:46 | 000,073,728 | R--- | M] () -- C:\Program Files (x86)\Symantec\Ghost\db\..\bin\rteng9.exe

PRC - [2009/04/02 15:20:04 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

PRC - [2008/08/16 16:44:08 | 000,070,968 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe

PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/05 07:10:43 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/11/20 07:00:29 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

MOD - [2012/11/14 07:00:00 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\df85a94db4f59fa483bce708f4a54643\IAStorUtil.ni.dll

MOD - [2012/11/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStorCommon.ni.dll

MOD - [2012/11/14 06:33:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll

MOD - [2012/11/14 06:32:46 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll

MOD - [2012/11/14 06:32:42 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll

MOD - [2012/11/14 06:32:32 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll

MOD - [2012/11/14 06:32:29 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll

MOD - [2012/11/14 06:32:26 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll

MOD - [2012/11/14 06:32:25 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll

MOD - [2012/11/14 06:32:20 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll

MOD - [2011/07/25 08:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

========== Services (SafeList) ==========

SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV:64bit: - [2011/06/29 09:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®

SRV:64bit: - [2011/06/22 13:01:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)

SRV:64bit: - [2011/06/22 13:01:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)

SRV:64bit: - [2010/12/23 13:23:48 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2010/12/23 13:14:10 | 000,992,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)

SRV:64bit: - [2010/12/23 13:07:12 | 000,845,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2010/02/10 16:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/12/05 07:10:43 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/11/22 00:52:04 | 003,430,824 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2012/11/20 07:00:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012/08/31 07:36:18 | 000,134,456 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)

SRV - [2011/08/08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/08/08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2011/02/07 17:40:08 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/10/14 15:40:22 | 002,002,464 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)

SRV - [2010/10/14 15:30:30 | 001,938,424 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe -- (ntrtscan)

SRV - [2010/08/06 13:52:38 | 000,242,200 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\SysWOW64\DWRCS.EXE -- (DWMRCS)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/07 09:44:48 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)

SRV - [2010/01/07 09:42:22 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)

SRV - [2009/12/24 20:52:12 | 000,169,352 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe -- (NGDBSERV)

SRV - [2009/12/24 20:52:06 | 000,927,112 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Ghost\ngserver.exe -- (NGSERVER)

SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/14 16:33:20 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)

DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/07/26 07:24:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/07/22 11:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)

DRV:64bit: - [2011/07/20 08:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)

DRV:64bit: - [2011/07/15 20:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)

DRV:64bit: - [2011/06/28 02:12:42 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)

DRV:64bit: - [2011/06/22 13:01:46 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)

DRV:64bit: - [2011/05/26 09:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2011/03/23 12:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)

DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/03 11:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)

DRV:64bit: - [2010/12/21 08:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010/11/20 05:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010/11/20 03:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010/11/20 03:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010/11/08 17:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/09/30 11:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/09/30 11:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/07/21 12:47:40 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)

DRV:64bit: - [2010/07/21 12:47:16 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)

DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007/05/09 20:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)

DRV:64bit: - [2007/05/09 20:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)

DRV:64bit: - [2007/05/09 20:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)

DRV:64bit: - [2007/02/15 01:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd)

DRV - [2012/07/17 12:37:44 | 000,344,376 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)

DRV - [2012/07/17 12:37:16 | 000,042,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)

DRV - [2012/07/17 12:28:46 | 002,224,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.BC.COM;*BOISEINC.COM;*BOISEBUILDING.COM;*BOISEPAPER.COM;*BOISESPLOX.COM;*.DMSI.COM;jk*;*.imercer.com;<local>;*.ctcwaco.com;*.boiseaspen.com;*.boisecascadewellness.com;*polaris.com;*.boisehealthychoices.com;*.diverseearth.com;*.bctruck.com;*.boisetruck.com;*.hexacomb.*;*.falconboard.*;*.bcconnect.com

IE - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = BO00SPARRAY.BC.COM:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "mail.yahoo.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 07:10:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/05 07:10:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}: C:\Users\jonathang\AppData\Local\{99E47D2D-21E2-11E2-8271-B8AC6F996F26}\ [2012/10/29 08:06:35 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 07:10:43 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/05 07:10:39 | 000,000,000 | ---D | M]

[2012/11/26 09:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonathang\AppData\Roaming\mozilla\Extensions

[2012/12/05 07:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/12/05 07:10:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll

[2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll

[2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll

[2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll

[2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll

[2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll

[2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll

[2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

[2012/11/19 22:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/11/19 22:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\SysNative\ExplorerFrame.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.EXE (DameWare Development)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)

O4 - HKLM..\Run: [NGTray] C:\Program Files (x86)\Symantec\Ghost\ngtray.exe (Symantec Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.5.0_15\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [Akamai NetSession Interface] C:\Users\jonathang\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [skyDrive] C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [taupse] "C:\Windows\System32\rundll32.exe" "C:\Users\jonathang\AppData\Roaming\taupse.dll",AsString File not found

O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [WebcamMaxAutoRun] C:\Program Files (x86)\WebcamMax\WebcamMax.exe (CoolwareMax)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\RunOnce: [uninstall C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jonathang\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_15\bin\ssv.dll (Sun Microsystems, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..Trusted Domains: dell.com ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812\..Trusted Domains: tharco.com ([slzts] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)

O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://symantec.webex.com/client/T27L10NSP32EP5/support/ieatgpc1.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.10 10.1.2.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bc.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F2DD49A-9ABB-4D68-9FC0-2556BF2BB748}: DhcpNameServer = 10.1.1.10 10.1.2.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{998E82DF-15CC-4522-AD6D-706472B56844}: DhcpNameServer = 10.1.1.10 10.1.2.10

O18:64bit: - Protocol\Handler\ipp - No CLSID value found

O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found

O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/05 13:35:12 | 000,000,000 | ---D | C] -- C:\windows\SysNative\ja

[2012/12/05 13:35:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\tr

[2012/12/05 13:35:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\nl

[2012/12/05 13:35:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\hu

[2012/12/05 13:35:11 | 000,000,000 | ---D | C] -- C:\windows\SysNative\es

[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\zh-CHT

[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\zh-CHS

[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\sv

[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\ru

[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\pt

[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\pl

[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\ko

[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\it

[2012/12/05 13:35:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\fr

[2012/12/05 13:35:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\de

[2012/12/05 13:35:08 | 000,000,000 | ---D | C] -- C:\windows\SysNative\cs

[2012/12/05 13:35:07 | 000,000,000 | ---D | C] -- C:\windows\ADAM

[2012/12/05 07:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/12/04 07:13:07 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/12/03 08:16:37 | 000,000,000 | ---D | C] -- C:\mame

[2012/12/03 07:08:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe

[2012/11/30 08:55:02 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\TeamViewer

[2012/11/30 08:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer

[2012/11/30 06:59:06 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\mbar

[2012/11/29 13:48:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\jonathang\Desktop\dds.scr

[2012/11/26 13:14:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\log

[2012/11/26 13:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro OfficeScan Client

[2012/11/26 13:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2012/11/26 13:13:48 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Trend Micro

[2012/11/26 13:12:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/11/26 10:22:22 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Malwarebytes

[2012/11/26 10:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/26 10:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/26 10:22:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/11/26 10:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/11/26 09:13:34 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Mozilla

[2012/11/26 09:13:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/11/26 08:39:39 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\Old Firefox Data-1

[2012/11/21 07:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2012/11/21 07:57:58 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2012/11/20 15:19:25 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\Old Firefox Data

[2012/11/20 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\jonathang\Desktop\9slf0ns3.default-1353453563337

[2012/11/14 16:33:20 | 000,066,728 | ---- | C] (Eugene V. Muzychenko) -- C:\windows\SysNative\drivers\vrtaucbl.sys

[2012/11/14 16:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable

[2012/11/14 16:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable

[2012/11/14 15:55:17 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Client

[2012/11/14 15:55:04 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Deployment

[2012/11/14 15:55:04 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Local\Apps

[2012/11/14 13:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamTalk 4

[2012/11/14 13:13:35 | 000,000,000 | ---D | C] -- C:\Users\jonathang\AppData\Roaming\BearWare.dk

[2012/11/14 13:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\TeamTalk4

[2012/11/11 12:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX340 series

[2012/11/11 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities

[2012/11/11 12:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool

[2012/11/11 12:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities

[2012/11/11 12:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon

[2012/11/11 12:13:54 | 000,000,000 | ---D | C] -- C:\windows\SysNative\STRING

[2012/11/11 12:13:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

[2012/11/11 12:13:19 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information

[2012/11/11 12:12:37 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ

========== Files - Modified Within 30 Days ==========

[2012/12/06 07:00:29 | 000,741,200 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/12/06 07:00:29 | 000,636,792 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/12/06 07:00:29 | 000,110,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/12/06 07:00:27 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/06 07:00:27 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/06 06:57:02 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/06 06:54:08 | 000,027,913 | ---- | M] () -- C:\windows\cfgall.ini

[2012/12/06 06:52:57 | 000,008,002 | RHS- | M] () -- C:\Users\jonathang\ntuser.pol

[2012/12/06 06:52:47 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/06 06:52:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/12/06 06:52:28 | 3127,652,352 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/05 15:54:51 | 000,002,220 | -H-- | M] () -- C:\Users\jonathang\Documents\Default.rdp

[2012/12/05 15:28:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/12/05 13:35:03 | 000,000,435 | ---- | M] () -- C:\windows\SysNative\dsac.exe.config

[2012/12/05 12:11:13 | 000,002,035 | ---- | M] () -- C:\Users\jonathang\Desktop\Documents.lnk

[2012/12/05 12:11:13 | 000,001,445 | ---- | M] () -- C:\Users\jonathang\Desktop\Phone Book.lnk

[2012/12/05 12:10:58 | 000,048,632 | ---- | M] () -- C:\Users\jonathang\Desktop\Pancake-bunnyfirst.jpg

[2012/12/05 10:47:12 | 000,002,172 | ---- | M] () -- C:\Users\jonathang\Desktop\foreman's office.udf

[2012/12/05 10:46:12 | 000,007,571 | ---- | M] () -- C:\Users\jonathang\Desktop\file room.udf

[2012/12/05 10:29:07 | 000,025,743 | ---- | M] () -- C:\Users\jonathang\Desktop\bookmarks-2012-12-05.json

[2012/12/04 07:15:59 | 000,006,463 | ---- | M] () -- C:\Users\jonathang\AppData\Local\chromeupdate.crx

[2012/12/03 07:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jonathang\Desktop\OTL.exe

[2012/12/03 06:59:57 | 000,436,760 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/11/30 08:59:41 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk

[2012/11/29 13:48:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\jonathang\Desktop\dds.scr

[2012/11/28 15:57:39 | 000,000,412 | ---- | M] () -- C:\Users\jonathang\Documents\spider.sav

[2012/11/26 13:13:19 | 000,002,920 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2012/11/26 10:23:15 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/26 09:13:27 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/11/21 07:57:59 | 000,001,279 | ---- | M] () -- C:\Users\jonathang\Desktop\Revo Uninstaller.lnk

[2012/11/21 07:21:14 | 000,002,661 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Outlook 2010.lnk

[2012/11/19 07:12:25 | 000,001,239 | ---- | M] () -- C:\Users\jonathang\Desktop\Master Computer Inventory - Shortcut.lnk

[2012/11/19 07:12:05 | 000,001,015 | ---- | M] () -- C:\Users\jonathang\Desktop\SAP Backup Tape Log - Shortcut.lnk

[2012/11/19 07:11:37 | 000,000,355 | ---- | M] () -- C:\Users\jonathang\Desktop\Computer - Shortcut.lnk

[2012/11/14 16:33:20 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) -- C:\windows\SysNative\drivers\vrtaucbl.sys

[2012/11/14 13:13:35 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\TeamTalk.lnk

========== Files Created - No Company Name ==========

[2012/12/05 13:35:07 | 000,000,435 | ---- | C] () -- C:\windows\SysNative\dsac.exe.config

[2012/12/05 13:20:33 | 251,170,997 | ---- | C] () -- C:\Users\jonathang\Desktop\Windows6.1-KB958830-x64-RefreshPkg.msu

[2012/12/05 12:10:57 | 000,048,632 | ---- | C] () -- C:\Users\jonathang\Desktop\Pancake-bunnyfirst.jpg

[2012/12/05 10:47:12 | 000,002,172 | ---- | C] () -- C:\Users\jonathang\Desktop\foreman's office.udf

[2012/12/05 10:46:11 | 000,007,571 | ---- | C] () -- C:\Users\jonathang\Desktop\file room.udf

[2012/12/05 10:29:07 | 000,025,743 | ---- | C] () -- C:\Users\jonathang\Desktop\bookmarks-2012-12-05.json

[2012/12/04 07:15:59 | 000,006,463 | ---- | C] () -- C:\Users\jonathang\AppData\Local\chromeupdate.crx

[2012/11/30 08:59:41 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk

[2012/11/30 08:59:41 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk

[2012/11/27 08:58:56 | 000,001,445 | ---- | C] () -- C:\Users\jonathang\Desktop\Phone Book.lnk

[2012/11/26 13:16:16 | 000,027,913 | ---- | C] () -- C:\windows\cfgall.ini

[2012/11/26 13:13:18 | 000,002,920 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2012/11/26 10:22:16 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/26 09:13:27 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/11/26 09:13:27 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/11/21 07:57:59 | 000,001,279 | ---- | C] () -- C:\Users\jonathang\Desktop\Revo Uninstaller.lnk

[2012/11/19 07:12:25 | 000,001,239 | ---- | C] () -- C:\Users\jonathang\Desktop\Master Computer Inventory - Shortcut.lnk

[2012/11/19 07:12:05 | 000,001,015 | ---- | C] () -- C:\Users\jonathang\Desktop\SAP Backup Tape Log - Shortcut.lnk

[2012/11/19 07:11:37 | 000,000,355 | ---- | C] () -- C:\Users\jonathang\Desktop\Computer - Shortcut.lnk

[2012/11/14 13:13:35 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\TeamTalk.lnk

[2012/11/14 05:13:00 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/11/14 05:03:58 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/11/11 12:13:14 | 000,014,592 | ---- | C] () -- C:\windows\SysWow64\CNC1741D.TBL

[2012/11/11 12:13:14 | 000,014,592 | ---- | C] () -- C:\windows\SysNative\CNC1741D.TBL

[2012/10/11 10:54:21 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll

[2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin

[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin

[2012/09/27 13:13:31 | 000,000,245 | ---- | C] () -- C:\windows\ODBCINST.INI

[2012/09/10 09:53:23 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\h5menu32.dll

[2012/09/10 09:53:23 | 000,095,744 | ---- | C] () -- C:\windows\SysWow64\h5rtf32.dll

[2012/09/10 09:53:23 | 000,051,200 | ---- | C] () -- C:\windows\SysWow64\h5tool32.dll

[2012/09/10 09:53:22 | 001,064,960 | ---- | C] () -- C:\windows\SysWow64\h5krnl32.dll

[2012/09/10 09:53:22 | 000,188,928 | ---- | C] () -- C:\windows\SysWow64\h5icon32.dll

[2012/05/30 09:14:40 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\instsrv.exe

[2012/05/30 09:14:40 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\srvany.exe

[2012/05/07 12:54:51 | 000,011,622 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/05/07 12:13:44 | 000,001,198 | ---- | C] () -- C:\windows\SAPLOGON.INI

[2012/05/07 12:13:44 | 000,000,106 | ---- | C] () -- C:\windows\saproute.ini

[2012/05/07 12:13:44 | 000,000,059 | ---- | C] () -- C:\windows\sapini.dat

[2012/05/07 12:13:44 | 000,000,030 | ---- | C] () -- C:\windows\SAPMSG.INI

[2012/05/07 12:07:51 | 000,015,872 | ---- | C] () -- C:\windows\SysWow64\vtssm32.dll

[2012/05/07 11:42:19 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI

[2012/05/07 10:39:25 | 000,008,002 | RHS- | C] () -- C:\Users\jonathang\ntuser.pol

[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2012/03/19 22:31:16 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/02/09 20:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/05 15:53:31 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\.purple

[2012/11/14 13:13:35 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\BearWare.dk

[2012/10/01 08:17:55 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\DAEMON Tools Lite

[2012/06/02 21:59:27 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\DameWare Development

[2012/06/02 21:58:36 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\DWMRCMSI

[2012/10/31 13:52:18 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\gtk-2.0

[2012/07/26 06:24:16 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\ICAClient

[2012/07/27 13:18:14 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\ImgBurn

[2012/08/29 12:46:31 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\PrimoPDF

[2012/12/05 07:28:41 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\SAP

[2012/09/06 13:59:53 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\ScanSoft

[2012/12/05 08:15:19 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\ShoreWare Client

[2012/12/03 07:01:48 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\TeamViewer

[2012/09/09 09:35:46 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\WebcamMax

[2012/07/26 07:29:33 | 000,000,000 | ---D | M] -- C:\Users\jonathang\AppData\Roaming\wootalyzer

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    PRC - File not found --
    O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [taupse] "C:\Windows\System32\rundll32.exe" "C:\Users\jonathang\AppData\Roaming\taupse.dll",AsString File not found
    :files
    C:\Users\jonathang\AppData\Roaming\taupse.dll
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Please try again with this script:

:OTL

O4 - HKU\S-1-5-21-2103336246-1785489273-1248796406-330812..\Run: [taupse] "C:\Windows\System32\rundll32.exe" "C:\Users\jonathang\AppData\Roaming\taupse.dll",AsString File not found

:files

C:\Users\jonathang\AppData\Roaming\taupse.dll

ipconfig /flushdns /c

:Commands

[emptytemp]

Link to post
Share on other sites

Here's the log

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-2103336246-1785489273-1248796406-330812\Software\Microsoft\Windows\CurrentVersion\Run\\taupse deleted successfully.

========== FILES ==========

File\Folder C:\Users\jonathang\AppData\Roaming\taupse.dll not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\jonathang\Desktop\cmd.bat deleted successfully.

C:\Users\jonathang\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: jonathang

->Temp folder emptied: 5322456 bytes

->Temporary Internet Files folder emptied: 13195309 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 247550183 bytes

->Flash cache emptied: 5888 bytes

User: Public

User: user

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: user.szmislaptop

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: v00sb2

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 10510282 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 264.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12122012_073356

Files\Folders moved on Reboot...

C:\Users\jonathang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\windows\temp\asat0000.tmp scheduled to be moved on reboot.

File move failed. C:\windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.13.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

E127811 :: SZMISLAPTOP [administrator]

12/13/2012 9:09:19 AM

mbam-log-2012-12-13 (09-09-19).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 409470

Time elapsed: 58 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\jonathang\AppData\Local\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.