I have jRAT on my computer. What do I do to remove it. Please help

zion098 · December 16, 2013

Maniac · December 16, 2013

Hello zion098 and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

zion098 · December 17, 2013

OTL logfile created on: 12/17/2013 2:34:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ZION-KIDD\Downloads
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.95 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 66.75% Memory free
5.95 Gb Paging File | 4.99 Gb Available in Paging File | 83.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 285.02 Gb Total Space | 192.24 Gb Free Space | 67.45% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 31.14 Mb Free Space | 31.15% Space Free | Partition Type: NTFS

Computer Name: ZION-KIDD-PC | User Name: ZION-KIDD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/17 14:33:52 | 000,659,968 | ---- | M] (OldTimer Tools) -- C:\Users\ZION-KIDD\Downloads\OTL.exe
PRC - [2013/12/17 01:14:31 | 000,076,288 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\AdobeART.exe
PRC - [2013/11/12 23:16:40 | 000,746,176 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
PRC - [2013/10/30 10:35:34 | 000,719,872 | ---- | M] () -- C:\Program Files\Appandora\AppandoraDeviceService.exe
PRC - [2013/10/08 23:51:11 | 001,011,792 | ---- | M] (337 Technology Limited.) -- C:\Program Files\Desk 365\desk365.exe
PRC - [2013/10/08 23:51:11 | 000,424,016 | ---- | M] (337 Technology Limited.) -- C:\Program Files\Desk 365\deskSvc.exe
PRC - [2013/09/03 14:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/29 01:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/07/19 22:29:14 | 000,703,888 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2013/07/19 22:28:58 | 000,557,968 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2013/07/17 17:20:14 | 001,344,304 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2013/06/17 10:42:48 | 000,246,112 | ---- | M] () -- C:\ProgramData\MTN F@stLink\OnlineUpdate\ouc.exe
PRC - [2013/06/04 01:28:14 | 000,221,184 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Local\Temp\explorer.exe
PRC - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/13 08:48:02 | 000,526,248 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2013/03/13 08:48:00 | 003,458,968 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files\Sony\Content Manager Assistant\CMA.exe
PRC - [2013/03/07 21:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\ZION-KIDD\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2013/01/04 16:38:06 | 000,512,000 | ---- | M] () -- C:\Program Files\Visafone Internet\bin\MonServiceUDisk.exe
PRC - [2012/11/12 06:59:15 | 000,657,504 | ---- | M] () -- C:\ProgramData\visafone surf\OnlineUpdate\ouc.exe
PRC - [2012/10/12 21:31:18 | 001,826,816 | ---- | M] () -- C:\Program Files\Visafone Internet\Visafone Internet\Visafone Internet.exe
PRC - [2012/09/24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\javaw.exe
PRC - [2012/09/22 15:21:00 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012/08/29 15:22:38 | 000,174,080 | ---- | M] (Atheros Commnucations) -- C:\Windows\System32\AdminService.exe
PRC - [2012/08/25 09:12:44 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\sppsvc.exe
PRC - [2012/07/26 04:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012/07/26 04:20:59 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2012/07/26 04:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2012/07/26 04:20:44 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/07/26 04:20:44 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2012/07/26 04:20:43 | 000,936,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
PRC - [2012/06/07 18:22:22 | 000,071,168 | ---- | M] () -- C:\Program Files\Visafone Internet\BGService.exe
PRC - [2012/06/07 18:21:05 | 000,167,936 | ---- | M] () -- C:\Program Files\Visafone Internet\DataCardService.exe
PRC - [2012/04/01 07:03:32 | 000,117,024 | ---- | M] (CometNetwork) -- C:\Program Files\CometBird\cometbird.exe
PRC - [2012/03/10 04:24:50 | 000,040,048 | ---- | M] (SparkLabs) -- C:\Program Files\WiTopia\WiTopiaService.exe
PRC - [2011/04/12 21:40:58 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/03/14 16:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011/03/14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2013/12/17 13:47:44 | 000,584,704 | ---- | M] () -- C:\Program Files\Appandora\sqlite3.dll
MOD - [2013/12/17 01:14:31 | 000,076,288 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\AdobeART.exe
MOD - [2013/11/12 23:16:40 | 000,746,176 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
MOD - [2013/10/30 10:35:34 | 000,719,872 | ---- | M] () -- C:\Program Files\Appandora\AppandoraDeviceService.exe
MOD - [2013/10/30 10:35:30 | 000,376,832 | ---- | M] () -- C:\Program Files\Appandora\DuiLib.dll
MOD - [2013/10/08 23:51:12 | 000,232,016 | ---- | M] () -- C:\Program Files\Desk 365\edeskcmn.dll
MOD - [2013/10/08 23:51:12 | 000,146,512 | ---- | M] () -- C:\Program Files\Desk 365\enotify.dll
MOD - [2013/10/08 23:51:12 | 000,099,408 | ---- | M] () -- C:\Program Files\Desk 365\mbdet.dll
MOD - [2013/10/08 23:51:12 | 000,073,296 | ---- | M] () -- C:\Program Files\Desk 365\libpopdlg.dll
MOD - [2013/09/22 12:03:24 | 000,059,904 | ---- | M] () -- C:\Program Files\Appandora\zlib.dll
MOD - [2013/08/29 01:25:02 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/08/29 01:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/07/19 22:29:58 | 000,063,376 | ---- | M] () -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2013/06/04 01:28:14 | 000,221,184 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Local\Temp\explorer.exe
MOD - [2013/03/23 03:10:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ed2a69139fec2cbd55d830ceb0db06c6\System.Configuration.ni.dll
MOD - [2013/03/23 03:10:02 | 001,711,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\992ee7239e962ebd76a111a1113f5d7a\Microsoft.VisualBasic.ni.dll
MOD - [2013/03/22 14:02:12 | 005,452,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a801272bc1990741b7b2f5dde3a57420\System.Xml.ni.dll
MOD - [2013/03/22 14:02:03 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5ba5657c270bdd2fde78ecda4c2ad910\System.Windows.Forms.ni.dll
MOD - [2013/03/22 14:01:52 | 001,592,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\b8f373895aa19304a2cb6b888e298529\System.Drawing.ni.dll
MOD - [2013/03/22 14:01:50 | 006,656,512 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\1eb58eaab973ccadc97fb992c6a75181\System.Data.ni.dll
MOD - [2013/03/22 14:01:42 | 001,051,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\ccae9d6b17cd302da80ea7584a4c7326\System.Management.ni.dll
MOD - [2013/03/22 14:00:47 | 007,967,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\6124280f8365d6683e54dd99742100f6\System.ni.dll
MOD - [2013/03/22 14:00:38 | 011,494,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\452f06494f05cb9d89325460550d1d62\mscorlib.ni.dll
MOD - [2013/03/07 21:32:40 | 021,014,960 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013/03/07 21:32:38 | 000,292,272 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013/03/07 21:32:38 | 000,179,632 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013/01/23 15:03:56 | 000,181,840 | ---- | M] () -- C:\Program Files\Desk 365\libpng.dll
MOD - [2012/12/14 02:02:20 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2012/11/29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012/10/12 21:31:18 | 001,826,816 | ---- | M] () -- C:\Program Files\Visafone Internet\Visafone Internet\Visafone Internet.exe
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/07/26 04:19:14 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2012/07/26 00:14:50 | 002,972,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/05 14:56:52 | 000,212,992 | ---- | M] () -- C:\Program Files\Visafone Internet\Visafone Internet\Modem.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll

========== Services (SafeList) ==========

SRV - [2013/12/11 13:03:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 23:51:11 | 000,424,016 | ---- | M] (337 Technology Limited.) [Auto | Running] -- C:\Program Files\Desk 365\deskSvc.exe -- (desksvc)
SRV - [2013/09/03 14:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/07/19 22:28:58 | 000,557,968 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2013/07/17 17:20:14 | 001,344,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/06/17 10:42:48 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MTN F@stLink\UpdateDog\ouc.exe -- (MTN F@stLink. RunOuc)
SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)
SRV - [2013/01/04 16:38:06 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files\Visafone Internet\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2012/12/14 02:02:14 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/11/12 06:59:15 | 000,657,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\visafone surf\UpdateDog\ouc.exe -- (visafone surf. RunOuc)
SRV - [2012/08/29 15:22:38 | 000,174,080 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Windows\System32\AdminService.exe -- (AtherosSvc)
SRV - [2012/08/25 09:12:44 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\sppsvc.exe -- (SLSvc)
SRV - [2012/07/26 05:03:42 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 04:31:20 | 002,151,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2012/07/26 04:30:33 | 000,013,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2012/07/26 04:20:30 | 001,536,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2012/07/26 04:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2012/07/26 04:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2012/07/26 04:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2012/07/26 04:20:07 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2012/07/26 04:20:05 | 000,117,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2012/07/26 04:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2012/07/26 04:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2012/07/26 04:19:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2012/07/26 04:19:22 | 000,364,032 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2012/07/26 04:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2012/07/26 04:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2012/07/26 04:18:55 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2012/07/26 04:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012/07/26 04:18:28 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2012/07/26 04:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2012/07/26 04:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2012/07/26 04:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2012/07/26 04:18:01 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2012/07/26 04:17:58 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2012/07/26 04:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2012/06/07 18:21:05 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Visafone Internet\DataCardService.exe -- (ALCATEL)
SRV - [2012/03/10 04:24:50 | 000,040,048 | ---- | M] (SparkLabs) [Auto | Running] -- C:\Program Files\WiTopia\WiTopiaService.exe -- (WiTopiaService)
SRV - [2011/04/12 21:40:58 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/03/14 16:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/12/02 15:59:08 | 000,038,926 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\CT_QUALCOMM_U_drv.sys -- (CT_QUALCOMM_U_drv)
DRV - [2013/07/19 22:12:38 | 000,043,120 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vpnva-6.sys -- (vpnva)
DRV - [2013/07/19 22:10:16 | 000,092,112 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acsock.sys -- (acsock)
DRV - [2013/01/20 07:00:58 | 000,036,040 | ---- | M] (AnchorFree Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2012/12/03 12:21:04 | 000,205,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2012/12/03 11:39:10 | 000,379,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012/10/30 05:42:16 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/10/29 12:42:46 | 000,070,272 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/10/26 11:06:48 | 000,108,544 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\CT_U_USBSER.sys -- (Generalusbserialser20679)
DRV - [2012/08/29 15:22:38 | 000,480,256 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\btfilter.sys -- (BtFilter)
DRV - [2012/08/20 01:54:20 | 000,027,520 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012/08/20 01:54:18 | 000,096,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/08/20 01:54:18 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/07/26 05:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2012/07/26 04:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2012/07/26 04:48:33 | 000,121,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2012/07/26 04:48:29 | 000,049,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2012/07/26 04:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2012/07/26 04:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2012/07/26 04:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2012/07/26 04:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2012/07/26 04:42:19 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2012/07/26 04:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2012/07/26 04:42:19 | 000,267,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2012/07/26 04:42:19 | 000,179,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2012/07/26 04:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2012/07/26 04:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2012/07/26 04:42:18 | 000,066,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2012/07/26 04:42:15 | 000,238,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2012/07/26 04:42:15 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2012/07/26 04:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2012/07/26 04:42:15 | 000,046,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2012/07/26 04:42:14 | 000,024,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2012/07/26 04:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2012/07/26 04:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2012/07/26 04:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2012/07/26 04:39:55 | 000,023,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/07/26 04:39:35 | 000,057,072 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2012/07/26 04:39:13 | 000,030,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2012/07/26 04:34:01 | 000,199,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2012/07/26 04:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2012/07/26 04:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2012/07/26 04:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2012/07/26 04:30:33 | 000,028,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2012/07/26 03:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2012/07/26 03:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2012/07/26 03:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2012/07/26 03:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2012/07/26 03:35:48 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2012/07/26 03:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2012/07/26 03:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2012/07/26 03:35:23 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2012/07/26 03:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2012/07/26 03:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2012/07/26 03:35:04 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usb80236.sys -- (usbrndis6)
DRV - [2012/07/26 03:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2012/07/26 03:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2012/07/26 03:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2012/07/26 03:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2012/07/26 03:34:16 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2012/07/26 03:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2012/07/26 03:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2012/07/26 03:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2012/07/26 03:33:50 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp)
DRV - [2012/07/26 03:33:37 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\winusb.sys -- (WinUsb)
DRV - [2012/07/26 03:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/07/26 03:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2012/07/26 03:33:00 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2012/07/26 03:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/26 03:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2012/07/26 03:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2012/07/26 03:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2012/07/26 03:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2012/07/26 03:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2012/07/25 23:49:40 | 000,495,104 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Rt630x86.sys -- (RTL8168)
DRV - [2012/06/02 15:31:30 | 002,273,280 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\athr.sys -- (athr)
DRV - [2012/03/29 08:26:12 | 000,256,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2011/12/31 02:20:24 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011/05/13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ssadadb.sys -- (androidusb)
DRV - [2011/04/12 21:10:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/12/25 03:22:50 | 000,206,976 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\evusbvoc.sys -- (evusbvoc)
DRV - [2010/12/25 03:22:50 | 000,206,976 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\evusbmdm.sys -- (evusbmdm)
DRV - [2010/12/25 03:22:50 | 000,206,976 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\evusbdiag.sys -- (evusbdiag)
DRV - [2010/12/25 03:22:50 | 000,206,976 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\evusbat.sys -- (evusbat)
DRV - [2010/11/10 10:02:38 | 000,064,512 | ---- | M] (HUAWEI Communication) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HuaweiWiMAXUSB.sys -- (HuaweiWiMAXUSB)
DRV - [2010/10/19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\HECI.sys -- (MEI)
DRV - [2010/07/27 02:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\CVirtA.sys -- (CVirtA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=ST9320310AS_5WV101BAXXXX5WV101BA&ts=1382184582&type=default&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://african.howzit.msn.com/?rd=1&ucc=NG&dcc=NG&opt=0&ocid=iehp
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 3D 69 9C 95 10 CE 01 [binary data]
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={F4B3C059-FF5D-11E2-AFC0-CCAF78C1D24A}&crg=3.1010000.10039&st=23&ptr=100
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.backup.ftp: "46.14.211.177"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "46.14.211.177"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "46.14.211.177"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "82.220.3.15"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "82.220.3.15"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "82.220.3.15"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "82.220.3.15"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ZION-KIDD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ZION-KIDD\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ZION-KIDD\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\ZION-KIDD\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2013/11/01 14:06:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2013/11/06 10:52:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 13:02:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 13:02:57 | 000,000,000 | ---D | M]

[2012/09/22 13:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\Extensions
[2012/09/22 13:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2013/11/05 11:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\Firefox\Profiles\y11vp9wg.default\extensions
[2012/09/22 13:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\SeaMonkey\Profiles\5huareha.default\extensions
[2013/10/19 15:57:47 | 000,006,227 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\Firefox\Profiles\y11vp9wg.default\searchplugins\dokotoolbar.xml
[2013/12/16 11:29:37 | 000,004,120 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\Firefox\Profiles\y11vp9wg.default\searchplugins\SweetIM Search.xml
[2013/12/11 13:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/11 13:02:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/11 13:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/11 13:02:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/11 13:03:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: Google Wallet = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/07/26 05:17:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Appandora device service] C:\Program Files\Appandora\AppandoraDeviceService.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ZION-KIDD-PC] C:\Program Files\Java\jusched.exe File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [08f4dc96bbb7af09d1a37fe35c75a42f] C:\Users\ZION-KIDD\AppData\Local\Temp\explorer.exe ()
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [238e7f7108493dec7955402a2dd0d825] "C:\ProgramData\server.exe" .. File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [301b5fcf8ce2fab8868e80b6c1f912fe] "C:\Users\ZION-KIDD\AppData\Local\Temp\System.exe" .. File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [abdd6bfc0e8fddea8251d6f207eba15e] "C:\Users\ZION-KIDD\explorer.exe" .. File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [AdobeART] C:\Users\ZION-KIDD\AppData\Roaming\AdobeART.exe ()
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [ba4c12bee3027d94da5c81db2d196bfd] "C:\Users\ZION-KIDD\AppData\Local\Temp\svchost.exe" .. File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [c1d0b9d0c2bd42e23f8e442128550693] "C:\Users\ZION-KIDD\AppData\Roaming\sys.exe" .. File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [Desk 365] C:\Program Files\Desk 365\desk365.exe (337 Technology Limited.)
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [Facebook Update] C:\Users\ZION-KIDD\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [File] C:\Program Files\Java\jre7\bin\javaw.exe (Oracle Corporation)
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [ghizqwkyae] wscript.exe //B "C:\Users\ZION-K~1\AppData\Local\Temp\ghizqwkyae..vbs" File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log栀攀氀氀㌀㈀⸀搀氀氀Ⰰⴀ㈀㄀㠀㄀㌀ File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [MicroUpdate] C:\WINDOWS\system32\MSDCSC\msdcsc.exe File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [RIMDeviceManager] C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [ZION-KIDD-PC] C:\Program Files\Java\jusched.exe File not found
O4 - Startup: C:\Users\ZION-KIDD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08f4dc96bbb7af09d1a37fe35c75a42f.exe ()
O4 - Startup: C:\Users\ZION-KIDD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\ZION-KIDD\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\ZION-KIDD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ghizqwkyae..vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BD9814F-8D72-433C-90A9-44E98EF1952B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32C8F054-4EA9-4FE6-B390-7CA389D1D3F1}: NameServer = 41.138.161.110 41.138.162.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F6F4FD0-41E9-48BE-BE14-92E206DB85EC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ABAA516-7DF0-4A79-AB0D-B36F065C33BB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACCDBC7A-3DD0-4220-8E84-DB0510A84DD8}: NameServer = 41.138.161.110 41.138.162.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8D9E3A0-BD5A-474E-846D-A79E54D2BD17}: NameServer = 41.138.161.110 41.138.162.110
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/10/20 22:39:09 | 000,000,031 | -HS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{08187f93-c9eb-11e2-afaf-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{08187f93-c9eb-11e2-afaf-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{0dcfbbec-2a2d-11e3-afdb-9d83ea875333}\Shell - "" = AutoRun
O33 - MountPoints2\{0dcfbbec-2a2d-11e3-afdb-9d83ea875333}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{0fcb74b4-02ee-11e2-a814-e66fc97bf6c6}\Shell - "" = AutoRun
O33 - MountPoints2\{0fcb74b4-02ee-11e2-a814-e66fc97bf6c6}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{0fcb74bc-02ee-11e2-a814-e66fc97bf6c6}\Shell - "" = AutoRun
O33 - MountPoints2\{0fcb74bc-02ee-11e2-a814-e66fc97bf6c6}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{12cb08e6-4d3a-11e3-aff5-94ef83774df8}\Shell - "" = AutoRun
O33 - MountPoints2\{12cb08e6-4d3a-11e3-aff5-94ef83774df8}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{1318e2a4-c9de-11e2-afae-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{1318e2a4-c9de-11e2-afae-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{1318e2c8-c9de-11e2-afae-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{1318e2c8-c9de-11e2-afae-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{14e82264-d970-11e2-afb6-001e101f9f74}\Shell - "" = AutoRun
O33 - MountPoints2\{14e82264-d970-11e2-afb6-001e101f9f74}\Shell\AutoRun\command - "" = "H:\AutoRun.exe"
O33 - MountPoints2\{14e8228e-d970-11e2-afb6-001e101f0838}\Shell - "" = AutoRun
O33 - MountPoints2\{14e8228e-d970-11e2-afb6-001e101f0838}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{14e82316-d970-11e2-afb6-001e101f0838}\Shell - "" = AutoRun
O33 - MountPoints2\{14e82316-d970-11e2-afb6-001e101f0838}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{274c1f8c-d647-11e2-afb4-001e101f10b3}\Shell - "" = AutoRun
O33 - MountPoints2\{274c1f8c-d647-11e2-afb4-001e101f10b3}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{274c2169-d647-11e2-afb4-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{274c2169-d647-11e2-afb4-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{278ded0e-96e4-11e2-af9f-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{278ded0e-96e4-11e2-af9f-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Setup.exe"
O33 - MountPoints2\{29173eb6-da78-11e2-afb7-001e101f870a}\Shell - "" = AutoRun
O33 - MountPoints2\{29173eb6-da78-11e2-afb7-001e101f870a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{2917454c-da78-11e2-afb7-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{2917454c-da78-11e2-afb7-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{5524b82f-381f-11e3-afe4-cc136bdc5630}\Shell - "" = AutoRun
O33 - MountPoints2\{5524b82f-381f-11e3-afe4-cc136bdc5630}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{64b639cd-8647-11e2-8db7-e9eaaadab183}\Shell - "" = AutoRun
O33 - MountPoints2\{64b639cd-8647-11e2-8db7-e9eaaadab183}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{64b639e1-8647-11e2-8db7-e9eaaadab183}\Shell - "" = AutoRun
O33 - MountPoints2\{64b639e1-8647-11e2-8db7-e9eaaadab183}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{64b63b39-8647-11e2-8db7-e9eaaadab183}\Shell - "" = AutoRun
O33 - MountPoints2\{64b63b39-8647-11e2-8db7-e9eaaadab183}\Shell\AutoRun\command - "" = "F:\Setup.exe" /Auto
O33 - MountPoints2\{8de641d1-1658-11e3-afd2-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{8de641d1-1658-11e3-afd2-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{91e1cc2d-ef25-11e2-afba-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{91e1cc2d-ef25-11e2-afba-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Setup.exe" /Auto
O33 - MountPoints2\{91e1d2c6-ef25-11e2-afba-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{91e1d2c6-ef25-11e2-afba-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{91e1d305-ef25-11e2-afba-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{91e1d305-ef25-11e2-afba-ccaf78c1d24a}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"
O33 - MountPoints2\{91e1d5f1-ef25-11e2-afba-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{91e1d5f1-ef25-11e2-afba-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{91e1d816-ef25-11e2-afba-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{91e1d816-ef25-11e2-afba-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{9c677752-ce7b-11e2-afb1-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{9c677752-ce7b-11e2-afb1-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{9c677787-ce7b-11e2-afb1-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{9c677787-ce7b-11e2-afb1-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{aadc528e-b9bf-11e2-afaa-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{aadc528e-b9bf-11e2-afaa-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\CMADownloader.exe"
O33 - MountPoints2\{cde6ddcd-d5b3-11e2-afb3-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{cde6ddcd-d5b3-11e2-afb3-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{cde6de29-d5b3-11e2-afb3-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{cde6de29-d5b3-11e2-afb3-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{cde6dfed-d5b3-11e2-afb3-001e101f96e8}\Shell - "" = AutoRun
O33 - MountPoints2\{cde6dfed-d5b3-11e2-afb3-001e101f96e8}\Shell\AutoRun\command - "" = "H:\AutoRun.exe"
O33 - MountPoints2\{cde6e03f-d5b3-11e2-afb3-001e101f96e8}\Shell - "" = AutoRun
O33 - MountPoints2\{cde6e03f-d5b3-11e2-afb3-001e101f96e8}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{cde6e12b-d5b3-11e2-afb3-001e101f96e8}\Shell - "" = AutoRun
O33 - MountPoints2\{cde6e12b-d5b3-11e2-afb3-001e101f96e8}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{d152799f-ff31-11e2-afc0-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{d152799f-ff31-11e2-afc0-ccaf78c1d24a}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"
O33 - MountPoints2\{d5165486-c50b-11e2-afac-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{d5165486-c50b-11e2-afac-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{dc712142-58bd-11e2-92fd-ad3bac846417}\Shell - "" = AutoRun
O33 - MountPoints2\{dc712142-58bd-11e2-92fd-ad3bac846417}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{eeac1b4d-dea2-11e2-afb9-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{eeac1b4d-dea2-11e2-afb9-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{eeac27b0-dea2-11e2-afb9-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{eeac27b0-dea2-11e2-afb9-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{eeac27c5-dea2-11e2-afb9-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{eeac27c5-dea2-11e2-afb9-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{f1805ccd-d72a-11e2-afb5-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{f1805ccd-d72a-11e2-afb5-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{f1805d26-d72a-11e2-afb5-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{f1805d26-d72a-11e2-afb5-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{f1805e2c-d72a-11e2-afb5-001e101f26b9}\Shell - "" = AutoRun
O33 - MountPoints2\{f1805e2c-d72a-11e2-afb5-001e101f26b9}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{fcc11a41-3a28-11e3-afe9-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{fcc11a41-3a28-11e3-afe9-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/17 13:49:12 | 000,056,320 | ---- | C] (SOFTWIN S.R.L.) -- C:\Users\ZION-KIDD\AppData\Roaming\AdobeARTSrv.exe
[2013/12/17 11:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/12/17 01:14:32 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\Microsoft
[2013/12/16 00:33:39 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\AppData\Roaming\Malwarebytes
[2013/12/16 00:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/15 21:46:00 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\Desktop\Tyga_Medusa
[2013/12/11 13:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/11 08:48:05 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\Desktop\HOLY GRAIL- HOV
[2013/12/11 08:41:36 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\Desktop\KSA
[2013/12/02 16:51:01 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\cminstaller
[2013/11/18 12:42:40 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\Desktop\ANZ
[2013/11/17 22:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak
[2013/11/06 00:10:18 | 001,775,000 | ---- | C] (Mozilla Foundation) -- C:\Users\ZION-KIDD\AppData\Roaming\nss3.dll
[2013/11/06 00:10:18 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Users\ZION-KIDD\AppData\Roaming\msvcr100.dll
[2013/11/06 00:10:18 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Users\ZION-KIDD\AppData\Roaming\msvcp100.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\ZION-KIDD\Desktop\*.tmp files -> C:\Users\ZION-KIDD\Desktop\*.tmp -> ]
[1 C:\Users\ZION-KIDD\AppData\Roaming\*.tmp files -> C:\Users\ZION-KIDD\AppData\Roaming\*.tmp -> ]
[1 C:\Users\ZION-KIDD\*.tmp files -> C:\Users\ZION-KIDD\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2018/08/27 07:11:05 | 000,132,165 | ---- | M] () -- C:\WINDOWS\System32\slmgr.vbs
[2013/12/17 14:33:48 | 000,056,320 | ---- | M] (SOFTWIN S.R.L.) -- C:\Users\ZION-KIDD\AppData\Roaming\AdobeARTSrv.exe
[2013/12/17 14:17:49 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/17 13:48:44 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/17 13:46:55 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/17 13:46:53 | 294,145,641 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/12/17 13:46:50 | 2376,482,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/17 12:45:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/17 12:35:25 | 000,398,005 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\KEVIN COLBERT-INSURANCE-DOCUMENT-YET TO PAY.jpg
[2013/12/17 11:58:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1133408093-2153907846-2811385714-1000UA.job
[2013/12/17 11:10:02 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1133408093-2153907846-2811385714-1000UA.job
[2013/12/17 01:25:10 | 000,120,257 | ---- | M] () -- C:\Users\ZION-KIDD\Documents\webmail.htm
[2013/12/17 01:25:08 | 000,114,502 | ---- | M] () -- C:\Users\ZION-KIDD\Documents\IMPORTANT DOCUMENT.HTML
[2013/12/17 01:25:08 | 000,114,227 | ---- | M] () -- C:\Users\ZION-KIDD\Documents\g.html
[2013/12/17 01:25:07 | 000,122,952 | ---- | M] () -- C:\Users\ZION-KIDD\Documents\Barclays Login Form.html
[2013/12/17 01:24:04 | 000,160,873 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\update1.html
[2013/12/17 01:24:04 | 000,159,380 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\update.html
[2013/12/17 01:24:03 | 000,145,573 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\signin.blackboard.edu.htm
[2013/12/17 01:24:03 | 000,126,789 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\servlet.htm
[2013/12/17 01:24:03 | 000,122,216 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\t-onlinemesaage.html
[2013/12/17 01:24:03 | 000,119,499 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\secure.online-login.htm
[2013/12/17 01:24:03 | 000,115,118 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\Santander_Messg.html
[2013/12/17 01:24:02 | 000,138,299 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\proofingEvent.html
[2013/12/17 01:24:02 | 000,127,725 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\online.html
[2013/12/17 01:24:02 | 000,123,546 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\outlook.html
[2013/12/17 01:24:02 | 000,118,225 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\pnc.html
[2013/12/17 01:23:51 | 000,114,237 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\NewRDP_Message.html
[2013/12/17 01:23:15 | 000,117,048 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\msg_pnc.html
[2013/12/17 01:23:13 | 000,123,017 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\login.jsp.htm
[2013/12/17 01:23:13 | 000,120,957 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\login.jsp.html
[2013/12/17 01:23:13 | 000,116,239 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\login.html
[2013/12/17 01:23:12 | 000,117,296 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\inde6x.htm
[2013/12/17 01:23:11 | 000,180,600 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\gmail_verification.html
[2013/12/17 01:23:11 | 000,114,493 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\Gmail-Messge.htm
[2013/12/17 01:22:39 | 000,120,299 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\BOA_MESAGE.HTM
[2013/12/17 01:22:39 | 000,119,905 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\Bank of America.html
[2013/12/17 01:22:39 | 000,114,579 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\AOL_Messg.htm
[2013/12/17 01:22:39 | 000,114,483 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\AOL-Messge.htm
[2013/12/17 01:22:38 | 000,136,334 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\Alibaba-Secure-Data.html
[2013/12/17 01:22:37 | 000,129,744 | ---- | M] () -- C:\Users\ZION-KIDD\application.aspx.htm
[2013/12/17 01:22:37 | 000,129,722 | ---- | M] () -- C:\Users\ZION-KIDD\application.aspx2.htm
[2013/12/17 01:14:31 | 000,076,288 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\AdobeART.exe
[2013/12/16 17:48:37 | 001,084,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/16 17:48:37 | 000,248,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/16 17:10:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1133408093-2153907846-2811385714-1000Core.job
[2013/12/13 12:56:53 | 000,006,899 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\doctor kelly.jpg
[2013/12/12 18:58:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1133408093-2153907846-2811385714-1000Core.job
[2013/12/11 23:21:59 | 000,002,232 | -H-- | M] () -- C:\Users\ZION-KIDD\Documents\Default.rdp
[2013/12/09 22:29:19 | 000,202,269 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\File.jar
[2013/12/09 22:29:14 | 000,209,169 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\2043479783.jar
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\ZION-KIDD\Desktop\*.tmp files -> C:\Users\ZION-KIDD\Desktop\*.tmp -> ]
[1 C:\Users\ZION-KIDD\AppData\Roaming\*.tmp files -> C:\Users\ZION-KIDD\AppData\Roaming\*.tmp -> ]
[1 C:\Users\ZION-KIDD\*.tmp files -> C:\Users\ZION-KIDD\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/17 12:12:39 | 000,398,005 | ---- | C] () -- C:\Users\ZION-KIDD\Desktop\KEVIN COLBERT-INSURANCE-DOCUMENT-YET TO PAY.jpg
[2013/12/17 01:14:32 | 000,076,288 | ---- | C] () -- C:\Users\ZION-KIDD\AppData\Roaming\AdobeART.exe
[2013/12/13 12:56:49 | 000,006,899 | ---- | C] () -- C:\Users\ZION-KIDD\Desktop\doctor kelly.jpg
[2013/12/11 22:58:56 | 000,119,499 | ---- | C] () -- C:\Users\ZION-KIDD\Desktop\secure.online-login.htm
[2013/12/09 22:29:17 | 000,202,269 | ---- | C] () -- C:\Users\ZION-KIDD\AppData\Roaming\File.jar
[2013/12/09 22:29:13 | 000,209,169 | ---- | C] () -- C:\Users\ZION-KIDD\AppData\Roaming\2043479783.jar
[2013/12/03 19:38:50 | 000,180,600 | ---- | C] () -- C:\Users\ZION-KIDD\Desktop\gmail_verification.html
[2013/11/12 23:07:31 | 000,053,152 | ---- | C] () -- C:\WINDOWS\System32\USBCoInstaller.dll
[2013/09/16 15:58:08 | 000,012,015 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/08/07 13:36:29 | 001,344,304 | ---- | C] () -- C:\WINDOWS\System32\dmwu.exe
[2013/06/11 08:51:21 | 000,005,632 | ---- | C] () -- C:\Users\ZION-KIDD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/15 13:45:31 | 000,025,183 | ---- | C] () -- C:\Users\ZION-KIDD\page.php
[2013/04/29 08:43:48 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/04/29 08:43:48 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/04/29 08:43:48 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/03/22 13:11:24 | 000,021,316 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/03/03 23:49:17 | 000,003,851 | ---- | C] () -- C:\Users\ZION-KIDD\utulsa.asl
[2013/02/21 15:21:06 | 000,000,600 | ---- | C] () -- C:\Users\ZION-KIDD\AppData\Local\PUTTY.RND
[2013/01/10 09:49:01 | 000,005,642 | ---- | C] () -- C:\Users\ZION-KIDD\init.php
[2012/12/14 02:02:20 | 000,963,452 | ---- | C] () -- C:\WINDOWS\System32\igcodeckrng600.bin
[2012/12/14 02:02:20 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\IccLibDll.dll
[2012/12/14 02:02:20 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\igdde32.dll
[2012/12/14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2012/12/14 02:02:20 | 000,000,268 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2012/12/14 02:02:16 | 000,272,928 | ---- | C] () -- C:\WINDOWS\System32\igvpkrng600.bin
[2012/12/14 01:49:51 | 000,121,625 | ---- | C] () -- C:\Users\ZION-KIDD\GIFTCARD.png
[2012/12/09 07:37:16 | 000,236,942 | ---- | C] () -- C:\Users\ZION-KIDD\MikEl.png
[2012/12/05 07:27:24 | 000,767,622 | ---- | C] () -- C:\Users\ZION-KIDD\Verizon_Remote.png
[2012/11/02 19:27:41 | 000,129,722 | ---- | C] () -- C:\Users\ZION-KIDD\application.aspx2.htm
[2012/11/02 19:27:30 | 000,123,769 | ---- | C] () -- C:\Users\ZION-KIDD\IFE_DVLOTTERY.png
[2012/11/02 19:04:56 | 000,129,744 | ---- | C] () -- C:\Users\ZION-KIDD\application.aspx.htm
[2012/11/02 19:03:58 | 000,126,637 | ---- | C] () -- C:\Users\ZION-KIDD\DVLOTTERY.STATE.GOV.png
[2012/11/02 18:20:20 | 000,041,168 | ---- | C] () -- C:\Users\ZION-KIDD\OLUMIDE.png
[2012/11/01 00:28:06 | 000,000,017 | ---- | C] () -- C:\Users\ZION-KIDD\AppData\Local\resmon.resmoncfg
[2012/09/28 22:08:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/09/22 13:22:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/08/29 15:22:38 | 000,246,804 | ---- | C] () -- C:\WINDOWS\System32\drivers\AtherosBT.bin
[2012/07/26 07:55:27 | 001,084,498 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/26 07:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012/07/26 07:55:27 | 000,248,564 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/26 07:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012/07/26 07:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012/07/26 07:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2012/07/26 07:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/26 07:00:17 | 000,364,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/26 02:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2012/07/26 01:48:53 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll
[2012/07/25 21:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012/07/25 21:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2012/07/14 03:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2012/06/02 21:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2012/06/02 15:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

========== ZeroAccess Check ==========

[2013/12/02 16:50:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/08/27 14:21:15 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/07/26 04:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/08/14 11:09:52 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\337
[2013/11/14 20:18:47 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Appandora
[2013/11/14 05:20:22 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\BitTorrent
[2012/09/29 18:43:52 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/06/09 07:38:26 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\CometNetwork
[2013/10/20 11:36:23 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\dclogs
[2013/10/09 08:46:41 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Desk 365
[2013/08/28 19:16:39 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\DMCache
[2013/05/31 13:01:33 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\EVDO_General
[2013/10/24 00:38:31 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\FileZilla
[2012/09/22 13:22:08 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Flock
[2013/08/28 19:16:34 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\IDM
[2013/09/16 15:32:28 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Juniper Networks
[2013/11/01 14:59:08 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\LimeWireTurbo
[2012/10/13 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\mjusbsp
[2013/05/01 20:37:18 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\OpenCandy
[2012/09/22 15:21:04 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Opera
[2013/07/18 00:05:15 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Research In Motion
[2013/07/10 09:34:29 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Syncios
[2013/12/16 14:39:58 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\TCLVDialer
[2013/05/01 20:57:02 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\TuneUp Software
[2013/10/09 19:01:25 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\TurboMailer
[2013/02/06 14:29:15 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\WiTopia
[2013/10/19 15:57:26 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\YourFileDownloader
[2013/08/22 12:12:36 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\ZTEEVDO
[2013/06/15 13:13:46 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\ZTEMTUI

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >

zion098 · December 17, 2013

OTL Extras logfile created on: 12/17/2013 2:34:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ZION-KIDD\Downloads
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.95 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 66.75% Memory free
5.95 Gb Paging File | 4.99 Gb Available in Paging File | 83.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 285.02 Gb Total Space | 192.24 Gb Free Space | 67.45% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 31.14 Mb Free Space | 31.15% Space Free | Partition Type: NTFS

Computer Name: ZION-KIDD-PC | User Name: ZION-KIDD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1133408093-2153907846-2811385714-1000\SOFTWARE\Classes\<extension>]
.html [@ = CometBirdHTML] -- C:\Program Files\CometBird\cometbird.exe (CometNetwork)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B85BFB-708C-4EE3-AC59-EF27B951BF44}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{023556E0-A583-4843-8FD0-0D061EED2AA3}" = rport=2869 | protocol=6 | dir=out | app=system |
"{0AA69021-97C6-4603-B7A8-69231D31186A}" = rport=138 | protocol=17 | dir=out | app=system |
"{0F057B46-D9EB-4E73-BB31-C0CE25A4FEC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1ADAD0FD-4205-42EF-B70A-2C14C37334C7}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{26F47EE9-49EB-40EA-B680-449BD92CEACA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{28016524-D374-4709-ABA7-6A9CE3FE755C}" = lport=445 | protocol=6 | dir=in | app=system |
"{2A06C45B-459F-491B-B41A-41A78385CC4C}" = rport=445 | protocol=6 | dir=out | app=system |
"{3C716582-12E0-48AD-A857-3F937964E528}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{48A62332-996B-47BE-8BAC-A320EBEC08B9}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{498BC480-1F47-4268-9B39-C9A363A43BF1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{612FFA0B-43C3-4988-B59E-2F75CA3E89BC}" = lport=138 | protocol=17 | dir=in | app=system |
"{6A196913-F80A-447D-A798-01E1B84C3DE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BE672C6-140C-4FA9-A55C-4D9C7BA94C08}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{89118502-9F91-4965-BABE-CD4B3EB5E0F2}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{8D2B9A2A-6C5F-4384-8449-5E4246A43E62}" = lport=139 | protocol=6 | dir=in | app=system |
"{94DF1CDF-E929-4E8E-B045-A837BACAA803}" = rport=137 | protocol=17 | dir=out | app=system |
"{96D65B4D-C034-4F2F-9CC0-F77CD91941BA}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{9A6176A8-7EDF-4092-96EB-80A0582A736E}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{A121F294-1DD5-4CE2-B58A-E65EDEFE72FD}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{AA71D467-A4CB-49E6-9DBF-9AD74C52504B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AF311BDF-B9E5-4DCF-A3B0-AE5800944C07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B80705B3-57E6-4C73-991F-F7D25FC303C8}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{C0195186-3C90-4ECD-8927-F80EFB96B632}" = lport=137 | protocol=17 | dir=in | app=system |
"{C03D7247-B098-4F4B-A3B5-510228557477}" = rport=139 | protocol=6 | dir=out | app=system |
"{DC8F5E30-3DA9-4B19-AE9A-C6FF9F63EC41}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EFEAE297-1E9F-44A9-BF30-3B241F52CFD3}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{F157E6D1-F299-4A65-9F29-235C6F93DFB5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09D861E1-C130-429C-895A-64799F294DF3}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"{0CA6EB1F-523F-42CA-A650-E6E758FD0E63}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1D3E3EEA-5030-4D67-883D-B072B8F2C05B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{207C0241-C03E-4459-BF0D-2B87E9F5F17B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{27D6DB1A-72F2-4D37-BF8D-C6EB21E93DE2}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |

"{2D6AB6BF-E85B-4053-849A-4CA99740B6C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2DE5CF43-C2FE-4977-857A-FA84720A4C21}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3177F735-89D3-411D-B747-9D4583B1D83E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{328C8878-F674-4075-9C56-2E46C74B82E3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{47E9DE3B-9BB1-4D4A-B9F2-665687EE7BC8}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |

"{4B00F727-3400-49FE-90EB-E0ADCC196B21}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{55471E81-24DD-4B41-AB89-13E76B119BD8}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{5D062759-CBF0-408A-B423-1634AEF5EFD8}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{5DD309EB-FB0F-4084-A1BE-223858FF335F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{63319627-AC36-4EC7-B1D6-CFC37929A721}" = dir=out | name=windows_ie_ac_001 |
"{6A331FF7-5AA6-44F4-AE3F-DB42F9BE6905}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"{7BAC231C-4DE7-4EEA-A0BC-76F92A2EB1CF}" = dir=in | app=c:\users\zion-kidd\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{7D2C3EC9-93C8-425D-81E4-89008BEC2B3A}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |

"{91487760-4DE9-4AF2-A4CB-6B7A07CFF561}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{95E988B8-C4AD-4A2E-92A8-8A89B78C5318}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9CECA979-436E-42B6-9DC5-CE6E0EDA46CB}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |

"{A96CDA0A-D7FB-4D87-AF41-5BE8A95A76B8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B13A51B1-B25D-4FE4-88E4-952BC65CA033}" = protocol=6 | dir=in | app=c:\users\zion-kidd\appdata\roaming\bittorrent\bittorrent.exe |
"{B20B39BF-DED8-4C57-8B6E-80D2BF564115}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8B5933F-E6AA-4D62-826B-61B46E88637A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C01DC2B7-F9DB-40E2-810E-F3F0F499F248}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{C43F63D7-88F9-435A-A93A-F11E9EA4B434}" = protocol=17 | dir=in | app=c:\users\zion-kidd\appdata\roaming\bittorrent\bittorrent.exe |

"{CCD3463D-AF30-4896-B955-BB1FF06D1B3C}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{CFF672EC-BAA7-46DA-9B26-2764EC65D634}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{DEDAED72-871C-4148-A586-F5188326CBE4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DF64EB00-B2ED-4C88-8579-FEDB90532C10}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |

"{E0BA53F6-DA03-4F13-99FD-985C041E4CA4}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |

"{F1F55C37-5BF7-4E05-A51D-59899935CED8}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |

"{FAEE073A-B5FD-4F05-9317-EF19E81F65D9}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{FCBDA852-77A6-4015-B736-15A792D7EE77}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{B2C72E9E-8557-4DE0-85A7-593D92203CA8}C:\users\zion-kidd\downloads\compressed\vip72socks\vip72socks.exe" = protocol=6 | dir=in | app=c:\users\zion-kidd\downloads\compressed\vip72socks\vip72socks.exe |
"TCP Query User{CCD084EE-B1AD-4C68-BA17-53F51D8377DC}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{F1FAF4D6-6405-4220-983B-D969B99B3270}C:\program files\wimaxcm\oma\wcmoma.exe" = protocol=6 | dir=in | app=c:\program files\wimaxcm\oma\wcmoma.exe |
"TCP Query User{F72EFAF5-A5D1-425E-B2FB-02B121C201D5}C:\users\zion-kidd\downloads\compressed\vip72socks\vip72socksrus.exe" = protocol=6 | dir=in | app=c:\users\zion-kidd\downloads\compressed\vip72socks\vip72socksrus.exe |
"UDP Query User{3C2EC1FD-6801-4596-A1E8-B064D68D1CE2}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{5424333C-C4D8-42D7-9139-25A048092F5E}C:\users\zion-kidd\downloads\compressed\vip72socks\vip72socks.exe" = protocol=17 | dir=in | app=c:\users\zion-kidd\downloads\compressed\vip72socks\vip72socks.exe |
"UDP Query User{A93A863E-0AA9-4146-8CF6-67E811B60B22}C:\users\zion-kidd\downloads\compressed\vip72socks\vip72socksrus.exe" = protocol=17 | dir=in | app=c:\users\zion-kidd\downloads\compressed\vip72socks\vip72socksrus.exe |
"UDP Query User{CD3AF753-5A5D-4ED5-928E-A2211B1AEC01}C:\program files\wimaxcm\oma\wcmoma.exe" = protocol=17 | dir=in | app=c:\program files\wimaxcm\oma\wcmoma.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AEE4D51-3657-4F40-A689-533429CAEE0C}" = Virtual Router Plus
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{29F6BF0C-3D0E-4480-8B55-85EDECE418FF}" = BlackBerry Device Software Updater
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{3BA67286-845D-46A7-9A58-FA8B7897BC34}_is1" = Appandora version 1.0.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC85673-668B-4CC4-8800-D28E29B77A90}" = Content Manager Assistant for PlayStation®
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{681544C2-FFA2-4CFD-A9AD-2A3D25DF8D22}" = CM Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78091E3A-72FE-47D6-958E-294C014D52E4}" = BlackBerry Device Software v7.0.0 for the BlackBerry 9930 smartphone
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EC141DE-D310-4A57-B363-02E00627B3F0}" = Cisco AnyConnect Secure Mobility Client
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = etisalat Nigeria
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F59FA4D-E431-45FA-889F-EC68D998C7D2}_is1" = WiTopia
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B23F12D4-17DE-453A-B1F4-55E501FE0EBF}" = BBSAK
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}" = Internet Explorer Toolbar 4.8 by SweetPacks
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8269ACA-8889-4C7B-9D70-3CECF45DE28D}" = BlackBerry Device Software v7.0.0 for the BlackBerry 9900 smartphone
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Mass Sender 4.3" = Advanced Mass Sender 4.3
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"blackberrymastercontrolprogram" = BlackBerry Master Control Program 1.0.0
"BvSshClient" = Bitvise SSH Client 4.50 (remove only)
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CometBird 11.0 (x86 en-US)" = CometBird 11.0 (x86 en-US)
"Desk 365" = Desk 365
"DivX Setup" = DivX Setup
"FileZilla Client" = FileZilla Client 3.6.0.2
"Flock (2.6.1)" = Flock (2.6.1)
"Google Chrome" = Google Chrome
"HMA! Pro VPN" = HMA! Pro VPN 2.7.1.7
"Internet Download Manager" = Internet Download Manager
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"LimeWireTurbo" = LimeWireTurbo
"ListMotor_is1" = ListMotor 2.2
"Mobogenie" = Mobogenie
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTN F@stLink" = MTN F@stLink
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenVPN" = OpenVPN 2.1.4
"Opera 12.02.1578" = Opera 12.02
"SplitCam" = SplitCam
"TunnelBear" = TunnelBear 2.0.18.0
"Turbo-Mailer" = Turbo-Mailer
"Visafone Internet" = Visafone Internet
"visafone surf" = visafone surf
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WNLT" = SweetPacks Updater Service
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZTEWireless-101_is1" = Visafone Internet
"Zuma's Revenge!1.0" = Zuma's Revenge!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1133408093-2153907846-2811385714-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/20/2013 9:44:36 AM | Computer Name = ZION-KIDD-PC | Source = RasClient | ID = 20227
Description =

Error - 5/20/2013 9:44:36 AM | Computer Name = ZION-KIDD-PC | Source = RasClient | ID = 20227
Description =

Error - 5/20/2013 9:44:37 AM | Computer Name = ZION-KIDD-PC | Source = RasClient | ID = 20227
Description =

Error - 5/20/2013 9:44:37 AM | Computer Name = ZION-KIDD-PC | Source = RasClient | ID = 20227
Description =

Error - 5/20/2013 9:44:37 AM | Computer Name = ZION-KIDD-PC | Source = RasClient | ID = 20227
Description =

Error - 5/20/2013 9:44:37 AM | Computer Name = ZION-KIDD-PC | Source = RasClient | ID = 20227
Description =

Error - 5/20/2013 9:44:37 AM | Computer Name = ZION-KIDD-PC | Source = RasClient | ID = 20227
Description =

Error - 5/20/2013 9:44:37 AM | Computer Name = ZION-KIDD-PC | Source = RasClient | ID = 20227
Description =

Error - 5/20/2013 9:44:37 AM | Computer Name = ZION-KIDD-PC | Source = RasClient | ID = 20227
Description =

Error - 5/20/2013 9:44:38 AM | Computer Name = ZION-KIDD-PC | Source = RasClient | ID = 20227
Description =

Error - 5/20/2013 9:44:38 AM | Computer Name = ZION-KIDD-PC | Source = RasClient | ID = 20227
Description =

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 12/17/2013 9:18:44 AM | Computer Name = ZION-KIDD-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
709 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824
(0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 12/17/2013 9:18:49 AM | Computer Name = ZION-KIDD-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File:
.\HostConfigMgr.cpp Line: 1766 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return
Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 12/17/2013 9:18:49 AM | Computer Name = ZION-KIDD-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File:
.\HostConfigMgr.cpp Line: 1766 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return
Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 12/17/2013 9:18:49 AM | Computer Name = ZION-KIDD-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
709 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824
(0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 12/17/2013 9:18:54 AM | Computer Name = ZION-KIDD-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File:
.\HostConfigMgr.cpp Line: 1766 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return
Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 12/17/2013 9:18:54 AM | Computer Name = ZION-KIDD-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File:
.\HostConfigMgr.cpp Line: 1766 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return
Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 12/17/2013 9:18:57 AM | Computer Name = ZION-KIDD-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File:
.\HostConfigMgr.cpp Line: 1766 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return
Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 12/17/2013 9:19:16 AM | Computer Name = ZION-KIDD-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL

Error - 12/17/2013 9:19:16 AM | Computer Name = ZION-KIDD-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL

Error - 12/17/2013 9:19:16 AM | Computer Name = ZION-KIDD-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL

[ System Events ]
Error - 9/29/2013 8:15:18 AM | Computer Name = ZION-KIDD-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the visafone
surf. OUC service to connect.

Error - 9/29/2013 8:15:18 AM | Computer Name = ZION-KIDD-PC | Source = Service Control Manager | ID = 7000
Description = The visafone surf. OUC service failed to start due to the following
error:   %%1053

Error - 9/30/2013 5:24:17 AM | Computer Name = ZION-KIDD-PC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 51. The Windows SChannel error state is 900.

Error - 9/30/2013 5:24:24 AM | Computer Name = ZION-KIDD-PC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 51. The Windows SChannel error state is 900.

Error - 9/30/2013 8:05:01 PM | Computer Name = ZION-KIDD-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MTN
F@stLink. OUC service to connect.

Error - 9/30/2013 8:05:01 PM | Computer Name = ZION-KIDD-PC | Source = Service Control Manager | ID = 7000
Description = The MTN F@stLink. OUC service failed to start due to the following
error:   %%1053

Error - 9/30/2013 8:05:06 PM | Computer Name = ZION-KIDD-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the visafone
surf. OUC service to connect.

Error - 9/30/2013 8:05:06 PM | Computer Name = ZION-KIDD-PC | Source = Service Control Manager | ID = 7000
Description = The visafone surf. OUC service failed to start due to the following
error:   %%1053

Error - 10/1/2013 12:09:58 PM | Computer Name = ZION-KIDD-PC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 10. The Windows SChannel error state is 10.

Error - 10/1/2013 12:09:58 PM | Computer Name = ZION-KIDD-PC | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 10. The Windows SChannel error state is 12.

< End of report >

Maniac · December 17, 2013

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as BitTorrent, LimeWireTurbo or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are ready, please generate a new fresh OTL log files.

zion098 · December 17, 2013

OTL logfile created on: 12/17/2013 11:28:01 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ZION-KIDD\Downloads
Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.95 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 47.12% Memory free
5.95 Gb Paging File | 4.38 Gb Available in Paging File | 73.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 285.02 Gb Total Space | 192.27 Gb Free Space | 67.46% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 31.14 Mb Free Space | 31.14% Space Free | Partition Type: NTFS

Computer Name: ZION-KIDD-PC | User Name: ZION-KIDD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/17 14:33:52 | 000,659,968 | ---- | M] (OldTimer Tools) -- C:\Users\ZION-KIDD\Downloads\OTL.exe
PRC - [2013/12/17 01:14:31 | 000,076,288 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\AdobeART.exe
PRC - [2013/12/11 13:03:07 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/11/12 23:16:54 | 000,130,923 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Local\Temp\~nsu.tmp\Au_.exe
PRC - [2013/11/05 11:33:24 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/10/30 10:35:34 | 000,719,872 | ---- | M] () -- C:\Program Files\Appandora\AppandoraDeviceService.exe
PRC - [2013/10/29 10:46:44 | 000,064,008 | ---- | M] (Google) -- C:\Users\ZION-KIDD\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/10/08 23:51:11 | 001,011,792 | ---- | M] (337 Technology Limited.) -- C:\Program Files\Desk 365\desk365.exe
PRC - [2013/10/08 23:51:11 | 000,424,016 | ---- | M] (337 Technology Limited.) -- C:\Program Files\Desk 365\deskSvc.exe
PRC - [2013/09/03 14:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/29 01:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/07/19 22:29:14 | 000,703,888 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2013/07/19 22:28:58 | 000,557,968 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2013/07/17 17:20:14 | 001,344,304 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2013/06/17 10:42:48 | 000,246,112 | ---- | M] () -- C:\ProgramData\MTN F@stLink\OnlineUpdate\ouc.exe
PRC - [2013/06/04 01:28:14 | 000,221,184 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Local\Temp\explorer.exe
PRC - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/07 21:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\ZION-KIDD\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2013/01/04 16:38:06 | 000,512,000 | ---- | M] () -- C:\Program Files\Visafone Internet\bin\MonServiceUDisk.exe
PRC - [2012/11/12 06:59:15 | 000,657,504 | ---- | M] () -- C:\ProgramData\visafone surf\OnlineUpdate\ouc.exe
PRC - [2012/10/12 21:31:18 | 001,826,816 | ---- | M] () -- C:\Program Files\Visafone Internet\Visafone Internet\Visafone Internet.exe
PRC - [2012/09/24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\javaw.exe
PRC - [2012/09/22 15:21:00 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012/08/29 15:22:38 | 000,174,080 | ---- | M] (Atheros Commnucations) -- C:\Windows\System32\AdminService.exe
PRC - [2012/08/25 09:12:44 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\sppsvc.exe
PRC - [2012/07/26 04:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012/07/26 04:20:59 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe
PRC - [2012/07/26 04:20:58 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SrTasks.exe
PRC - [2012/07/26 04:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2012/07/26 04:20:44 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/07/26 04:20:44 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe
PRC - [2012/07/26 04:20:43 | 000,936,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
PRC - [2012/06/07 18:22:22 | 000,071,168 | ---- | M] () -- C:\Program Files\Visafone Internet\BGService.exe
PRC - [2012/06/07 18:21:05 | 000,167,936 | ---- | M] () -- C:\Program Files\Visafone Internet\DataCardService.exe
PRC - [2012/04/01 07:03:32 | 000,117,024 | ---- | M] (CometNetwork) -- C:\Program Files\CometBird\cometbird.exe
PRC - [2012/03/10 04:24:50 | 000,040,048 | ---- | M] (SparkLabs) -- C:\Program Files\WiTopia\WiTopiaService.exe
PRC - [2011/04/12 21:40:58 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/03/14 16:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011/03/14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2013/12/17 23:25:52 | 000,011,264 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Local\Temp\nsi1C41.tmp\System.dll
MOD - [2013/12/17 13:47:44 | 000,584,704 | ---- | M] () -- C:\Program Files\Appandora\sqlite3.dll
MOD - [2013/12/17 01:14:31 | 000,076,288 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\AdobeART.exe
MOD - [2013/12/11 13:03:05 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/12/04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/11/12 23:16:54 | 000,130,923 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Local\Temp\~nsu.tmp\Au_.exe
MOD - [2013/11/05 11:33:23 | 016,233,864 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/10/30 10:35:34 | 000,719,872 | ---- | M] () -- C:\Program Files\Appandora\AppandoraDeviceService.exe
MOD - [2013/10/30 10:35:30 | 000,376,832 | ---- | M] () -- C:\Program Files\Appandora\DuiLib.dll
MOD - [2013/10/08 23:51:12 | 000,232,016 | ---- | M] () -- C:\Program Files\Desk 365\edeskcmn.dll
MOD - [2013/10/08 23:51:12 | 000,146,512 | ---- | M] () -- C:\Program Files\Desk 365\enotify.dll
MOD - [2013/10/08 23:51:12 | 000,099,408 | ---- | M] () -- C:\Program Files\Desk 365\mbdet.dll
MOD - [2013/10/08 23:51:12 | 000,073,296 | ---- | M] () -- C:\Program Files\Desk 365\libpopdlg.dll
MOD - [2013/09/22 12:03:24 | 000,059,904 | ---- | M] () -- C:\Program Files\Appandora\zlib.dll
MOD - [2013/08/29 01:25:02 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/08/29 01:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/07/19 22:29:58 | 000,063,376 | ---- | M] () -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2013/06/04 01:28:14 | 000,221,184 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Local\Temp\explorer.exe
MOD - [2013/03/23 03:10:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ed2a69139fec2cbd55d830ceb0db06c6\System.Configuration.ni.dll
MOD - [2013/03/23 03:10:02 | 001,711,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\992ee7239e962ebd76a111a1113f5d7a\Microsoft.VisualBasic.ni.dll
MOD - [2013/03/22 14:02:12 | 005,452,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a801272bc1990741b7b2f5dde3a57420\System.Xml.ni.dll
MOD - [2013/03/22 14:02:03 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5ba5657c270bdd2fde78ecda4c2ad910\System.Windows.Forms.ni.dll
MOD - [2013/03/22 14:01:52 | 001,592,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\b8f373895aa19304a2cb6b888e298529\System.Drawing.ni.dll
MOD - [2013/03/22 14:01:50 | 006,656,512 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\1eb58eaab973ccadc97fb992c6a75181\System.Data.ni.dll
MOD - [2013/03/22 14:01:42 | 001,051,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\ccae9d6b17cd302da80ea7584a4c7326\System.Management.ni.dll
MOD - [2013/03/22 14:00:47 | 007,967,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\6124280f8365d6683e54dd99742100f6\System.ni.dll
MOD - [2013/03/22 14:00:38 | 011,494,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\452f06494f05cb9d89325460550d1d62\mscorlib.ni.dll
MOD - [2013/03/07 21:32:40 | 021,014,960 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013/03/07 21:32:38 | 000,292,272 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013/03/07 21:32:38 | 000,179,632 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013/01/23 15:03:56 | 000,181,840 | ---- | M] () -- C:\Program Files\Desk 365\libpng.dll
MOD - [2012/12/14 02:02:20 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2012/11/29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012/10/12 21:31:18 | 001,826,816 | ---- | M] () -- C:\Program Files\Visafone Internet\Visafone Internet\Visafone Internet.exe
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/07/26 04:19:14 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2012/07/26 00:14:50 | 002,972,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/05 14:56:52 | 000,212,992 | ---- | M] () -- C:\Program Files\Visafone Internet\Visafone Internet\Modem.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/04/01 07:03:32 | 001,949,184 | ---- | M] () -- C:\Program Files\CometBird\mozjs.dll

========== Services (SafeList) ==========

SRV - [2013/12/11 13:03:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 23:51:11 | 000,424,016 | ---- | M] (337 Technology Limited.) [Auto | Running] -- C:\Program Files\Desk 365\deskSvc.exe -- (desksvc)
SRV - [2013/09/03 14:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/07/19 22:28:58 | 000,557,968 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2013/07/17 17:20:14 | 001,344,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/06/17 10:42:48 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MTN F@stLink\UpdateDog\ouc.exe -- (MTN F@stLink. RunOuc)
SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)
SRV - [2013/01/04 16:38:06 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files\Visafone Internet\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2012/12/14 02:02:14 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/11/12 06:59:15 | 000,657,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\visafone surf\UpdateDog\ouc.exe -- (visafone surf. RunOuc)
SRV - [2012/08/29 15:22:38 | 000,174,080 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Windows\System32\AdminService.exe -- (AtherosSvc)
SRV - [2012/08/25 09:12:44 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\sppsvc.exe -- (SLSvc)
SRV - [2012/07/26 05:03:42 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 04:31:20 | 002,151,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)
SRV - [2012/07/26 04:30:33 | 000,013,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2012/07/26 04:20:30 | 001,536,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)
SRV - [2012/07/26 04:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2012/07/26 04:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)
SRV - [2012/07/26 04:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)
SRV - [2012/07/26 04:20:07 | 000,113,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)
SRV - [2012/07/26 04:20:05 | 000,117,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2012/07/26 04:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)
SRV - [2012/07/26 04:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2012/07/26 04:19:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2012/07/26 04:19:22 | 000,364,032 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)
SRV - [2012/07/26 04:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)
SRV - [2012/07/26 04:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2012/07/26 04:18:55 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)
SRV - [2012/07/26 04:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\keyiso.dll -- (KeyIso)
SRV - [2012/07/26 04:18:28 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)
SRV - [2012/07/26 04:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)
SRV - [2012/07/26 04:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)
SRV - [2012/07/26 04:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)
SRV - [2012/07/26 04:18:01 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)
SRV - [2012/07/26 04:17:58 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV - [2012/07/26 04:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)
SRV - [2012/07/26 01:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)
SRV - [2012/06/07 18:21:05 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Visafone Internet\DataCardService.exe -- (ALCATEL)
SRV - [2012/03/10 04:24:50 | 000,040,048 | ---- | M] (SparkLabs) [Auto | Running] -- C:\Program Files\WiTopia\WiTopiaService.exe -- (WiTopiaService)
SRV - [2011/04/12 21:40:58 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/03/14 16:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/12/02 15:59:08 | 000,038,926 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\CT_QUALCOMM_U_drv.sys -- (CT_QUALCOMM_U_drv)
DRV - [2013/07/19 22:12:38 | 000,043,120 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vpnva-6.sys -- (vpnva)
DRV - [2013/07/19 22:10:16 | 000,092,112 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acsock.sys -- (acsock)
DRV - [2013/01/20 07:00:58 | 000,036,040 | ---- | M] (AnchorFree Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2012/12/03 12:21:04 | 000,205,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2012/12/03 11:39:10 | 000,379,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012/10/30 05:42:16 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012/10/29 12:42:46 | 000,070,272 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/10/26 11:06:48 | 000,108,544 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\CT_U_USBSER.sys -- (Generalusbserialser20679)
DRV - [2012/08/29 15:22:38 | 000,480,256 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\btfilter.sys -- (BtFilter)
DRV - [2012/08/20 01:54:20 | 000,027,520 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012/08/20 01:54:18 | 000,096,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/08/20 01:54:18 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/07/26 05:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)
DRV - [2012/07/26 04:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)
DRV - [2012/07/26 04:48:33 | 000,121,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)
DRV - [2012/07/26 04:48:29 | 000,049,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)
DRV - [2012/07/26 04:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV - [2012/07/26 04:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV - [2012/07/26 04:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)
DRV - [2012/07/26 04:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)
DRV - [2012/07/26 04:42:19 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV - [2012/07/26 04:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV - [2012/07/26 04:42:19 | 000,267,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV - [2012/07/26 04:42:19 | 000,179,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)
DRV - [2012/07/26 04:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)
DRV - [2012/07/26 04:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)
DRV - [2012/07/26 04:42:18 | 000,066,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)
DRV - [2012/07/26 04:42:15 | 000,238,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)
DRV - [2012/07/26 04:42:15 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV - [2012/07/26 04:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)
DRV - [2012/07/26 04:42:15 | 000,046,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)
DRV - [2012/07/26 04:42:14 | 000,024,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV - [2012/07/26 04:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV - [2012/07/26 04:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)
DRV - [2012/07/26 04:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)
DRV - [2012/07/26 04:39:55 | 000,023,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/07/26 04:39:35 | 000,057,072 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)
DRV - [2012/07/26 04:39:13 | 000,030,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)
DRV - [2012/07/26 04:34:01 | 000,199,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)
DRV - [2012/07/26 04:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)
DRV - [2012/07/26 04:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)
DRV - [2012/07/26 04:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)
DRV - [2012/07/26 04:30:33 | 000,028,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)
DRV - [2012/07/26 03:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV - [2012/07/26 03:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)
DRV - [2012/07/26 03:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)
DRV - [2012/07/26 03:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)
DRV - [2012/07/26 03:35:48 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV - [2012/07/26 03:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)
DRV - [2012/07/26 03:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)
DRV - [2012/07/26 03:35:23 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)
DRV - [2012/07/26 03:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)
DRV - [2012/07/26 03:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)
DRV - [2012/07/26 03:35:04 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usb80236.sys -- (usbrndis6)
DRV - [2012/07/26 03:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)
DRV - [2012/07/26 03:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)
DRV - [2012/07/26 03:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV - [2012/07/26 03:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2012/07/26 03:34:16 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)
DRV - [2012/07/26 03:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)
DRV - [2012/07/26 03:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)
DRV - [2012/07/26 03:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)
DRV - [2012/07/26 03:33:50 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\vwifimp.sys -- (vwifimp)
DRV - [2012/07/26 03:33:37 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\winusb.sys -- (WinUsb)
DRV - [2012/07/26 03:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/07/26 03:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV - [2012/07/26 03:33:00 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)
DRV - [2012/07/26 03:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/26 03:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)
DRV - [2012/07/26 03:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)
DRV - [2012/07/26 03:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV - [2012/07/26 03:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)
DRV - [2012/07/26 03:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)
DRV - [2012/07/25 23:49:40 | 000,495,104 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\Rt630x86.sys -- (RTL8168)
DRV - [2012/06/02 15:31:30 | 002,273,280 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\athr.sys -- (athr)
DRV - [2012/03/29 08:26:12 | 000,256,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2011/12/31 02:20:24 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/05/13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011/05/13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ssadadb.sys -- (androidusb)
DRV - [2011/04/12 21:10:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011/03/26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/12/25 03:22:50 | 000,206,976 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\evusbvoc.sys -- (evusbvoc)
DRV - [2010/12/25 03:22:50 | 000,206,976 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\evusbmdm.sys -- (evusbmdm)
DRV - [2010/12/25 03:22:50 | 000,206,976 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\evusbdiag.sys -- (evusbdiag)
DRV - [2010/12/25 03:22:50 | 000,206,976 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\evusbat.sys -- (evusbat)
DRV - [2010/11/10 10:02:38 | 000,064,512 | ---- | M] (HUAWEI Communication) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HuaweiWiMAXUSB.sys -- (HuaweiWiMAXUSB)
DRV - [2010/10/19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\HECI.sys -- (MEI)
DRV - [2010/07/27 02:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\CVirtA.sys -- (CVirtA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.dosearches.com/web/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=ds&from=smt&uid=ST9320310AS_5WV101BAXXXX5WV101BA&ts=1382184582&type=default&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://african.howzit.msn.com/?rd=1&ucc=NG&dcc=NG&opt=0&ocid=iehp
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 3D 69 9C 95 10 CE 01 [binary data]
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={F4B3C059-FF5D-11E2-AFC0-CCAF78C1D24A}&crg=3.1010000.10039&st=23&ptr=100
IE - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.backup.ftp: "46.14.211.177"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "46.14.211.177"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "46.14.211.177"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "82.220.3.15"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "82.220.3.15"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "82.220.3.15"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "82.220.3.15"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ZION-KIDD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ZION-KIDD\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ZION-KIDD\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\ZION-KIDD\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2013/11/01 14:06:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2013/11/06 10:52:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 13:02:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 13:02:57 | 000,000,000 | ---D | M]

[2012/09/22 13:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\Extensions
[2012/09/22 13:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2013/11/05 11:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\Firefox\Profiles\y11vp9wg.default\extensions
[2012/09/22 13:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\SeaMonkey\Profiles\5huareha.default\extensions
[2013/10/19 15:57:47 | 000,006,227 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\Firefox\Profiles\y11vp9wg.default\searchplugins\dokotoolbar.xml
[2013/12/16 11:29:37 | 000,004,120 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\Mozilla\Firefox\Profiles\y11vp9wg.default\searchplugins\SweetIM Search.xml
[2013/12/11 13:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/11 13:02:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/11 13:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/11 13:02:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/11 13:03:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: Google Wallet = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\ZION-KIDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/07/26 05:17:20 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Appandora device service] C:\Program Files\Appandora\AppandoraDeviceService.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ZION-KIDD-PC] C:\Program Files\Java\jusched.exe File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [08f4dc96bbb7af09d1a37fe35c75a42f] C:\Users\ZION-KIDD\AppData\Local\Temp\explorer.exe ()
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [238e7f7108493dec7955402a2dd0d825] "C:\ProgramData\server.exe" .. File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [301b5fcf8ce2fab8868e80b6c1f912fe] "C:\Users\ZION-KIDD\AppData\Local\Temp\System.exe" .. File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [abdd6bfc0e8fddea8251d6f207eba15e] "C:\Users\ZION-KIDD\explorer.exe" .. File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [AdobeART] C:\Users\ZION-KIDD\AppData\Roaming\AdobeART.exe ()
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [ba4c12bee3027d94da5c81db2d196bfd] "C:\Users\ZION-KIDD\AppData\Local\Temp\svchost.exe" .. File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [c1d0b9d0c2bd42e23f8e442128550693] "C:\Users\ZION-KIDD\AppData\Roaming\sys.exe" .. File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [Desk 365] C:\Program Files\Desk 365\desk365.exe (337 Technology Limited.)
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [Facebook Update] C:\Users\ZION-KIDD\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [File] C:\Program Files\Java\jre7\bin\javaw.exe (Oracle Corporation)
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [ghizqwkyae] wscript.exe //B "C:\Users\ZION-K~1\AppData\Local\Temp\ghizqwkyae..vbs" File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [MicroUpdate] C:\WINDOWS\system32\MSDCSC\msdcsc.exe File not found
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [RIMDeviceManager] C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
O4 - HKU\S-1-5-21-1133408093-2153907846-2811385714-1000..\Run: [ZION-KIDD-PC] C:\Program Files\Java\jusched.exe File not found
O4 - Startup: C:\Users\ZION-KIDD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\08f4dc96bbb7af09d1a37fe35c75a42f.exe ()
O4 - Startup: C:\Users\ZION-KIDD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\ZION-KIDD\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\ZION-KIDD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ghizqwkyae..vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BD9814F-8D72-433C-90A9-44E98EF1952B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32C8F054-4EA9-4FE6-B390-7CA389D1D3F1}: NameServer = 41.138.161.110 41.138.162.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F6F4FD0-41E9-48BE-BE14-92E206DB85EC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ABAA516-7DF0-4A79-AB0D-B36F065C33BB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACCDBC7A-3DD0-4220-8E84-DB0510A84DD8}: NameServer = 41.138.161.110 41.138.162.110
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8D9E3A0-BD5A-474E-846D-A79E54D2BD17}: NameServer = 41.138.161.110 41.138.162.110
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/10/20 22:39:09 | 000,000,031 | -HS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{08187f93-c9eb-11e2-afaf-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{08187f93-c9eb-11e2-afaf-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{0dcfbbec-2a2d-11e3-afdb-9d83ea875333}\Shell - "" = AutoRun
O33 - MountPoints2\{0dcfbbec-2a2d-11e3-afdb-9d83ea875333}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{0fcb74b4-02ee-11e2-a814-e66fc97bf6c6}\Shell - "" = AutoRun
O33 - MountPoints2\{0fcb74b4-02ee-11e2-a814-e66fc97bf6c6}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{0fcb74bc-02ee-11e2-a814-e66fc97bf6c6}\Shell - "" = AutoRun
O33 - MountPoints2\{0fcb74bc-02ee-11e2-a814-e66fc97bf6c6}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{12cb08e6-4d3a-11e3-aff5-94ef83774df8}\Shell - "" = AutoRun
O33 - MountPoints2\{12cb08e6-4d3a-11e3-aff5-94ef83774df8}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{1318e2a4-c9de-11e2-afae-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{1318e2a4-c9de-11e2-afae-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{1318e2c8-c9de-11e2-afae-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{1318e2c8-c9de-11e2-afae-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{14e82264-d970-11e2-afb6-001e101f9f74}\Shell - "" = AutoRun
O33 - MountPoints2\{14e82264-d970-11e2-afb6-001e101f9f74}\Shell\AutoRun\command - "" = "H:\AutoRun.exe"
O33 - MountPoints2\{14e8228e-d970-11e2-afb6-001e101f0838}\Shell - "" = AutoRun
O33 - MountPoints2\{14e8228e-d970-11e2-afb6-001e101f0838}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{14e82316-d970-11e2-afb6-001e101f0838}\Shell - "" = AutoRun
O33 - MountPoints2\{14e82316-d970-11e2-afb6-001e101f0838}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{274c1f8c-d647-11e2-afb4-001e101f10b3}\Shell - "" = AutoRun
O33 - MountPoints2\{274c1f8c-d647-11e2-afb4-001e101f10b3}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{274c2169-d647-11e2-afb4-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{274c2169-d647-11e2-afb4-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{278ded0e-96e4-11e2-af9f-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{278ded0e-96e4-11e2-af9f-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Setup.exe"
O33 - MountPoints2\{29173eb6-da78-11e2-afb7-001e101f870a}\Shell - "" = AutoRun
O33 - MountPoints2\{29173eb6-da78-11e2-afb7-001e101f870a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{2917454c-da78-11e2-afb7-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{2917454c-da78-11e2-afb7-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{5524b82f-381f-11e3-afe4-cc136bdc5630}\Shell - "" = AutoRun
O33 - MountPoints2\{5524b82f-381f-11e3-afe4-cc136bdc5630}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{64b639cd-8647-11e2-8db7-e9eaaadab183}\Shell - "" = AutoRun
O33 - MountPoints2\{64b639cd-8647-11e2-8db7-e9eaaadab183}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{64b639e1-8647-11e2-8db7-e9eaaadab183}\Shell - "" = AutoRun
O33 - MountPoints2\{64b639e1-8647-11e2-8db7-e9eaaadab183}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{64b63b39-8647-11e2-8db7-e9eaaadab183}\Shell - "" = AutoRun
O33 - MountPoints2\{64b63b39-8647-11e2-8db7-e9eaaadab183}\Shell\AutoRun\command - "" = "F:\Setup.exe" /Auto
O33 - MountPoints2\{8de641d1-1658-11e3-afd2-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{8de641d1-1658-11e3-afd2-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{91e1cc2d-ef25-11e2-afba-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{91e1cc2d-ef25-11e2-afba-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Setup.exe" /Auto
O33 - MountPoints2\{91e1d2c6-ef25-11e2-afba-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{91e1d2c6-ef25-11e2-afba-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{91e1d305-ef25-11e2-afba-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{91e1d305-ef25-11e2-afba-ccaf78c1d24a}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"
O33 - MountPoints2\{91e1d5f1-ef25-11e2-afba-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{91e1d5f1-ef25-11e2-afba-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{91e1d816-ef25-11e2-afba-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{91e1d816-ef25-11e2-afba-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{9c677752-ce7b-11e2-afb1-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{9c677752-ce7b-11e2-afb1-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{9c677787-ce7b-11e2-afb1-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{9c677787-ce7b-11e2-afb1-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{aadc528e-b9bf-11e2-afaa-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{aadc528e-b9bf-11e2-afaa-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\CMADownloader.exe"
O33 - MountPoints2\{cde6ddcd-d5b3-11e2-afb3-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{cde6ddcd-d5b3-11e2-afb3-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{cde6de29-d5b3-11e2-afb3-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{cde6de29-d5b3-11e2-afb3-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{cde6dfed-d5b3-11e2-afb3-001e101f96e8}\Shell - "" = AutoRun
O33 - MountPoints2\{cde6dfed-d5b3-11e2-afb3-001e101f96e8}\Shell\AutoRun\command - "" = "H:\AutoRun.exe"
O33 - MountPoints2\{cde6e03f-d5b3-11e2-afb3-001e101f96e8}\Shell - "" = AutoRun
O33 - MountPoints2\{cde6e03f-d5b3-11e2-afb3-001e101f96e8}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{cde6e12b-d5b3-11e2-afb3-001e101f96e8}\Shell - "" = AutoRun
O33 - MountPoints2\{cde6e12b-d5b3-11e2-afb3-001e101f96e8}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{d152799f-ff31-11e2-afc0-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{d152799f-ff31-11e2-afc0-ccaf78c1d24a}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"
O33 - MountPoints2\{d5165486-c50b-11e2-afac-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{d5165486-c50b-11e2-afac-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{dc712142-58bd-11e2-92fd-ad3bac846417}\Shell - "" = AutoRun
O33 - MountPoints2\{dc712142-58bd-11e2-92fd-ad3bac846417}\Shell\AutoRun\command - "" = "F:\Windows\Setup.exe"
O33 - MountPoints2\{eeac1b4d-dea2-11e2-afb9-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{eeac1b4d-dea2-11e2-afb9-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{eeac27b0-dea2-11e2-afb9-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{eeac27b0-dea2-11e2-afb9-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{eeac27c5-dea2-11e2-afb9-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{eeac27c5-dea2-11e2-afb9-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{f1805ccd-d72a-11e2-afb5-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{f1805ccd-d72a-11e2-afb5-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{f1805d26-d72a-11e2-afb5-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{f1805d26-d72a-11e2-afb5-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{f1805e2c-d72a-11e2-afb5-001e101f26b9}\Shell - "" = AutoRun
O33 - MountPoints2\{f1805e2c-d72a-11e2-afb5-001e101f26b9}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O33 - MountPoints2\{fcc11a41-3a28-11e3-afe9-ccaf78c1d24a}\Shell - "" = AutoRun
O33 - MountPoints2\{fcc11a41-3a28-11e3-afe9-ccaf78c1d24a}\Shell\AutoRun\command - "" = "F:\AutoRun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/17 13:49:12 | 000,114,176 | ---- | C] (SOFTWIN S.R.L.) -- C:\Users\ZION-KIDD\AppData\Roaming\AdobeARTSrv.exe
[2013/12/17 11:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/12/17 01:14:32 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\Microsoft
[2013/12/16 00:33:39 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\AppData\Roaming\Malwarebytes
[2013/12/16 00:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/15 21:46:00 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\Desktop\Tyga_Medusa
[2013/12/11 13:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/11 08:48:05 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\Desktop\HOLY GRAIL- HOV
[2013/12/11 08:41:36 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\Desktop\KSA
[2013/12/02 16:51:01 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\cminstaller
[2013/11/18 12:42:40 | 000,000,000 | ---D | C] -- C:\Users\ZION-KIDD\Desktop\ANZ
[2013/11/06 00:10:18 | 001,775,000 | ---- | C] (Mozilla Foundation) -- C:\Users\ZION-KIDD\AppData\Roaming\nss3.dll
[2013/11/06 00:10:18 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Users\ZION-KIDD\AppData\Roaming\msvcr100.dll
[2013/11/06 00:10:18 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Users\ZION-KIDD\AppData\Roaming\msvcp100.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\ZION-KIDD\Desktop\*.tmp files -> C:\Users\ZION-KIDD\Desktop\*.tmp -> ]
[1 C:\Users\ZION-KIDD\AppData\Roaming\*.tmp files -> C:\Users\ZION-KIDD\AppData\Roaming\*.tmp -> ]
[1 C:\Users\ZION-KIDD\*.tmp files -> C:\Users\ZION-KIDD\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2018/08/27 07:11:05 | 000,132,165 | ---- | M] () -- C:\WINDOWS\System32\slmgr.vbs
[2013/12/17 23:22:09 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/17 23:19:59 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/17 14:58:40 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1133408093-2153907846-2811385714-1000UA.job
[2013/12/17 14:53:56 | 000,114,176 | ---- | M] (SOFTWIN S.R.L.) -- C:\Users\ZION-KIDD\AppData\Roaming\AdobeARTSrv.exe
[2013/12/17 13:48:44 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/17 13:46:55 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/17 13:46:53 | 294,145,641 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/12/17 13:46:50 | 2376,482,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/17 12:35:25 | 000,398,005 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\KEVIN COLBERT-INSURANCE-DOCUMENT-YET TO PAY.jpg
[2013/12/17 11:10:02 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1133408093-2153907846-2811385714-1000UA.job
[2013/12/17 01:25:10 | 000,120,257 | ---- | M] () -- C:\Users\ZION-KIDD\Documents\webmail.htm
[2013/12/17 01:25:08 | 000,114,502 | ---- | M] () -- C:\Users\ZION-KIDD\Documents\IMPORTANT DOCUMENT.HTML
[2013/12/17 01:25:08 | 000,114,227 | ---- | M] () -- C:\Users\ZION-KIDD\Documents\g.html
[2013/12/17 01:25:07 | 000,122,952 | ---- | M] () -- C:\Users\ZION-KIDD\Documents\Barclays Login Form.html
[2013/12/17 01:24:04 | 000,160,873 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\update1.html
[2013/12/17 01:24:04 | 000,159,380 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\update.html
[2013/12/17 01:24:03 | 000,145,573 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\signin.blackboard.edu.htm
[2013/12/17 01:24:03 | 000,126,789 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\servlet.htm
[2013/12/17 01:24:03 | 000,122,216 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\t-onlinemesaage.html
[2013/12/17 01:24:03 | 000,119,499 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\secure.online-login.htm
[2013/12/17 01:24:03 | 000,115,118 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\Santander_Messg.html
[2013/12/17 01:24:02 | 000,138,299 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\proofingEvent.html
[2013/12/17 01:24:02 | 000,127,725 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\online.html
[2013/12/17 01:24:02 | 000,123,546 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\outlook.html
[2013/12/17 01:24:02 | 000,118,225 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\pnc.html
[2013/12/17 01:23:51 | 000,114,237 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\NewRDP_Message.html
[2013/12/17 01:23:15 | 000,117,048 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\msg_pnc.html
[2013/12/17 01:23:13 | 000,123,017 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\login.jsp.htm
[2013/12/17 01:23:13 | 000,120,957 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\login.jsp.html
[2013/12/17 01:23:13 | 000,116,239 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\login.html
[2013/12/17 01:23:12 | 000,117,296 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\inde6x.htm
[2013/12/17 01:23:11 | 000,180,600 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\gmail_verification.html
[2013/12/17 01:23:11 | 000,114,493 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\Gmail-Messge.htm
[2013/12/17 01:22:39 | 000,120,299 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\BOA_MESAGE.HTM
[2013/12/17 01:22:39 | 000,119,905 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\Bank of America.html
[2013/12/17 01:22:39 | 000,114,579 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\AOL_Messg.htm
[2013/12/17 01:22:39 | 000,114,483 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\AOL-Messge.htm
[2013/12/17 01:22:38 | 000,136,334 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\Alibaba-Secure-Data.html
[2013/12/17 01:22:37 | 000,129,744 | ---- | M] () -- C:\Users\ZION-KIDD\application.aspx.htm
[2013/12/17 01:22:37 | 000,129,722 | ---- | M] () -- C:\Users\ZION-KIDD\application.aspx2.htm
[2013/12/17 01:14:31 | 000,076,288 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\AdobeART.exe
[2013/12/16 17:48:37 | 001,084,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/16 17:48:37 | 000,248,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/16 17:10:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1133408093-2153907846-2811385714-1000Core.job
[2013/12/13 12:56:53 | 000,006,899 | ---- | M] () -- C:\Users\ZION-KIDD\Desktop\doctor kelly.jpg
[2013/12/12 18:58:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1133408093-2153907846-2811385714-1000Core.job
[2013/12/11 23:21:59 | 000,002,232 | -H-- | M] () -- C:\Users\ZION-KIDD\Documents\Default.rdp
[2013/12/09 22:29:19 | 000,202,269 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\File.jar
[2013/12/09 22:29:14 | 000,209,169 | ---- | M] () -- C:\Users\ZION-KIDD\AppData\Roaming\2043479783.jar
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\ZION-KIDD\Desktop\*.tmp files -> C:\Users\ZION-KIDD\Desktop\*.tmp -> ]
[1 C:\Users\ZION-KIDD\AppData\Roaming\*.tmp files -> C:\Users\ZION-KIDD\AppData\Roaming\*.tmp -> ]
[1 C:\Users\ZION-KIDD\*.tmp files -> C:\Users\ZION-KIDD\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/17 12:12:39 | 000,398,005 | ---- | C] () -- C:\Users\ZION-KIDD\Desktop\KEVIN COLBERT-INSURANCE-DOCUMENT-YET TO PAY.jpg
[2013/12/17 01:14:32 | 000,076,288 | ---- | C] () -- C:\Users\ZION-KIDD\AppData\Roaming\AdobeART.exe
[2013/12/13 12:56:49 | 000,006,899 | ---- | C] () -- C:\Users\ZION-KIDD\Desktop\doctor kelly.jpg
[2013/12/11 22:58:56 | 000,119,499 | ---- | C] () -- C:\Users\ZION-KIDD\Desktop\secure.online-login.htm
[2013/12/09 22:29:17 | 000,202,269 | ---- | C] () -- C:\Users\ZION-KIDD\AppData\Roaming\File.jar
[2013/12/09 22:29:13 | 000,209,169 | ---- | C] () -- C:\Users\ZION-KIDD\AppData\Roaming\2043479783.jar
[2013/12/03 19:38:50 | 000,180,600 | ---- | C] () -- C:\Users\ZION-KIDD\Desktop\gmail_verification.html
[2013/11/12 23:07:31 | 000,053,152 | ---- | C] () -- C:\WINDOWS\System32\USBCoInstaller.dll
[2013/09/16 15:58:08 | 000,012,015 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/08/07 13:36:29 | 001,344,304 | ---- | C] () -- C:\WINDOWS\System32\dmwu.exe
[2013/06/11 08:51:21 | 000,005,632 | ---- | C] () -- C:\Users\ZION-KIDD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/15 13:45:31 | 000,025,183 | ---- | C] () -- C:\Users\ZION-KIDD\page.php
[2013/04/29 08:43:48 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/04/29 08:43:48 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/04/29 08:43:48 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/03/22 13:11:24 | 000,021,316 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/03/03 23:49:17 | 000,003,851 | ---- | C] () -- C:\Users\ZION-KIDD\utulsa.asl
[2013/02/21 15:21:06 | 000,000,600 | ---- | C] () -- C:\Users\ZION-KIDD\AppData\Local\PUTTY.RND
[2013/01/10 09:49:01 | 000,005,642 | ---- | C] () -- C:\Users\ZION-KIDD\init.php
[2012/12/14 02:02:20 | 000,963,452 | ---- | C] () -- C:\WINDOWS\System32\igcodeckrng600.bin
[2012/12/14 02:02:20 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\IccLibDll.dll
[2012/12/14 02:02:20 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\igdde32.dll
[2012/12/14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2012/12/14 02:02:20 | 000,000,268 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2012/12/14 02:02:16 | 000,272,928 | ---- | C] () -- C:\WINDOWS\System32\igvpkrng600.bin
[2012/12/14 01:49:51 | 000,121,625 | ---- | C] () -- C:\Users\ZION-KIDD\GIFTCARD.png
[2012/12/09 07:37:16 | 000,236,942 | ---- | C] () -- C:\Users\ZION-KIDD\MikEl.png
[2012/12/05 07:27:24 | 000,767,622 | ---- | C] () -- C:\Users\ZION-KIDD\Verizon_Remote.png
[2012/11/02 19:27:41 | 000,129,722 | ---- | C] () -- C:\Users\ZION-KIDD\application.aspx2.htm
[2012/11/02 19:27:30 | 000,123,769 | ---- | C] () -- C:\Users\ZION-KIDD\IFE_DVLOTTERY.png
[2012/11/02 19:04:56 | 000,129,744 | ---- | C] () -- C:\Users\ZION-KIDD\application.aspx.htm
[2012/11/02 19:03:58 | 000,126,637 | ---- | C] () -- C:\Users\ZION-KIDD\DVLOTTERY.STATE.GOV.png
[2012/11/02 18:20:20 | 000,041,168 | ---- | C] () -- C:\Users\ZION-KIDD\OLUMIDE.png
[2012/11/01 00:28:06 | 000,000,017 | ---- | C] () -- C:\Users\ZION-KIDD\AppData\Local\resmon.resmoncfg
[2012/09/28 22:08:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/09/22 13:22:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/08/29 15:22:38 | 000,246,804 | ---- | C] () -- C:\WINDOWS\System32\drivers\AtherosBT.bin
[2012/07/26 07:55:27 | 001,084,498 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/26 07:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012/07/26 07:55:27 | 000,248,564 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/26 07:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012/07/26 07:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012/07/26 07:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2012/07/26 07:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/26 07:00:17 | 000,364,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/26 02:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll
[2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll
[2012/07/26 01:48:53 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll
[2012/07/25 21:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012/07/25 21:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin
[2012/07/14 03:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat
[2012/06/02 21:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat
[2012/06/02 15:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin
[2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

========== ZeroAccess Check ==========

[2013/12/02 16:50:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/08/27 14:21:15 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/07/26 04:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/08/14 11:09:52 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\337
[2013/11/14 20:18:47 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Appandora
[2013/12/17 23:23:16 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\BitTorrent
[2012/09/29 18:43:52 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/06/09 07:38:26 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\CometNetwork
[2013/10/20 11:36:23 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\dclogs
[2013/10/09 08:46:41 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Desk 365
[2013/08/28 19:16:39 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\DMCache
[2013/05/31 13:01:33 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\EVDO_General
[2013/10/24 00:38:31 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\FileZilla
[2012/09/22 13:22:08 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Flock
[2013/08/28 19:16:34 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\IDM
[2013/09/16 15:32:28 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Juniper Networks
[2013/11/01 14:59:08 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\LimeWireTurbo
[2012/10/13 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\mjusbsp
[2013/05/01 20:37:18 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\OpenCandy
[2012/09/22 15:21:04 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Opera
[2013/07/18 00:05:15 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Research In Motion
[2013/07/10 09:34:29 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\Syncios
[2013/12/16 14:39:58 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\TCLVDialer
[2013/05/01 20:57:02 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\TuneUp Software
[2013/10/09 19:01:25 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\TurboMailer
[2013/02/06 14:29:15 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\WiTopia
[2013/10/19 15:57:26 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\YourFileDownloader
[2013/08/22 12:12:36 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\ZTEEVDO
[2013/06/15 13:13:46 | 000,000,000 | ---D | M] -- C:\Users\ZION-KIDD\AppData\Roaming\ZTEMTUI

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >

zion098 · December 17, 2013

That is the new OTL.txt after scanning but no Extras.txt

zion098 · December 17, 2013

I already uninstall Peer 2 Peer software I have on my PC.

Maniac · December 18, 2013

Thanks!

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please copy/paste the contents or attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

AdvancedSetup · December 28, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

I have jRAT on my computer. What do I do to remove it. Please help

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information