[A] win32/Small.CA virus

kmorford · Jan 18, 2013

OTL logfile created on: 1/18/2013 9:15:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\moradm\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.94 Gb Total Physical Memory | 5.40 Gb Available Physical Memory | 68.03% Memory free
15.87 Gb Paging File | 12.67 Gb Available in Paging File | 79.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.48 Gb Total Space | 479.32 Gb Free Space | 80.36% Space Free | Partition Type: NTFS
Drive E: | 16.87 Gb Total Space | 2.55 Gb Free Space | 15.15% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.68% Space Free | Partition Type: FAT32
Drive H: | 80.00 Gb Total Space | 77.82 Gb Free Space | 97.28% Space Free | Partition Type: NTFS

Computer Name: KDOLCNU13000JF | User Name: moradm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/18 21:14:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\moradm\Downloads\OTL.exe
PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/08 09:40:08 | 000,137,208 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
PRC - [2012/06/15 08:19:52 | 000,070,280 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2012/05/04 09:21:18 | 000,210,944 | ---- | M] (Numara Software, Inc.) -- C:\Windows\TIREMOTE\TIRemoteService.exe
PRC - [2012/02/20 03:00:00 | 000,636,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\SCNotification.exe
PRC - [2011/04/25 02:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 02:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2011/04/05 12:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/10 18:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/02/07 12:41:42 | 012,274,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2011/02/07 12:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2011/02/01 02:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/01/28 16:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/01/28 10:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
PRC - [2011/01/26 11:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 11:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/18 14:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011/01/18 14:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/01/17 13:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/01/17 13:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/12 12:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2011/01/10 13:05:38 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/01/06 21:08:38 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2010/11/29 13:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/11/20 06:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/11 01:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2009/02/04 14:35:00 | 000,078,848 | ---- | M] (DameWare Development) -- C:\Windows\SysWOW64\DWRCST.EXE
PRC - [2009/02/04 14:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) -- C:\Windows\SysWOW64\DWRCS.EXE
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/26 10:06:41 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/26 10:06:40 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6735246d68993bee06abd24deeb32983\IAStorUtil.ni.dll
MOD - [2012/11/26 10:06:40 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0beca50c12eaf6f0bff6236eb72cc36e\IAStorCommon.ni.dll
MOD - [2012/11/26 09:44:16 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/26 09:44:11 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/26 09:43:52 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/26 09:43:47 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/26 09:43:37 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/26 09:43:32 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/26 09:43:30 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/26 09:43:29 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/26 09:43:22 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/26 09:32:28 | 000,900,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SCNotification\381b6da32026b93dea31b34e05fbf0c7\SCNotification.ni.exe
MOD - [2012/11/26 09:32:26 | 000,479,744 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SCClient.Data\9d9c3a212409e50608eb095ab6eeb324\SCClient.Data.ni.dll
MOD - [2012/11/26 09:32:26 | 000,436,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SCClient.Common\182c99d50f13cdef0e2eebb47bd1e708\SCClient.Common.ni.dll
MOD - [2012/11/26 09:32:22 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d0dc33658e23a6f960c46a5beab7ecf\System.Management.ni.dll
MOD - [2012/11/26 09:32:21 | 001,838,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\da70ab23582f4ebf61a2d551a390afcf\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/26 09:31:53 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\fff1287f12f1ab73c271386342224a3a\System.Runtime.Remoting.ni.dll
MOD - [2012/11/26 09:31:43 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012/11/26 09:18:16 | 018,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012/11/26 09:18:05 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012/11/26 09:17:56 | 003,858,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012/11/26 09:09:24 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012/11/26 09:09:21 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012/11/26 09:09:19 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012/11/26 09:09:16 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012/11/26 09:09:16 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012/11/26 09:09:14 | 009,093,632 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012/11/26 09:09:08 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2011/05/02 13:08:04 | 000,868,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll

========== Services (SafeList) ==========

SRV:64bit: - [2011/12/06 16:22:22 | 000,050,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lppsvc)
SRV:64bit: - [2011/12/06 16:22:22 | 000,050,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lpasvc)
SRV:64bit: - [2011/03/28 00:44:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/02/11 21:07:16 | 000,481,104 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2011/02/09 12:28:12 | 001,318,912 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011/01/28 10:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2011/01/27 03:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/26 19:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011/01/26 17:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/21 20:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 04:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/01/09 13:20:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/08 09:40:10 | 002,601,544 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe -- (SmcService)
SRV - [2012/10/08 09:40:10 | 000,325,040 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe -- (SNAC)
SRV - [2012/10/08 09:40:08 | 000,137,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2012/06/15 08:19:52 | 000,070,280 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/04 09:21:18 | 000,210,944 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\Windows\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
SRV - [2012/05/03 16:52:18 | 000,024,712 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\EASEUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2012/03/08 13:04:27 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/08 13:03:24 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2012/02/20 03:00:00 | 001,684,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\CcmExec.exe -- (CcmExec)
SRV - [2012/02/20 03:00:00 | 000,605,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\RemCtrl\CmRcService.exe -- (CmRcService)
SRV - [2012/02/20 03:00:00 | 000,374,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\CCM\TSManager.exe -- (smstsmgr)
SRV - [2011/04/05 12:13:46 | 001,094,712 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/07 14:48:10 | 000,062,184 | ---- | M] (Xobni Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/02/07 12:41:26 | 000,320,000 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2011/02/03 16:09:18 | 000,464,480 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2011/02/01 02:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/01/28 16:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/01/26 11:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/21 20:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2011/01/18 14:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/01/17 13:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/17 13:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/12 12:12:06 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Running] -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2011/01/10 13:05:38 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/01/06 21:08:38 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/01/06 21:06:56 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/11/29 13:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/11/11 01:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2010/09/30 15:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/04 14:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\SysWOW64\DWRCS.EXE -- (DWMRCS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/08 10:53:05 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/08 10:52:21 | 000,119,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/08 09:40:12 | 000,932,472 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/10/08 09:40:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2012/10/08 09:40:11 | 000,678,008 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/08 09:40:11 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/10/08 09:40:11 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/10/08 09:40:11 | 000,039,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/10/08 09:40:10 | 000,062,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer.sys -- (Teefer2)
DRV:64bit: - [2012/05/03 16:52:02 | 000,189,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV:64bit: - [2012/05/03 16:52:00 | 000,048,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
DRV:64bit: - [2012/05/03 16:51:54 | 000,019,592 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
DRV:64bit: - [2012/05/03 16:51:52 | 000,058,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 01:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/29 12:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 12:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/07/14 16:18:52 | 000,157,184 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/04/25 01:49:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011/03/30 01:15:00 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AE1200w764.sys -- (Linksys_adapter_H)
DRV:64bit: - [2011/03/28 01:14:48 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/28 00:09:12 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/24 13:35:36 | 000,019,968 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzjoystk.sys -- (rzjoystk)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2011/02/09 12:59:52 | 000,168,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2011/02/07 08:50:26 | 000,063,336 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2011/01/31 04:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/01/27 03:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/26 23:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/01/26 17:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/01/26 17:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/01/12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/10 12:52:06 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/01/08 09:16:24 | 002,698,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/01/06 21:07:32 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/01/06 21:07:30 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/01/06 21:07:30 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/01/06 21:07:30 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/01/06 21:07:28 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/01/06 21:07:26 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/01/06 21:07:26 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/12/21 11:21:16 | 001,826,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010/12/02 18:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/11/30 10:32:38 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 07:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 07:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 05:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/11 01:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 14:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/07 14:44:10 | 000,136,192 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\archlp.sys -- (archlp)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/02/15 04:00:00 | 000,030,720 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dwvkbd64.sys -- (dwvkbd)
DRV - [2013/01/16 12:27:28 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20130117.025\ex64.sys -- (NAVEX15)
DRV - [2013/01/16 12:27:27 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20130117.025\eng64.sys -- (NAVENG)
DRV - [2012/11/14 12:54:56 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20130107.011\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/11/13 13:58:43 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20130117.011\IDSviA64.sys -- (IDSVia64)
DRV - [2012/10/08 09:40:10 | 000,029,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl)
DRV - [2012/10/07 22:46:46 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/10/07 22:46:46 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/20 03:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2011/07/29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-131294493-1449412943-965413785-16775\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prod.campuscruiser.com/eicc/
IE - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-131294493-1449412943-965413785-16775\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\moradm\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\moradm\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/05/02 13:15:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFFPlgn\ [2013/01/18 20:44:11 | 000,000,000 | ---D | M]

[2013/01/18 11:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla FireFox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\moradm\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\moradm\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\moradm\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\moradm\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\moradm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\moradm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\moradm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Bitdefender QuickScan = C:\Users\moradm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
CHR - Extension: Gmail = C:\Users\moradm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

kmorford · Jan 18, 2013

O1 HOSTS File: ([2013/01/18 20:20:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.EXE (DameWare Development)
O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-131294493-1449412943-965413785-16775..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 0
O7 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: C&all - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-call.htm ()
O8:64bit: - Extra context menu item: Call with &Edit... - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-edit-and-call.htm ()
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: C&all - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-call.htm ()
O8 - Extra context menu item: Call with &Edit... - C:\Program Files (x86)\Cisco Systems\Unified Personal Communicator\add-ins\internet-explorer\iecontextmenu-edit-and-call.htm ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: eicc.edu ([myeiccd] https in Trusted sites)
O15:64bit: - ..Trusted Domains: eiccd.net ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: eiccd.net ([eiccd-otis] http in Local intranet)
O15:64bit: - ..Trusted Domains: eiccd.net ([www] http in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eicc.edu ([myeiccd] https in Trusted sites)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd.net ([]* in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd.net ([eiccd-otis] http in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd.net ([www] http in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd-sccm01 ([]http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://webvpn.eiccd.net/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.209.37 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eiccd.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57CE51FB-1D82-40CA-96D9-F8F1BE244E45}: DhcpNameServer = 97.64.183.164 97.64.209.37 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60012E08-59CC-4FB9-94F5-F01FE28B220C}: DhcpNameServer = 192.168.42.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/17 14:23:56 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 20:58:57 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/01/18 20:58:42 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/18 20:44:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/18 19:12:36 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/01/18 19:10:52 | 000,000,000 | ---D | C] -- C:\Users\moradm\Documents\mbar-1.01.0.1016
[2013/01/18 19:05:04 | 000,000,000 | ---D | C] -- C:\Users\moradm\Desktop\RK_Quarantine
[2013/01/18 16:32:51 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\moradm\Desktop\dds.com
[2013/01/18 15:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/01/18 13:07:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/01/18 13:07:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/01/18 13:07:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/01/18 13:07:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/18 13:07:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/01/18 11:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vigator Guardian
[2013/01/18 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DataSorption
[2013/01/18 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\moradm\AppData\Local\Coupon Companion Plugin
[2013/01/18 11:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla FireFox
[2013/01/18 00:28:53 | 000,000,000 | ---D | C] -- C:\Users\moradm\AppData\Roaming\Curiolab
[2013/01/17 17:42:57 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/01/17 14:21:42 | 000,000,000 | ---D | C] -- C:\Users\moradm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/01/17 11:57:01 | 000,000,000 | ---D | C] -- C:\Users\moradm\AppData\Local\Programs
[2013/01/08 13:55:40 | 000,000,000 | ---D | C] -- C:\windows\SysNative\%LOCALAPPDATA%
[2013/01/02 16:31:45 | 000,000,000 | ---D | C] -- C:\Users\moradm\Desktop\Deploy media
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/18 20:51:58 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 20:51:58 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 20:48:42 | 000,811,050 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/18 20:48:42 | 000,684,702 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/18 20:48:42 | 000,129,668 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/18 20:46:55 | 000,000,582 | ---- | M] () -- C:\windows\SMSCFG.ini
[2013/01/18 20:44:39 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013/01/18 20:43:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/18 20:43:36 | 4226,138,111 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/18 20:39:07 | 000,574,677 | ---- | M] () -- C:\Users\moradm\Desktop\adwcleaner.exe
[2013/01/18 20:20:22 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/01/18 20:20:05 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/18 19:38:19 | 406,851,901 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/01/18 19:03:17 | 000,764,416 | ---- | M] () -- C:\Users\moradm\Desktop\RogueKiller.exe
[2013/01/18 16:30:42 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\moradm\Desktop\dds.com
[2013/01/17 21:09:54 | 001,240,260 | ---- | M] () -- C:\Users\moradm\AppData\Local\census.cache
[2013/01/17 21:09:48 | 000,147,790 | ---- | M] () -- C:\Users\moradm\AppData\Local\ars.cache
[2013/01/17 14:59:16 | 000,000,065 | -H-- | M] () -- C:\TrackitAudit.id
[2013/01/17 14:23:56 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/01/17 11:57:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/16 15:17:06 | 000,011,607 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/01/16 13:52:45 | 000,002,006 | -H-- | M] () -- C:\Users\moradm\Documents\Default.rdp
[2013/01/15 14:05:41 | 000,002,375 | ---- | M] () -- C:\Users\moradm\Desktop\Google Chrome.lnk
[2013/01/09 13:20:21 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 13:20:21 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/08 10:53:05 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/08 10:53:05 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/08 10:53:05 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/08 10:52:21 | 000,288,176 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\SymVPN.dll
[2013/01/08 10:52:21 | 000,119,816 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SysPlant.sys
[2013/01/08 10:52:21 | 000,081,840 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\FwsVpn.dll
[2013/01/08 10:52:21 | 000,042,632 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\WGX64.SYS
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/18 20:39:06 | 000,574,677 | ---- | C] () -- C:\Users\moradm\Desktop\adwcleaner.exe
[2013/01/18 19:12:29 | 406,851,901 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/01/18 19:03:17 | 000,764,416 | ---- | C] () -- C:\Users\moradm\Desktop\RogueKiller.exe
[2013/01/18 13:07:42 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/01/18 13:07:42 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/01/18 13:07:42 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/01/18 13:07:42 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/01/18 13:07:42 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/01/17 14:23:56 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/01/14 16:38:47 | 003,774,076 | ---- | C] () -- C:\Users\moradm\Desktop\Trainers Guide Final.pdf
[2012/11/14 13:00:02 | 000,000,111 | ---- | C] () -- C:\windows\ODBC.INI
[2012/10/25 15:21:12 | 000,000,713 | ---- | C] () -- C:\windows\SysWow64\DWRCCMDError.ini
[2012/09/12 08:13:42 | 000,102,400 | ---- | C] () -- C:\windows\RegBootClean.exe
[2012/09/11 20:18:06 | 001,240,260 | ---- | C] () -- C:\Users\moradm\AppData\Local\census.cache
[2012/09/11 20:17:29 | 000,147,790 | ---- | C] () -- C:\Users\moradm\AppData\Local\ars.cache
[2012/09/11 20:03:31 | 000,000,036 | ---- | C] () -- C:\Users\moradm\AppData\Local\housecall.guid.cache
[2012/08/21 15:29:45 | 000,000,218 | ---- | C] () -- C:\Users\moradm\.recently-used.xbel
[2012/08/21 15:23:03 | 000,019,840 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll
[2012/08/21 15:23:02 | 002,469,760 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe
[2012/08/21 15:23:02 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe
[2012/08/21 15:23:02 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys
[2012/08/21 15:23:02 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys
[2012/06/14 08:08:08 | 000,094,208 | ---- | C] () -- C:\windows\TIRHService.exe
[2012/03/08 16:08:00 | 000,001,198 | ---- | C] () -- C:\Users\moradm\AppData\Roaming\evmanage.prf
[2012/03/08 13:03:27 | 000,000,000 | ---- | C] () -- C:\windows\eDrawingOfficeAutomator.INI
[2012/02/13 15:56:39 | 000,000,017 | ---- | C] () -- C:\Users\moradm\AppData\Local\resmon.resmoncfg
[2012/01/31 19:12:00 | 000,003,604 | ---- | C] () -- C:\Users\moradm\AppData\Roaming\evpro32.prf
[2012/01/31 19:04:27 | 000,000,074 | ---- | C] () -- C:\Users\moradm\AppData\Roaming\evplay.prf
[2012/01/05 00:17:17 | 000,000,582 | ---- | C] () -- C:\windows\SMSCFG.ini
[2012/01/03 12:07:14 | 000,002,398 | RHS- | C] () -- C:\Users\moradm\ntuser.pol
[2012/01/03 12:05:47 | 000,011,607 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/07/25 02:51:27 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdebged.sys
[2011/07/25 02:40:15 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/07/25 02:37:32 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011/07/25 02:36:28 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/07/25 02:36:28 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011/05/02 13:37:42 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdebcdf.sys
[2011/05/02 13:21:48 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini
[2011/05/02 13:15:57 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdebcch.sys
[2011/05/02 12:48:37 | 000,803,188 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/28 13:10:12 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/03/17 11:05:12 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/02/25 16:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011/02/11 21:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011/02/11 21:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011/02/11 21:07:16 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2011/02/11 21:04:36 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2011/02/09 22:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini
[2011/02/03 16:09:24 | 000,366,176 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011/02/02 21:49:02 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2011/02/02 21:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011/02/02 21:47:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2011/01/29 17:49:32 | 000,017,232 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe
[2011/01/26 23:55:20 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/01/26 23:55:20 | 000,213,332 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/01/26 23:55:20 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/01/22 13:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >

Broni · Jan 18, 2013

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O4 - HKLM..\Run: [] File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O15:64bit: - ..Trusted Domains: eicc.edu ([myeiccd] https in Trusted sites)
O15:64bit: - ..Trusted Domains: eiccd.net ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: eiccd.net ([eiccd-otis] http in Local intranet)
O15:64bit: - ..Trusted Domains: eiccd.net ([www] http in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eicc.edu ([myeiccd] https in Trusted sites)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd.net ([]* in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd.net ([eiccd-otis] http in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd.net ([www] http in Local intranet)
O15 - HKU\S-1-5-21-131294493-1449412943-965413785-16775\..Trusted Domains: eiccd-sccm01 ([]http in Trusted sites)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

============================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

kmorford · Jan 18, 2013

Ok so bit of a problem with the OTL fix file. My notepad is not working...ie it has a icon on the taskbar and it seems the file is open, but I can not open it. I have been just closing the files and using notepad++ to open and paste to you. But with this one I cannot find it anywhere. should I re-run? or move on with scans?

Broni · Jan 18, 2013

Restart computer and see if Notepad will work.

kmorford · Jan 18, 2013

Nope same...and I cannot find the file on the PC anywhere

Broni · Jan 18, 2013

You can't find Notepad or...?

kmorford · Jan 18, 2013

No ...notepad will not open on the PC.
I have been using notepad++ to copy and paste to you.
I can find notepad it will just not work.
I cannot find the last log file for OTL when you had me run the fix.
It restarted the PC and when it came up the notepad icon was on the taskbar but would not maximize or let me peek at it.
I cannot find the log file to open it with notepad++.

Broni · Jan 18, 2013

We have to get Notepad to work.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box and paste it into the main textfield:
Code:
:filefind
notepad.exe
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

kmorford · Jan 18, 2013

SystemLook 30.07.11 by jpshortstuff
Log created at 22:19 on 18/01/2013 by moradm
Administrator - Elevation successful

========== filefind ==========

Searching for "notepad.exe"
C:\Windows\notepad.exe--a---- 193536 bytes[23:56 13/07/2009][01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\System32\notepad.exe--a---- 193536 bytes[23:56 13/07/2009][01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\SysWOW64\notepad.exe--a---- 179712 bytes[23:41 13/07/2009][01:14 14/07/2009] D378BFFB70923139D6A4F546864AA61C
C:\Windows\winsxs\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_6.1.7600.16385_none_9ebebe8614be1470\notepad.exe--a---- 193536 bytes[23:56 13/07/2009][01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\winsxs\amd64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_cb0f7f2289b0c21a\notepad.exe--a---- 193536 bytes[23:56 13/07/2009][01:39 14/07/2009] F2C7BB8ACC97F92E987A2D4087D021B1
C:\Windows\winsxs\wow64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_d5642974be118415\notepad.exe--a---- 179712 bytes[23:41 13/07/2009][01:14 14/07/2009] D378BFFB70923139D6A4F546864AA61C

-= EOF =-

Broni · Jan 18, 2013

See if you can open Notepad by double clicking on this file:
C:\Windows\System32\notepad.exe

kmorford · Jan 18, 2013

Nope same thing icon shows up on the task bar as if it is open and minimized. I can not get it to maximize. running notepad.exe from cmd does he same thing.

Broni · Jan 18, 2013

What about 32-bit from here:
C:\Windows\SysWOW64\notepad.exe

kmorford · Jan 18, 2013

Nope samething

Broni · Jan 19, 2013

Go ahead with other steps.

kmorford · Jan 21, 2013

Farbar Service Scanner Version: 16-01-2013
Ran by moradm (administrator) on 21-01-2013 at 21:33:08
Running from "C:\Users\moradm\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=DWORD:1

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Broni · Jan 26, 2013

I still need Security Check and Eset logs...

Broni · Jan 31, 2013

Still with me?

Broni · Feb 5, 2013

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.

TechSpot

Welcome to TechSpot

[A] win32/Small.CA virus

kmorford TechSpot Member Posts: 49

kmorford TechSpot Member Posts: 49

Broni Malware Annihilator Posts: 40,051 +187

kmorford TechSpot Member Posts: 49

Broni Malware Annihilator Posts: 40,051 +187

kmorford TechSpot Member Posts: 49

Broni Malware Annihilator Posts: 40,051 +187

kmorford TechSpot Member Posts: 49

Broni Malware Annihilator Posts: 40,051 +187

kmorford TechSpot Member Posts: 49

Broni Malware Annihilator Posts: 40,051 +187

kmorford TechSpot Member Posts: 49

Broni Malware Annihilator Posts: 40,051 +187

kmorford TechSpot Member Posts: 49

Broni Malware Annihilator Posts: 40,051 +187

kmorford TechSpot Member Posts: 49

Broni Malware Annihilator Posts: 40,051 +187

Broni Malware Annihilator Posts: 40,051 +187

Broni Malware Annihilator Posts: 40,051 +187

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.