TechSpot

Malware removal help needed

By coflyfisher
May 17, 2012
  1. Hi All,

    I went through the 5 step process, here are the logs.Any help would be appreciated. Thanks

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.05.17.08
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Chris :: CHRIS-PC [administrator]
    Protection: Enabled
    5/17/2012 3:05:14 PM
    mbam-log-2012-05-17 (15-05-14).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218861
    Time elapsed: 7 minute(s), 1 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DAT1C8D.tmp.exe (Trojan.FakeAlert) -> Data: C:\Users\Chris\AppData\Local\Temp\DAT1C8D.tmp.exe -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Users\Chris\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    (end)

    GMER was blankl
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by Chris at 15:31:41 on 2012-05-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3564.1922 [GMT -6:00]
    .
    AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Webroot\WRSA.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\atieclxx.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files (x86)\Jump Desktop\JumpService.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\TightVNC\tvnserver.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\Samsung\PanelMgr\caller64.exe
    C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
    C:\Program Files (x86)\TightVNC\tvnserver.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
    C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
    C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
    C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
    C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
    C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\windows\system32\DllHost.exe
    C:\Program Files (x86)\Nuance\PDF Create! 6\pdfcreate6hook.exe
    C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://samsung.msn.com
    mStart Page = hxxp://samsung.msn.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Jump Desktop] C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe autorun
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [DAT1C8D.tmp.exe] C:\Users\Chris\AppData\Local\Temp\DAT1C8D.tmp.exe
    mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    mRun: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe"
    mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
    mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
    uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
    uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
    uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
    uPolicies-explorer: NoFile = 0 (0x0)
    uPolicies-explorer: HideClock = 0 (0x0)
    uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    uPolicies-explorer: NoDFSTab = 0 (0x0)
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
    uPolicies-explorer: NoResolveTrack = 0 (0x0)
    uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
    uPolicies-system: NoDispAppearancePage = 0 (0x0)
    uPolicies-system: NoDispSettingsPage = 0 (0x0)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoViewOnDrive = 0 (0x0)
    mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
    mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
    mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
    mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
    mPolicies-explorer: NoFile = 0 (0x0)
    mPolicies-explorer: HideClock = 0 (0x0)
    mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    mPolicies-explorer: NoDFSTab = 0 (0x0)
    mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
    mPolicies-explorer: NoResolveTrack = 0 (0x0)
    mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 1 (0x1)
    mPolicies-system: NoDispAppearancePage = 0 (0x0)
    mPolicies-system: NoDispSettingsPage = 0 (0x0)
    dPolicies-explorer: NoViewOnDrive = 0 (0x0)
    dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
    dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
    dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
    dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
    dPolicies-explorer: NoFile = 0 (0x0)
    dPolicies-explorer: HideClock = 0 (0x0)
    dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
    dPolicies-explorer: NoDFSTab = 0 (0x0)
    dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
    dPolicies-explorer: NoResolveTrack = 0 (0x0)
    dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
    dPolicies-system: NoDispAppearancePage = 0 (0x0)
    dPolicies-system: NoDispSettingsPage = 0 (0x0)
    IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    IE: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    IE: Create PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    IE: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    IE: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    IE: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
    IE: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
    IE: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm
    IE: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
    TCP: Interfaces\{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75} : DhcpNameServer = 192.168.0.1 205.171.2.25
    TCP: Interfaces\{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75}\157756374775966696 : DhcpNameServer = 192.168.9.1 64.134.255.2 64.134.255.10
    TCP: Interfaces\{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75}\45154565E4 : DhcpNameServer = 192.168.0.1 8.8.8.8
    TCP: Interfaces\{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75}\75169707F62747F5143636563737 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
    TCP: Interfaces\{D11BE09D-1EBD-4033-83A0-0256BB21F28F} : DhcpNameServer = 192.168.0.1 205.171.2.25
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    BHO-X64: AMD SteadyVideo BHO - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO-X64: IESpeakDoc - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    mRun-x64: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe"
    mRun-x64: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
    mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe
    Hosts: 69.10.57.36 www.google-analytics.com.
    Hosts: 69.10.57.36 ad-emea.doubleclick.net.
    Hosts: 69.10.57.36 www.statcounter.com.
    Hosts: 108.163.215.51 www.google-analytics.com.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7r01hjhb.default\
    FF - prefs.js: browser.search.selectedEngine - search
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
    R0 WRkrn;WRkrn;C:\windows\system32\drivers\WRkrn.sys --> C:\windows\system32\drivers\WRkrn.sys [?]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
    R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-7-15 146592]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-7-15 91296]
    R2 JumpDesktop;Jump Desktop Service;C:\Program Files (x86)\Jump Desktop\JumpService.exe [2011-12-21 7680]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-17 654408]
    R2 MSSQL$IAC;SQL Server (IAC);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-15 1153368]
    R2 SGDrv;SGDrv;C:\windows\system32\DRIVERS\SGdrv64.sys --> C:\windows\system32\DRIVERS\SGdrv64.sys [?]
    R2 SSPORT;SSPORT;\??\C:\windows\system32\Drivers\SSPORT.sys --> C:\windows\system32\Drivers\SSPORT.sys [?]
    R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
    R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-2-15 679608]
    R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\system32\DRIVERS\btath_flt.sys --> C:\windows\system32\DRIVERS\btath_flt.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\system32\drivers\btath_a2dp.sys --> C:\windows\system32\drivers\btath_a2dp.sys [?]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\system32\drivers\btath_avdt.sys --> C:\windows\system32\drivers\btath_avdt.sys [?]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\system32\DRIVERS\btath_bus.sys --> C:\windows\system32\DRIVERS\btath_bus.sys [?]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\system32\DRIVERS\btath_hcrp.sys --> C:\windows\system32\DRIVERS\btath_hcrp.sys [?]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\system32\DRIVERS\btath_lwflt.sys --> C:\windows\system32\DRIVERS\btath_lwflt.sys [?]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\system32\DRIVERS\btath_rcp.sys --> C:\windows\system32\DRIVERS\btath_rcp.sys [?]
    R3 BtFilter;BtFilter;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
    R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
    R3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys --> C:\windows\system32\DRIVERS\usbfilter.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    R3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 129976]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
    txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2012-05-17 21:02:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
    2012-05-17 21:02:25 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-05-17 21:02:24 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-05-17 21:02:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-05-17 12:26:41 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16BC3F29-267E-4633-9C38-CA5263D58620}\offreg.dll
    2012-05-17 03:46:38 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-15 23:13:57 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-05-15 23:13:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-05-15 22:59:30 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16BC3F29-267E-4633-9C38-CA5263D58620}\mpengine.dll
    2012-05-14 05:38:38 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2012-05-14 05:38:35 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-05-14 05:38:34 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-12 15:33:28 1544704 ----a-w- C:\windows\System32\DWrite.dll
    2012-05-12 15:33:28 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
    2012-05-12 15:33:27 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
    2012-05-12 15:33:27 3146240 ----a-w- C:\windows\System32\win32k.sys
    2012-05-12 15:33:26 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2012-05-12 15:33:26 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2012-05-12 15:32:05 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
    2012-05-12 15:31:29 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2012-05-12 15:31:27 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 15:31:27 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-05-12 15:31:27 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 15:31:26 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2012-05-12 15:31:26 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-05-10 17:01:06 -------- d-----w- C:\Program Files\Microsoft SQL Server
    2012-05-10 17:00:58 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
    2012-05-10 17:00:14 -------- d-----w- C:\IAC Files
    2012-05-02 16:11:20 -------- d-----w- C:\Users\Chris\AppData\Local\{9E30258F-EB01-4747-8C8E-45413E3BD73E}
    2012-05-02 16:10:57 -------- d-----w- C:\Users\Chris\AppData\Local\{6C04213D-E7DF-48A1-AADB-ECB12E31BF15}
    2012-05-02 16:10:15 -------- d-----w- C:\Users\Chris\AppData\Local\{1B624856-CFB4-46FE-91DB-646E2BE32CA0}
    2012-05-02 16:10:05 -------- d-----w- C:\Users\Chris\AppData\Local\{5760D95B-77B2-474B-A6B8-CF73F5C2A936}
    2012-05-02 15:53:27 -------- d-----w- C:\Users\Chris\AppData\Local\{0F9BF396-87E3-4343-BB18-C45C8CAA2C07}
    2012-05-02 15:53:03 -------- d-----w- C:\Users\Chris\AppData\Local\{F4208B22-5A87-41FF-9081-62F462A3C1EF}
    2012-04-23 19:44:01 -------- d-----w- C:\Users\Chris\AppData\Local\NPE
    2012-04-19 20:27:05 -------- d-----w- C:\Users\Chris\AppData\Local\{C285000B-A3C0-4D5A-BBAF-743CCB9B15EB}
    2012-04-19 20:26:50 -------- d-----w- C:\Users\Chris\AppData\Local\{0CC155D2-1FF6-442F-8882-0F5B12D8F232}
    2012-04-19 20:25:18 -------- d-----w- C:\Users\Chris\AppData\Local\{186CEFB9-B9FA-4F92-98FA-2A811645C989}
    .
    ==================== Find3M ====================
    .
    2012-05-17 03:46:46 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-17 03:46:46 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-16 19:51:35 148152 ----a-w- C:\windows\SysWow64\WRusr.dll
    2012-05-16 19:51:35 112656 ----a-w- C:\windows\System32\drivers\WRkrn.sys
    2012-05-16 19:51:35 100760 ----a-w- C:\windows\System32\WRusr.dll
    2012-04-12 00:25:04 60304 ----a-w- C:\Users\Chris\g2mdlhlpx.exe
    2012-03-01 06:46:16 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
    2012-03-01 06:38:27 220672 ----a-w- C:\windows\System32\wintrust.dll
    2012-03-01 06:33:50 81408 ----a-w- C:\windows\System32\imagehlp.dll
    2012-03-01 06:28:47 5120 ----a-w- C:\windows\System32\wmi.dll
    2012-03-01 05:37:41 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
    2012-03-01 05:33:23 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
    2012-03-01 05:29:16 5120 ----a-w- C:\windows\SysWow64\wmi.dll
    2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-02-23 16:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
    2010-01-26 17:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
    .
    ============= FINISH: 15:33:03.00 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    I still need Attach.txt part of DDS.

    You're not saying what your computer issues are.

    Then....

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ===========================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. coflyfisher

    coflyfisher TS Rookie Topic Starter

    Broni,
    I'm getting pop ups in the lower right corner of my screen, mostly a message that says I need to download a player for flash video, sometimes other ads. I think it is also disabling my adobe flash player. I've also had a web page I was on be redirected to other sites. Here are the logs from the scans. Thanks

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-18 22:47:48
    -----------------------------
    22:47:48.106 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:47:48.106 Number of processors: 4 586 0x100
    22:47:48.106 ComputerName: CHRIS-PC UserName: Chris
    22:47:49.056 Initialize success
    22:54:03.755 AVAST engine defs: 12051801
    22:55:23.096 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
    22:55:23.112 Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 476940MB BusType: 11
    22:55:23.128 Disk 0 MBR read successfully
    22:55:23.128 Disk 0 MBR scan
    22:55:23.159 Disk 0 unknown MBR code
    22:55:23.174 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    22:55:23.190 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 183296 MB offset 206848
    22:55:23.206 Disk 0 Partition - 00 0F Extended LBA 273511 MB offset 375597056
    22:55:23.252 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 20032 MB offset 935747584
    22:55:23.315 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 273510 MB offset 375599104
    22:55:23.362 Disk 0 scanning C:\windows\system32\drivers
    22:55:37.963 Service scanning
    22:56:14.389 Modules scanning
    22:56:14.405 Disk 0 trace - called modules:
    22:56:14.452 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    22:56:14.467 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c1f060]
    22:56:14.483 3 CLASSPNP.SYS[fffff880019bf43f] -> nt!IofCallDriver -> [0xfffffa80049adac0]
    22:56:14.499 5 amd_xata.sys[fffff8800114cb3f] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa80049a9060]
    22:56:15.341 AVAST engine scan C:\windows
    22:56:19.023 AVAST engine scan C:\windows\system32
    23:00:49.455 AVAST engine scan C:\windows\system32\drivers
    23:01:04.229 AVAST engine scan C:\Users\Chris
    23:05:14.927 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
    23:05:14.943 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You posted DDS.txt for the second time. I need the other part of DDS scan - Attach.txt

    You didn't post Bootkit Remover log.
     
  5. coflyfisher

    coflyfisher TS Rookie Topic Starter

    is this what you need?

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/6/2012 11:32:39 PM
    System Uptime: 5/17/2012 3:15:43 PM (0 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 305E4A/305E4A
    Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics | P0 | 795/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 179 GiB total, 110.968 GiB free.
    D: is FIXED (NTFS) - 267 GiB total, 245.841 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP60: 4/12/2012 5:56:24 PM - Installed HTC Driver Installer.
    RP61: 4/12/2012 5:57:21 PM - Installed HTC Sync.
    RP62: 4/14/2012 5:57:24 PM - Windows Update
    RP63: 4/20/2012 6:44:26 AM - Windows Update
    RP64: 4/24/2012 11:02:00 AM - Windows Update
    RP65: 5/1/2012 5:22:08 AM - Windows Update
    RP66: 5/8/2012 8:44:44 AM - Windows Update
    RP67: 5/10/2012 10:59:26 AM - Installed Quote EZ
    RP68: 5/12/2012 9:27:43 AM - Windows Update
    RP69: 5/13/2012 7:07:35 AM - Windows Update
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 69.10.57.36 www.google-analytics.com.
    Hosts: 69.10.57.36 ad-emea.doubleclick.net.
    Hosts: 69.10.57.36 www.statcounter.com.
    Hosts: 108.163.215.51 www.google-analytics.com.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    Hosts: 108.163.215.51 www.statcounter.com.
    .
    ==== Installed Programs ======================
    .
    ???? ??? Windows Live
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    ??????????? ?? Windows Live
    µTorrent
    7-Zip 9.20
    Adobe AIR
    Adobe Reader X (10.1.3)
    Agatha Christie - Death on the Nile
    Amazon Kindle
    AMD VISION Engine Control Center
    Atheros Client Installation Program
    „Windows Live Essentials“
    „Windows Live Mail“
    „Windows Live Messenger“
    „Windows Live“ fotogalerija
    Bejeweled 2 Deluxe
    Bing Bar
    Build-a-lot
    Catalyst Control Center - Branding
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    Compatibility Pack for the 2007 Office system
    CyberLink Media Suite
    CyberLink Media+ Player10
    CyberLink MediaShow
    CyberLink Power2Go
    CyberLink PowerDirector
    CyberLink YouCam
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Easy File Share
    Easy Migration
    Easy Settings
    Easy Software Manager
    Easy Support Center 1.0
    Farm Frenzy
    Fotogalerija Windows Live
    FXCM Trading Station
    Galeria de Fotografias do Windows Live
    Galeria fotografii uslugi Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Galería fotográfica de Windows Live
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 5.1.0.880
    HiDownloadPlatinum
    HTC Driver Installer
    HTC Sync
    Insaniquarium Deluxe
    Java Auto Updater
    Java(TM) 6 Update 30
    John Deere Drive Green
    Jump Desktop
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mesh Runtime
    MetaTrader FOREX Ltd.
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (IAC)
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetX360
    OANDA - MetaTrader
    PdaNet for Android 3.25
    Peggle
    Penguins!
    Plants vs. Zombies
    Poczta uslugi Windows Live
    Podstawowe programy Windows Live
    Polar Golfer
    Pošta Windows Live
    Quote EZ
    Raccolta foto di Windows Live
    Readiris Pro 10
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    S?????? f?t???af??? t?? Windows Live
    Samsung CLX-3170 Series
    Samsung Recovery Solution 5
    Scansoft PDF Create
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Skype™ 5.8
    SmarThru 4
    SmarThru PC Fax
    Software Launcher
    Spybot - Search & Destroy
    TightVNC 2.0.2
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    User Guide
    VDownloader 3.8.985
    Webroot SecureAnywhere
    WildTangent Games
    WildTangent ORB Game Console
    Windows Live
    Windows Live ??
    Windows Live ?? ???
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotótár
    Windows Live Foto-galerija
    Windows Live fotoattelu galerija
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotogaléria
    Windows Live Fotograf Galerisi
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Pošta
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parçalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    WinPcap 4.1.1
    WinRAR 4.10 (32-bit)
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/17/2012 3:17:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    5/17/2012 3:16:27 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
    5/16/2012 1:51:44 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the WRSVC service, but this action failed with the following error: An instance of the service is already running.
    5/16/2012 1:51:34 PM, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    5/14/2012 8:01:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    5/14/2012 6:49:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Atheros Bt&Wlan Coex Agent service.
    5/14/2012 10:19:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ACER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75}. The master browser is stopping or an election is being forced.
    5/13/2012 8:41:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    5/11/2012 9:22:39 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ====================

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com
    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!
    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]

    Done;
    Press any key to quit...
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Thank you :)

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. coflyfisher

    coflyfisher TS Rookie Topic Starter

    here are the results

    22:02:54.0218 8588 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
    22:02:54.0938 8588 ============================================================
    22:02:54.0938 8588 Current date / time: 2012/05/19 22:02:54.0938
    22:02:54.0938 8588 SystemInfo:
    22:02:54.0938 8588
    22:02:54.0938 8588 OS Version: 6.1.7601 ServicePack: 1.0
    22:02:54.0938 8588 Product type: Workstation
    22:02:54.0938 8588 ComputerName: CHRIS-PC
    22:02:54.0938 8588 UserName: Chris
    22:02:54.0938 8588 Windows directory: C:\windows
    22:02:54.0938 8588 System windows directory: C:\windows
    22:02:54.0938 8588 Running under WOW64
    22:02:54.0938 8588 Processor architecture: Intel x64
    22:02:54.0938 8588 Number of processors: 4
    22:02:54.0938 8588 Page size: 0x1000
    22:02:54.0938 8588 Boot type: Normal boot
    22:02:54.0938 8588 ============================================================
    22:02:55.0738 8588 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:02:55.0748 8588 ============================================================
    22:02:55.0748 8588 \Device\Harddisk0\DR0:
    22:02:55.0748 8588 MBR partitions:
    22:02:55.0748 8588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    22:02:55.0748 8588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16600000
    22:02:55.0758 8588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x16633000, BlocksNum 0x21633000
    22:02:55.0758 8588 ============================================================
    22:02:55.0798 8588 C: <-> \Device\Harddisk0\DR0\Partition1
    22:02:55.0878 8588 D: <-> \Device\Harddisk0\DR0\Partition2
    22:02:55.0898 8588 ============================================================
    22:02:55.0898 8588 Initialize success
    22:02:55.0898 8588 ============================================================
    22:03:00.0078 8796 ============================================================
    22:03:00.0078 8796 Scan started
    22:03:00.0088 8796 Mode: Manual;
    22:03:00.0088 8796 ============================================================
    22:03:01.0378 8796 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
    22:03:01.0378 8796 1394ohci - ok
    22:03:01.0448 8796 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
    22:03:01.0448 8796 ACPI - ok
    22:03:01.0488 8796 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
    22:03:01.0488 8796 AcpiPmi - ok
    22:03:01.0588 8796 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    22:03:01.0588 8796 AdobeARMservice - ok
    22:03:01.0738 8796 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:03:01.0748 8796 AdobeFlashPlayerUpdateSvc - ok
    22:03:01.0798 8796 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
    22:03:01.0798 8796 adp94xx - ok
    22:03:01.0858 8796 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
    22:03:01.0858 8796 adpahci - ok
    22:03:01.0958 8796 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
    22:03:01.0968 8796 adpu320 - ok
    22:03:02.0058 8796 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
    22:03:02.0058 8796 AeLookupSvc - ok
    22:03:02.0118 8796 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
    22:03:02.0128 8796 AFD - ok
    22:03:02.0158 8796 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
    22:03:02.0158 8796 agp440 - ok
    22:03:02.0188 8796 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
    22:03:02.0188 8796 ALG - ok
    22:03:02.0218 8796 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
    22:03:02.0218 8796 aliide - ok
    22:03:02.0268 8796 AMD External Events Utility (c08ade825268d291afe06eda71415c7d) C:\windows\system32\atiesrxx.exe
    22:03:02.0278 8796 AMD External Events Utility - ok
    22:03:02.0298 8796 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
    22:03:02.0298 8796 amdide - ok
    22:03:02.0328 8796 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
    22:03:02.0328 8796 AmdK8 - ok
    22:03:04.0518 8796 amdkmdag (f59a32a90c4f96189cd74473f7be572b) C:\windows\system32\DRIVERS\atikmdag.sys
    22:03:04.0718 8796 amdkmdag - ok
    22:03:04.0928 8796 amdkmdap (0327723d45a7bb7c1fe4835eb784ac61) C:\windows\system32\DRIVERS\atikmpag.sys
    22:03:04.0928 8796 amdkmdap - ok
    22:03:04.0978 8796 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
    22:03:04.0978 8796 AmdPPM - ok
    22:03:05.0028 8796 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
    22:03:05.0028 8796 amdsata - ok
    22:03:05.0068 8796 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
    22:03:05.0078 8796 amdsbs - ok
    22:03:05.0128 8796 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
    22:03:05.0128 8796 amdxata - ok
    22:03:05.0268 8796 amd_sata (bb4fe7889db9cbbe61a308e99697f53c) C:\windows\system32\DRIVERS\amd_sata.sys
    22:03:05.0268 8796 amd_sata - ok
    22:03:05.0278 8796 amd_xata (5631cba53f1cbea3f9e88348e6723391) C:\windows\system32\DRIVERS\amd_xata.sys
    22:03:05.0278 8796 amd_xata - ok
    22:03:05.0318 8796 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
    22:03:05.0318 8796 AppID - ok
    22:03:05.0388 8796 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
    22:03:05.0388 8796 AppIDSvc - ok
    22:03:05.0448 8796 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
    22:03:05.0458 8796 Appinfo - ok
    22:03:05.0488 8796 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
    22:03:05.0498 8796 arc - ok
    22:03:05.0528 8796 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
    22:03:05.0528 8796 arcsas - ok
    22:03:05.0578 8796 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
    22:03:05.0578 8796 AsyncMac - ok
    22:03:05.0598 8796 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
    22:03:05.0608 8796 atapi - ok
    22:03:05.0638 8796 AthBTPort (ef3b9ad9d03047eba1369732b2f55afe) C:\windows\system32\DRIVERS\btath_flt.sys
    22:03:05.0648 8796 AthBTPort - ok
    22:03:06.0138 8796 Atheros Bt&Wlan Coex Agent (650f111d5cda64c10ae4b9d1ba9d4fff) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    22:03:06.0138 8796 Atheros Bt&Wlan Coex Agent - ok
    22:03:06.0188 8796 AtherosSvc (88d8999350d12127438d57b54a432946) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    22:03:06.0188 8796 AtherosSvc - ok
    22:03:07.0538 8796 athr (16567ab05cd34f46d0dcbb129ca143c2) C:\windows\system32\DRIVERS\athrx.sys
    22:03:07.0608 8796 athr - ok
    22:03:07.0868 8796 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\windows\system32\drivers\AtihdW76.sys
    22:03:07.0868 8796 AtiHDAudioService - ok
    22:03:07.0908 8796 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    22:03:07.0918 8796 AudioEndpointBuilder - ok
    22:03:07.0928 8796 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    22:03:07.0938 8796 AudioSrv - ok
    22:03:07.0988 8796 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
    22:03:07.0988 8796 AxInstSV - ok
    22:03:08.0048 8796 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
    22:03:08.0048 8796 b06bdrv - ok
    22:03:08.0088 8796 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
    22:03:08.0088 8796 b57nd60a - ok
    22:03:08.0188 8796 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    22:03:08.0188 8796 BBSvc - ok
    22:03:08.0228 8796 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
    22:03:08.0228 8796 BDESVC - ok
    22:03:08.0258 8796 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
    22:03:08.0258 8796 Beep - ok
    22:03:08.0318 8796 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
    22:03:08.0328 8796 BFE - ok
    22:03:08.0388 8796 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
    22:03:08.0398 8796 BITS - ok
    22:03:08.0468 8796 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
    22:03:08.0468 8796 blbdrive - ok
    22:03:08.0498 8796 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
    22:03:08.0508 8796 bowser - ok
    22:03:08.0538 8796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
    22:03:08.0538 8796 BrFiltLo - ok
    22:03:08.0548 8796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
    22:03:08.0548 8796 BrFiltUp - ok
    22:03:08.0578 8796 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
    22:03:08.0578 8796 Browser - ok
    22:03:08.0618 8796 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
    22:03:08.0618 8796 Brserid - ok
    22:03:08.0628 8796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
    22:03:08.0628 8796 BrSerWdm - ok
    22:03:08.0638 8796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
    22:03:08.0638 8796 BrUsbMdm - ok
    22:03:08.0648 8796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
    22:03:08.0648 8796 BrUsbSer - ok
    22:03:08.0708 8796 BTATH_A2DP (72ea2fcd6456bfc6936eda474ea08e48) C:\windows\system32\drivers\btath_a2dp.sys
    22:03:08.0708 8796 BTATH_A2DP - ok
    22:03:08.0728 8796 btath_avdt (ffa0d38141fb7b93aff465b82596d1ec) C:\windows\system32\drivers\btath_avdt.sys
    22:03:08.0728 8796 btath_avdt - ok
    22:03:08.0768 8796 BTATH_BUS (a65a9b2c3a9985d8122b2b6d3d2f4c1b) C:\windows\system32\DRIVERS\btath_bus.sys
    22:03:08.0768 8796 BTATH_BUS - ok
    22:03:08.0798 8796 BTATH_HCRP (e95f7e9f4c8a88610f4142e60cf196be) C:\windows\system32\DRIVERS\btath_hcrp.sys
    22:03:08.0808 8796 BTATH_HCRP - ok
    22:03:08.0848 8796 BTATH_LWFLT (1a5c05524c0c503c87f930f154b7145d) C:\windows\system32\DRIVERS\btath_lwflt.sys
    22:03:08.0848 8796 BTATH_LWFLT - ok
    22:03:08.0888 8796 BTATH_RCP (c2fd5b24f648dac8143c51514307b0ec) C:\windows\system32\DRIVERS\btath_rcp.sys
    22:03:08.0888 8796 BTATH_RCP - ok
    22:03:08.0958 8796 BtFilter (958f4aec324a2bb0dc5b8f9197e779a0) C:\windows\system32\DRIVERS\btfilter.sys
    22:03:08.0958 8796 BtFilter - ok
    22:03:08.0998 8796 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
    22:03:09.0008 8796 BthEnum - ok
    22:03:09.0038 8796 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
    22:03:09.0038 8796 BTHMODEM - ok
    22:03:09.0068 8796 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
    22:03:09.0068 8796 BthPan - ok
    22:03:09.0118 8796 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
    22:03:09.0118 8796 BTHPORT - ok
    22:03:09.0168 8796 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
    22:03:09.0168 8796 bthserv - ok
    22:03:09.0178 8796 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
    22:03:09.0178 8796 BTHUSB - ok
    22:03:09.0218 8796 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
    22:03:09.0218 8796 cdfs - ok
    22:03:09.0258 8796 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
    22:03:09.0258 8796 cdrom - ok
    22:03:09.0308 8796 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    22:03:09.0308 8796 CertPropSvc - ok
    22:03:09.0348 8796 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
    22:03:09.0348 8796 circlass - ok
    22:03:09.0388 8796 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
    22:03:09.0398 8796 CLFS - ok
    22:03:09.0448 8796 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:03:09.0458 8796 clr_optimization_v2.0.50727_32 - ok
    22:03:09.0508 8796 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:03:09.0508 8796 clr_optimization_v2.0.50727_64 - ok
    22:03:09.0578 8796 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:03:09.0588 8796 clr_optimization_v4.0.30319_32 - ok
    22:03:09.0628 8796 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:03:09.0638 8796 clr_optimization_v4.0.30319_64 - ok
    22:03:09.0678 8796 clwvd (e13a438f9e51dd034730678e33b73290) C:\windows\system32\DRIVERS\clwvd.sys
    22:03:09.0678 8796 clwvd - ok
    22:03:09.0698 8796 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
    22:03:09.0698 8796 CmBatt - ok
    22:03:09.0728 8796 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
    22:03:09.0728 8796 cmdide - ok
    22:03:09.0778 8796 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
    22:03:09.0788 8796 CNG - ok
    22:03:09.0828 8796 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
    22:03:09.0828 8796 Compbatt - ok
    22:03:09.0848 8796 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
    22:03:09.0858 8796 CompositeBus - ok
    22:03:09.0868 8796 COMSysApp - ok
    22:03:09.0888 8796 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
    22:03:09.0888 8796 crcdisk - ok
    22:03:09.0938 8796 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
    22:03:09.0938 8796 CryptSvc - ok
    22:03:09.0988 8796 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    22:03:09.0988 8796 DcomLaunch - ok
    22:03:10.0038 8796 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
    22:03:10.0038 8796 defragsvc - ok
    22:03:10.0068 8796 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
    22:03:10.0068 8796 DfsC - ok
    22:03:10.0118 8796 DgiVecp (2d589a2c024b2fb238535db9f7b3597d) C:\windows\system32\Drivers\DgiVecp.sys
    22:03:10.0118 8796 DgiVecp - ok
    22:03:10.0168 8796 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
    22:03:10.0178 8796 Dhcp - ok
    22:03:10.0198 8796 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
    22:03:10.0198 8796 discache - ok
    22:03:10.0248 8796 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
    22:03:10.0248 8796 Disk - ok
    22:03:10.0288 8796 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
    22:03:10.0288 8796 Dnscache - ok
    22:03:10.0338 8796 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
    22:03:10.0338 8796 dot3svc - ok
    22:03:10.0358 8796 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
    22:03:10.0358 8796 DPS - ok
    22:03:10.0398 8796 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
    22:03:10.0398 8796 drmkaud - ok
    22:03:10.0478 8796 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
    22:03:10.0488 8796 DXGKrnl - ok
    22:03:10.0518 8796 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
    22:03:10.0528 8796 EapHost - ok
    22:03:10.0718 8796 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
    22:03:10.0788 8796 ebdrv - ok
    22:03:10.0868 8796 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
    22:03:10.0868 8796 EFS - ok
    22:03:10.0948 8796 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
    22:03:10.0958 8796 ehRecvr - ok
    22:03:10.0998 8796 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
    22:03:10.0998 8796 ehSched - ok
    22:03:11.0088 8796 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
    22:03:11.0098 8796 elxstor - ok
    22:03:11.0108 8796 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
    22:03:11.0108 8796 ErrDev - ok
    22:03:11.0158 8796 ETD (fd0d922de7d2ad9e98562caa19a7cd2d) C:\windows\system32\DRIVERS\ETD.sys
    22:03:11.0158 8796 ETD - ok
    22:03:11.0218 8796 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
    22:03:11.0218 8796 EventSystem - ok
    22:03:11.0298 8796 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
    22:03:11.0298 8796 exfat - ok
    22:03:11.0328 8796 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
    22:03:11.0328 8796 fastfat - ok
    22:03:11.0378 8796 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
    22:03:11.0398 8796 Fax - ok
    22:03:11.0448 8796 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
    22:03:11.0458 8796 fdc - ok
    22:03:11.0468 8796 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
    22:03:11.0468 8796 fdPHost - ok
    22:03:11.0488 8796 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
    22:03:11.0488 8796 FDResPub - ok
    22:03:11.0508 8796 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
    22:03:11.0508 8796 FileInfo - ok
    22:03:11.0538 8796 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
    22:03:11.0538 8796 Filetrace - ok
    22:03:11.0568 8796 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
    22:03:11.0568 8796 flpydisk - ok
    22:03:11.0618 8796 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
    22:03:11.0618 8796 FltMgr - ok
    22:03:11.0698 8796 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
    22:03:11.0728 8796 FontCache - ok
    22:03:11.0828 8796 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:03:11.0828 8796 FontCache3.0.0.0 - ok
    22:03:11.0888 8796 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
    22:03:11.0888 8796 FsDepends - ok
    22:03:11.0918 8796 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
    22:03:11.0928 8796 Fs_Rec - ok
    22:03:11.0968 8796 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
    22:03:11.0968 8796 fvevol - ok
    22:03:12.0008 8796 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
    22:03:12.0008 8796 gagp30kx - ok
    22:03:12.0118 8796 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
    22:03:12.0118 8796 GameConsoleService - ok
    22:03:12.0198 8796 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
    22:03:12.0218 8796 gpsvc - ok
    22:03:12.0318 8796 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:03:12.0318 8796 gupdate - ok
    22:03:12.0328 8796 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:03:12.0328 8796 gupdatem - ok
    22:03:12.0368 8796 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    22:03:12.0368 8796 gusvc - ok
    22:03:12.0418 8796 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
    22:03:12.0418 8796 hcw85cir - ok
    22:03:12.0458 8796 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
    22:03:12.0458 8796 HdAudAddService - ok
    22:03:12.0478 8796 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
    22:03:12.0478 8796 HDAudBus - ok
    22:03:12.0548 8796 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
    22:03:12.0548 8796 HidBatt - ok
    22:03:12.0568 8796 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
    22:03:12.0568 8796 HidBth - ok
    22:03:12.0578 8796 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
    22:03:12.0588 8796 HidIr - ok
    22:03:12.0618 8796 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
    22:03:12.0618 8796 hidserv - ok
    22:03:12.0668 8796 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
    22:03:12.0668 8796 HidUsb - ok
    22:03:12.0708 8796 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
    22:03:12.0708 8796 hkmsvc - ok
    22:03:12.0728 8796 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
    22:03:12.0728 8796 HomeGroupListener - ok
    22:03:12.0768 8796 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
    22:03:12.0768 8796 HomeGroupProvider - ok
    22:03:12.0808 8796 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
    22:03:12.0808 8796 HpSAMD - ok
    22:03:12.0848 8796 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
    22:03:12.0858 8796 HTTP - ok
    22:03:12.0898 8796 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
    22:03:12.0898 8796 hwpolicy - ok
    22:03:12.0918 8796 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
    22:03:12.0918 8796 i8042prt - ok
    22:03:12.0988 8796 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
    22:03:12.0988 8796 iaStorV - ok
    22:03:13.0088 8796 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:03:13.0108 8796 idsvc - ok
    22:03:13.0538 8796 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
    22:03:13.0688 8796 igfx - ok
    22:03:13.0788 8796 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
    22:03:13.0788 8796 iirsp - ok
    22:03:13.0838 8796 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
    22:03:13.0858 8796 IKEEXT - ok
    22:03:14.0008 8796 IntcAzAudAddService (4bbb5a55eeb5ec11b20fcbb4cbb49357) C:\windows\system32\drivers\RTKVHD64.sys
    22:03:14.0078 8796 IntcAzAudAddService - ok
    22
     
  8. coflyfisher

    coflyfisher TS Rookie Topic Starter

    :03:14.0168 8796 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
    22:03:14.0168 8796 intelide - ok
    22:03:14.0198 8796 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
    22:03:14.0208 8796 intelppm - ok
    22:03:14.0238 8796 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
    22:03:14.0238 8796 IPBusEnum - ok
    22:03:14.0258 8796 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
    22:03:14.0258 8796 IpFilterDriver - ok
    22:03:14.0278 8796 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
    22:03:14.0288 8796 iphlpsvc - ok
    22:03:14.0298 8796 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
    22:03:14.0298 8796 IPMIDRV - ok
    22:03:14.0318 8796 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
    22:03:14.0318 8796 IPNAT - ok
    22:03:14.0358 8796 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
    22:03:14.0358 8796 IRENUM - ok
    22:03:14.0368 8796 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
    22:03:14.0368 8796 isapnp - ok
    22:03:14.0388 8796 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
    22:03:14.0388 8796 iScsiPrt - ok
    22:03:14.0468 8796 JumpDesktop (7f1c6f54cf6e17b5db6d46a7231f2563) C:\Program Files (x86)\Jump Desktop\JumpService.exe
    22:03:14.0468 8796 JumpDesktop - ok
    22:03:14.0488 8796 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
    22:03:14.0488 8796 kbdclass - ok
    22:03:14.0518 8796 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
    22:03:14.0518 8796 kbdhid - ok
    22:03:14.0568 8796 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:03:14.0568 8796 KeyIso - ok
    22:03:14.0588 8796 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
    22:03:14.0588 8796 KSecDD - ok
    22:03:14.0608 8796 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
    22:03:14.0608 8796 KSecPkg - ok
    22:03:14.0628 8796 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
    22:03:14.0628 8796 ksthunk - ok
    22:03:14.0658 8796 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
    22:03:14.0668 8796 KtmRm - ok
    22:03:14.0718 8796 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
    22:03:14.0718 8796 LanmanServer - ok
    22:03:14.0748 8796 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
    22:03:14.0748 8796 LanmanWorkstation - ok
    22:03:14.0788 8796 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
    22:03:14.0788 8796 lltdio - ok
    22:03:14.0828 8796 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
    22:03:14.0828 8796 lltdsvc - ok
    22:03:14.0848 8796 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
    22:03:14.0858 8796 lmhosts - ok
    22:03:14.0898 8796 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
    22:03:14.0898 8796 LSI_FC - ok
    22:03:14.0938 8796 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
    22:03:14.0938 8796 LSI_SAS - ok
    22:03:14.0958 8796 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
    22:03:14.0958 8796 LSI_SAS2 - ok
    22:03:14.0978 8796 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
    22:03:14.0978 8796 LSI_SCSI - ok
    22:03:15.0008 8796 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
    22:03:15.0008 8796 luafv - ok
    22:03:15.0078 8796 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
    22:03:15.0078 8796 MBAMProtector - ok
    22:03:15.0188 8796 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    22:03:15.0198 8796 MBAMService - ok
    22:03:15.0218 8796 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
    22:03:15.0228 8796 Mcx2Svc - ok
    22:03:15.0268 8796 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
    22:03:15.0268 8796 megasas - ok
    22:03:15.0298 8796 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
    22:03:15.0308 8796 MegaSR - ok
    22:03:15.0328 8796 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    22:03:15.0328 8796 MMCSS - ok
    22:03:15.0358 8796 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
    22:03:15.0358 8796 Modem - ok
    22:03:15.0388 8796 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
    22:03:15.0388 8796 monitor - ok
    22:03:15.0408 8796 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
    22:03:15.0408 8796 mouclass - ok
    22:03:15.0418 8796 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
    22:03:15.0418 8796 mouhid - ok
    22:03:15.0438 8796 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
    22:03:15.0438 8796 mountmgr - ok
    22:03:15.0528 8796 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:03:15.0528 8796 MozillaMaintenance - ok
    22:03:15.0558 8796 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
    22:03:15.0558 8796 mpio - ok
    22:03:15.0568 8796 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
    22:03:15.0578 8796 mpsdrv - ok
    22:03:15.0638 8796 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
    22:03:15.0648 8796 MpsSvc - ok
    22:03:15.0678 8796 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
    22:03:15.0678 8796 MRxDAV - ok
    22:03:15.0718 8796 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
    22:03:15.0718 8796 mrxsmb - ok
    22:03:15.0748 8796 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
    22:03:15.0748 8796 mrxsmb10 - ok
    22:03:15.0758 8796 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
    22:03:15.0768 8796 mrxsmb20 - ok
    22:03:15.0788 8796 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
    22:03:15.0788 8796 msahci - ok
    22:03:15.0798 8796 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
    22:03:15.0808 8796 msdsm - ok
    22:03:15.0828 8796 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
    22:03:15.0828 8796 MSDTC - ok
    22:03:15.0858 8796 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
    22:03:15.0858 8796 Msfs - ok
    22:03:15.0878 8796 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
    22:03:15.0878 8796 mshidkmdf - ok
    22:03:15.0888 8796 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
    22:03:15.0888 8796 msisadrv - ok
    22:03:15.0928 8796 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
    22:03:15.0938 8796 MSiSCSI - ok
    22:03:15.0938 8796 msiserver - ok
    22:03:15.0958 8796 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
    22:03:15.0958 8796 MSKSSRV - ok
    22:03:15.0978 8796 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
    22:03:15.0978 8796 MSPCLOCK - ok
    22:03:15.0998 8796 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
    22:03:15.0998 8796 MSPQM - ok
    22:03:16.0048 8796 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
    22:03:16.0058 8796 MsRPC - ok
    22:03:16.0088 8796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
    22:03:16.0088 8796 mssmbios - ok
    22:03:16.0208 8796 MSSQL$IAC - ok
    22:03:16.0248 8796 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    22:03:16.0258 8796 MSSQLServerADHelper - ok
    22:03:16.0288 8796 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
    22:03:16.0288 8796 MSTEE - ok
    22:03:16.0298 8796 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
    22:03:16.0298 8796 MTConfig - ok
    22:03:16.0318 8796 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
    22:03:16.0318 8796 Mup - ok
    22:03:16.0358 8796 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
    22:03:16.0368 8796 napagent - ok
    22:03:16.0428 8796 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
    22:03:16.0438 8796 NativeWifiP - ok
    22:03:16.0508 8796 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
    22:03:16.0508 8796 NDIS - ok
    22:03:16.0548 8796 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
    22:03:16.0548 8796 NdisCap - ok
    22:03:16.0578 8796 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
    22:03:16.0578 8796 NdisTapi - ok
    22:03:16.0608 8796 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
    22:03:16.0608 8796 Ndisuio - ok
    22:03:16.0628 8796 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
    22:03:16.0628 8796 NdisWan - ok
    22:03:16.0648 8796 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
    22:03:16.0648 8796 NDProxy - ok
    22:03:16.0678 8796 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
    22:03:16.0678 8796 NetBIOS - ok
    22:03:16.0688 8796 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
    22:03:16.0688 8796 NetBT - ok
    22:03:16.0728 8796 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:03:16.0728 8796 Netlogon - ok
    22:03:16.0788 8796 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
    22:03:16.0798 8796 Netman - ok
    22:03:16.0818 8796 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
    22:03:16.0828 8796 netprofm - ok
    22:03:16.0898 8796 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:03:16.0898 8796 NetTcpPortSharing - ok
    22:03:16.0938 8796 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
    22:03:16.0938 8796 nfrd960 - ok
    22:03:16.0988 8796 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
    22:03:16.0988 8796 NlaSvc - ok
    22:03:17.0028 8796 npf (c31fa031335eff434b2d94278e74bcce) C:\windows\system32\drivers\npf.sys
    22:03:17.0028 8796 npf - ok
    22:03:17.0048 8796 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
    22:03:17.0048 8796 Npfs - ok
    22:03:17.0078 8796 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
    22:03:17.0078 8796 nsi - ok
    22:03:17.0108 8796 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
    22:03:17.0108 8796 nsiproxy - ok
    22:03:17.0198 8796 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
    22:03:17.0218 8796 Ntfs - ok
    22:03:17.0338 8796 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
    22:03:17.0338 8796 Null - ok
    22:03:17.0378 8796 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
    22:03:17.0378 8796 nvraid - ok
    22:03:17.0418 8796 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
    22:03:17.0418 8796 nvstor - ok
    22:03:17.0448 8796 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
    22:03:17.0448 8796 nv_agp - ok
    22:03:17.0458 8796 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
    22:03:17.0458 8796 ohci1394 - ok
    22:03:17.0528 8796 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:03:17.0528 8796 ose - ok
    22:03:17.0578 8796 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    22:03:17.0588 8796 p2pimsvc - ok
    22:03:17.0618 8796 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
    22:03:17.0628 8796 p2psvc - ok
    22:03:17.0658 8796 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
    22:03:17.0658 8796 Parport - ok
    22:03:17.0698 8796 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
    22:03:17.0698 8796 partmgr - ok
    22:03:17.0728 8796 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
    22:03:17.0728 8796 PcaSvc - ok
    22:03:17.0768 8796 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
    22:03:17.0768 8796 pci - ok
    22:03:17.0788 8796 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
    22:03:17.0788 8796 pciide - ok
    22:03:17.0818 8796 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
    22:03:17.0818 8796 pcmcia - ok
    22:03:17.0828 8796 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
    22:03:17.0828 8796 pcw - ok
    22:03:17.0868 8796 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
    22:03:17.0868 8796 PEAUTH - ok
    22:03:17.0948 8796 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
    22:03:17.0948 8796 PerfHost - ok
    22:03:18.0048 8796 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
    22:03:18.0068 8796 pla - ok
    22:03:18.0128 8796 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
    22:03:18.0138 8796 PlugPlay - ok
    22:03:18.0218 8796 pneteth (a010f13d27c1033a8be09d5fa9bf348b) C:\windows\system32\DRIVERS\pneteth.sys
    22:03:18.0218 8796 pneteth - ok
    22:03:18.0248 8796 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
    22:03:18.0248 8796 PNRPAutoReg - ok
    22:03:18.0288 8796 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    22:03:18.0288 8796 PNRPsvc - ok
    22:03:18.0348 8796 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
    22:03:18.0348 8796 PolicyAgent - ok
    22:03:18.0408 8796 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
    22:03:18.0408 8796 Power - ok
    22:03:18.0448 8796 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
    22:03:18.0458 8796 PptpMiniport - ok
    22:03:18.0478 8796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
    22:03:18.0478 8796 Processor - ok
    22:03:18.0518 8796 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
    22:03:18.0528 8796 ProfSvc - ok
    22:03:18.0558 8796 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:03:18.0558 8796 ProtectedStorage - ok
    22:03:18.0588 8796 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
    22:03:18.0588 8796 Psched - ok
    22:03:18.0668 8796 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
    22:03:18.0688 8796 ql2300 - ok
    22:03:18.0778 8796 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
    22:03:18.0778 8796 ql40xx - ok
    22:03:18.0818 8796 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
    22:03:18.0828 8796 QWAVE - ok
    22:03:18.0848 8796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
    22:03:18.0848 8796 QWAVEdrv - ok
    22:03:18.0858 8796 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
    22:03:18.0868 8796 RasAcd - ok
    22:03:18.0898 8796 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
    22:03:18.0898 8796 RasAgileVpn - ok
    22:03:18.0938 8796 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
    22:03:18.0938 8796 RasAuto - ok
    22:03:18.0968 8796 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
    22:03:18.0968 8796 Rasl2tp - ok
    22:03:18.0998 8796 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
    22:03:19.0008 8796 RasMan - ok
    22:03:19.0018 8796 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
    22:03:19.0018 8796 RasPppoe - ok
    22:03:19.0028 8796 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
    22:03:19.0028 8796 RasSstp - ok
    22:03:19.0058 8796 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
    22:03:19.0058 8796 rdbss - ok
    22:03:19.0078 8796 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
    22:03:19.0078 8796 rdpbus - ok
    22:03:19.0098 8796 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
    22:03:19.0098 8796 RDPCDD - ok
    22:03:19.0128 8796 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
    22:03:19.0128 8796 RDPENCDD - ok
    22:03:19.0138 8796 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
    22:03:19.0138 8796 RDPREFMP - ok
    22:03:19.0178 8796 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
    22:03:19.0178 8796 RDPWD - ok
    22:03:19.0208 8796 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
    22:03:19.0208 8796 rdyboost - ok
    22:03:19.0268 8796 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
    22:03:19.0268 8796 RemoteAccess - ok
    22:03:19.0308 8796 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
    22:03:19.0308 8796 RemoteRegistry - ok
    22:03:19.0348 8796 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
    22:03:19.0348 8796 RFCOMM - ok
    22:03:19.0448 8796 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    22:03:19.0448 8796 RichVideo - ok
    22:03:19.0488 8796 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
    22:03:19.0488 8796 RpcEptMapper - ok
    22:03:19.0508 8796 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
    22:03:19.0508 8796 RpcLocator - ok
    22:03:19.0548 8796 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    22:03:19.0548 8796 RpcSs - ok
    22:03:19.0588 8796 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
    22:03:19.0588 8796 rspndr - ok
    22:03:19.0628 8796 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\windows\system32\DRIVERS\Rt64win7.sys
    22:03:19.0638 8796 RTL8167 - ok
    22:03:19.0668 8796 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
    22:03:19.0668 8796 SABI - ok
    22:03:19.0708 8796 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:03:19.0708 8796 SamSs - ok
    22:03:19.0758 8796 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
    22:03:19.0758 8796 sbp2port - ok
    22:03:19.0868 8796 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    22:03:19.0878 8796 SBSDWSCService - ok
    22:03:19.0908 8796 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
    22:03:19.0908 8796 SCardSvr - ok
    22:03:19.0978 8796 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
    22:03:19.0978 8796 scfilter - ok
    22:03:20.0028 8796 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
    22:03:20.0048 8796 Schedule - ok
    22:03:20.0108 8796 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    22:03:20.0108 8796 SCPolicySvc - ok
    22:03:20.0138 8796 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
    22:03:20.0138 8796 sdbus - ok
    22:03:20.0178 8796 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
    22:03:20.0178 8796 SDRSVC - ok
    22:03:20.0278 8796 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    22:03:20.0278 8796 SeaPort - ok
    22:03:20.0318 8796 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
    22:03:20.0318 8796 secdrv - ok
    22:03:20.0358 8796 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
    22:03:20.0358 8796 seclogon - ok
    22:03:20.0378 8796 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
    22:03:20.0378 8796 SENS - ok
    22:03:20.0398 8796 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
    22:03:20.0398 8796 SensrSvc - ok
    22:03:20.0428 8796 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
    22:03:20.0428 8796 Serenum - ok
    22:03:20.0458 8796 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
    22:03:20.0458 8796 Serial - ok
    22:03:20.0478 8796 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
    22:03:20.0478 8796 sermouse - ok
    22:03:20.0508 8796 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
    22:03:20.0508 8796 SessionEnv - ok
    22:03:20.0518 8796 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
    22:03:20.0518 8796 sffdisk - ok
    22:03:20.0538 8796 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
    22:03:20.0538 8796 sffp_mmc - ok
    22:03:20.0538 8796 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
    22:03:20.0548 8796 sffp_sd - ok
    22:03:20.0558 8796 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
    22:03:20.0558 8796 sfloppy - ok
    22:03:20.0588 8796 SGDrv (2fe1cd3aa602414841db10ad96c95a5e) C:\windows\system32\DRIVERS\SGdrv64.sys
    22:03:20.0588 8796 SGDrv - ok
    22:03:20.0648 8796 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
    22:03:20.0658 8796 SharedAccess - ok
    22:03:20.0698 8796 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
    22:03:20.0708 8796 ShellHWDetection - ok
    22:03:20.0738 8796 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
    22:03:20.0738 8796 SiSRaid2 - ok
    22:03:20.0768 8796 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
    22:03:20.0768 8796 SiSRaid4 - ok
    22:03:20.0828 8796 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
    22:03:20.0828 8796 SkypeUpdate - ok
    22:03:20.0858 8796 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
    22:03:20.0858 8796 Smb - ok
    22:03:20.0908 8796 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
    22:03:20.0908 8796 SNMPTRAP - ok
    22:03:20.0938 8796 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
    22:03:20.0938 8796 spldr - ok
    22:03:20.0978 8796 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
    22:03:20.0988 8796 Spooler - ok
    22:03:21.0138 8796 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
    22:03:21.0198 8796 sppsvc - ok
    22:03:21.0278 8796 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
    22:03:21.0278 8796 sppuinotify - ok
    22:03:21.0368 8796 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    22:03:21.0368 8796 SQLBrowser - ok
    22:03:21.0498 8796 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    22:03:21.0508 8796 SQLWriter - ok
    22:03:21.0568 8796 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
    22:03:21.0578 8796 srv - ok
    22:03:21.0618 8796 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
    22:03:21.0618 8796 srv2 - ok
    22:03:21.0658 8796 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
    22:03:21.0668 8796 srvnet - ok
    22:03:21.0708 8796 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
    22:03:21.0708 8796 SSDPSRV - ok
    22:03:21.0738 8796 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\windows\system32\Drivers\SSPORT.sys
    22:03:21.0738 8796 SSPORT - ok
    22:03:21.0758 8796 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
    22:03:21.0768 8796 SstpSvc - ok
    22:03:21.0788 8796 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
    22:03:21.0788 8796 stexstor - ok
    22:03:21.0838 8796 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
    22:03:21.0848 8796 stisvc - ok
    22:03:21.0878 8796 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
    22:03:21.0878 8796 swenum - ok
    22:03:21.0938 8796 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
    22:03:21.0948 8796 swprv - ok
    22:03:22.0018 8796 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
    22:03:22.0048 8796 SysMain - ok
    22:03:22.0138 8796 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
    22:03:22.0138 8796 TabletInputService - ok
    22:03:22.0158 8796 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
    22:03:22.0168 8796 TapiSrv - ok
    22:03:22.0178 8796 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
    22:03:22.0178 8796 TBS - ok
     
  9. coflyfisher

    coflyfisher TS Rookie Topic Starter

    22:03:22.0298 8796 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
    22:03:22.0318 8796 Tcpip - ok
    22:03:22.0498 8796 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
    22:03:22.0518 8796 TCPIP6 - ok
    22:03:22.0618 8796 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
    22:03:22.0618 8796 tcpipreg - ok
    22:03:22.0638 8796 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
    22:03:22.0638 8796 TDPIPE - ok
    22:03:22.0668 8796 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
    22:03:22.0668 8796 TDTCP - ok
    22:03:22.0688 8796 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
    22:03:22.0698 8796 tdx - ok
    22:03:22.0708 8796 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
    22:03:22.0718 8796 TermDD - ok
    22:03:22.0768 8796 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
    22:03:22.0778 8796 TermService - ok
    22:03:22.0808 8796 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
    22:03:22.0808 8796 Themes - ok
    22:03:22.0838 8796 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    22:03:22.0848 8796 THREADORDER - ok
    22:03:22.0878 8796 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
    22:03:22.0878 8796 TrkWks - ok
    22:03:22.0938 8796 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
    22:03:22.0938 8796 TrustedInstaller - ok
    22:03:22.0958 8796 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
    22:03:22.0958 8796 tssecsrv - ok
    22:03:23.0008 8796 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
    22:03:23.0008 8796 TsUsbFlt - ok
    22:03:23.0028 8796 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
    22:03:23.0038 8796 TsUsbGD - ok
    22:03:23.0128 8796 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
    22:03:23.0128 8796 tunnel - ok
    22:03:23.0248 8796 tvnserver (711561440fdc396cb6e4c69c13375a38) C:\Program Files (x86)\TightVNC\tvnserver.exe
    22:03:23.0258 8796 tvnserver - ok
    22:03:23.0288 8796 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
    22:03:23.0298 8796 uagp35 - ok
    22:03:23.0308 8796 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
    22:03:23.0318 8796 udfs - ok
    22:03:23.0348 8796 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
    22:03:23.0348 8796 UI0Detect - ok
    22:03:23.0388 8796 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
    22:03:23.0388 8796 uliagpkx - ok
    22:03:23.0408 8796 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
    22:03:23.0408 8796 umbus - ok
    22:03:23.0428 8796 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
    22:03:23.0428 8796 UmPass - ok
    22:03:23.0468 8796 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
    22:03:23.0468 8796 upnphost - ok
    22:03:23.0518 8796 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
    22:03:23.0518 8796 usbccgp - ok
    22:03:23.0538 8796 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
    22:03:23.0538 8796 usbcir - ok
    22:03:23.0558 8796 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
    22:03:23.0558 8796 usbehci - ok
    22:03:23.0608 8796 usbfilter (b7037444dc5138fc7d3d3968b4de5c4b) C:\windows\system32\DRIVERS\usbfilter.sys
    22:03:23.0608 8796 usbfilter - ok
    22:03:23.0648 8796 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
    22:03:23.0648 8796 usbhub - ok
    22:03:23.0668 8796 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
    22:03:23.0668 8796 usbohci - ok
    22:03:23.0698 8796 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
    22:03:23.0698 8796 usbprint - ok
    22:03:23.0728 8796 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
    22:03:23.0728 8796 usbscan - ok
    22:03:23.0768 8796 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
    22:03:23.0768 8796 USBSTOR - ok
    22:03:23.0808 8796 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
    22:03:23.0808 8796 usbuhci - ok
    22:03:23.0858 8796 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
    22:03:23.0858 8796 usbvideo - ok
    22:03:23.0878 8796 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
    22:03:23.0888 8796 UxSms - ok
    22:03:23.0918 8796 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:03:23.0918 8796 VaultSvc - ok
    22:03:23.0948 8796 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
    22:03:23.0948 8796 vdrvroot - ok
    22:03:23.0988 8796 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
    22:03:24.0008 8796 vds - ok
    22:03:24.0048 8796 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
    22:03:24.0048 8796 vga - ok
    22:03:24.0068 8796 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
    22:03:24.0068 8796 VgaSave - ok
    22:03:24.0088 8796 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
    22:03:24.0088 8796 vhdmp - ok
    22:03:24.0108 8796 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
    22:03:24.0108 8796 viaide - ok
    22:03:24.0138 8796 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
    22:03:24.0138 8796 volmgr - ok
    22:03:24.0158 8796 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
    22:03:24.0168 8796 volmgrx - ok
    22:03:24.0198 8796 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
    22:03:24.0208 8796 volsnap - ok
    22:03:24.0238 8796 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
    22:03:24.0238 8796 vsmraid - ok
    22:03:24.0298 8796 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
    22:03:24.0328 8796 VSS - ok
    22:03:24.0418 8796 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
    22:03:24.0418 8796 vwifibus - ok
    22:03:24.0448 8796 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
    22:03:24.0448 8796 vwififlt - ok
    22:03:24.0468 8796 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys
    22:03:24.0478 8796 vwifimp - ok
    22:03:24.0538 8796 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
    22:03:24.0538 8796 W32Time - ok
    22:03:24.0568 8796 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
    22:03:24.0568 8796 WacomPen - ok
    22:03:24.0598 8796 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    22:03:24.0598 8796 WANARP - ok
    22:03:24.0608 8796 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    22:03:24.0608 8796 Wanarpv6 - ok
    22:03:24.0688 8796 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
    22:03:24.0708 8796 WatAdminSvc - ok
    22:03:24.0788 8796 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
    22:03:24.0808 8796 wbengine - ok
    22:03:24.0908 8796 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
    22:03:24.0918 8796 WbioSrvc - ok
    22:03:24.0948 8796 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
    22:03:24.0958 8796 wcncsvc - ok
    22:03:24.0968 8796 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
    22:03:24.0978 8796 WcsPlugInService - ok
    22:03:25.0028 8796 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
    22:03:25.0038 8796 Wd - ok
    22:03:25.0078 8796 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
    22:03:25.0088 8796 Wdf01000 - ok
    22:03:25.0108 8796 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    22:03:25.0118 8796 WdiServiceHost - ok
    22:03:25.0118 8796 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    22:03:25.0128 8796 WdiSystemHost - ok
    22:03:25.0148 8796 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
    22:03:25.0158 8796 WebClient - ok
    22:03:25.0188 8796 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
    22:03:25.0198 8796 Wecsvc - ok
    22:03:25.0208 8796 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
    22:03:25.0218 8796 wercplsupport - ok
    22:03:25.0238 8796 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
    22:03:25.0248 8796 WerSvc - ok
    22:03:25.0298 8796 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
    22:03:25.0298 8796 WfpLwf - ok
    22:03:25.0308 8796 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
    22:03:25.0308 8796 WIMMount - ok
    22:03:25.0348 8796 WinDefend - ok
    22:03:25.0358 8796 WinHttpAutoProxySvc - ok
    22:03:25.0428 8796 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
    22:03:25.0428 8796 Winmgmt - ok
    22:03:25.0528 8796 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
    22:03:25.0558 8796 WinRM - ok
    22:03:25.0728 8796 WinUSB (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys
    22:03:25.0728 8796 WinUSB - ok
    22:03:25.0778 8796 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
    22:03:25.0788 8796 Wlansvc - ok
    22:03:25.0868 8796 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    22:03:25.0878 8796 wlcrasvc - ok
    22:03:26.0018 8796 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:03:26.0038 8796 wlidsvc - ok
    22:03:26.0128 8796 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
    22:03:26.0138 8796 WmiAcpi - ok
    22:03:26.0198 8796 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
    22:03:26.0198 8796 wmiApSrv - ok
    22:03:26.0258 8796 WMPNetworkSvc - ok
    22:03:26.0288 8796 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
    22:03:26.0288 8796 WPCSvc - ok
    22:03:26.0308 8796 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
    22:03:26.0308 8796 WPDBusEnum - ok
    22:03:26.0358 8796 WRkrn (fe19a3efaa530604554decb406f1a49d) C:\windows\system32\drivers\WRkrn.sys
    22:03:26.0358 8796 WRkrn - ok
    22:03:26.0418 8796 WRSVC (a0ca8e2a8463db21ff5b16a22f789aaf) C:\Program Files\Webroot\WRSA.exe
    22:03:26.0418 8796 WRSVC - ok
    22:03:26.0448 8796 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
    22:03:26.0448 8796 ws2ifsl - ok
    22:03:26.0488 8796 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
    22:03:26.0488 8796 wscsvc - ok
    22:03:26.0518 8796 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
    22:03:26.0518 8796 WSDPrintDevice - ok
    22:03:26.0528 8796 WSearch - ok
    22:03:26.0638 8796 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
    22:03:26.0668 8796 wuauserv - ok
    22:03:26.0768 8796 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
    22:03:26.0768 8796 WudfPf - ok
    22:03:26.0788 8796 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
    22:03:26.0798 8796 WUDFRd - ok
    22:03:26.0828 8796 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
    22:03:26.0838 8796 wudfsvc - ok
    22:03:26.0858 8796 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
    22:03:26.0868 8796 WwanSvc - ok
    22:03:26.0918 8796 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
    22:03:27.0158 8796 \Device\Harddisk0\DR0 - ok
    22:03:27.0168 8796 Boot (0x1200) (89a525040c8bed0956000bfba7fc8d62) \Device\Harddisk0\DR0\Partition0
    22:03:27.0168 8796 \Device\Harddisk0\DR0\Partition0 - ok
    22:03:27.0178 8796 Boot (0x1200) (cab0857b008100f794b275b10d5bd944) \Device\Harddisk0\DR0\Partition1
    22:03:27.0178 8796 \Device\Harddisk0\DR0\Partition1 - ok
    22:03:27.0208 8796 Boot (0x1200) (71ae912c1ab5d44dcff562567dd1e47c) \Device\Harddisk0\DR0\Partition2
    22:03:27.0208 8796 \Device\Harddisk0\DR0\Partition2 - ok
    22:03:27.0208 8796 ============================================================
    22:03:27.0208 8796 Scan finished
    22:03:27.0208 8796 ============================================================
    22:03:27.0228 8728 Detected object count: 0
    22:03:27.0228 8728 Actual detected object count: 0
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  11. coflyfisher

    coflyfisher TS Rookie Topic Starter

    no infections were found running this scan
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  13. coflyfisher

    coflyfisher TS Rookie Topic Starter

    here is the log. I went to several different webistes and no pop ups have appeared

    ComboFix 12-05-20.06 - Chris 05/20/2012 11:42:40.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3564.2488 [GMT -6:00]
    Running from: c:\users\Chris\Desktop\ComboFix.exe
    AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
    SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\livestream
    c:\program files (x86)\livestream\Broadcaster\grabber.xml
    c:\program files (x86)\livestream\Broadcaster\grabber_ui.xml
    c:\program files (x86)\livestream\Broadcaster\grabprofdb.xml
    c:\users\Chris\AppData\Local\Temp\DAT1C8D.tmp.exe
    c:\users\Chris\g2mdlhlpx.exe
    c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_npf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-20 17:56 . 2012-05-20 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-20 12:48 . 2012-05-20 12:48 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-05-20 12:48 . 2012-05-20 12:48 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2012-05-18 11:04 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60F3492F-B3E3-443B-B4E5-7CC616F1E8A0}\mpengine.dll
    2012-05-17 21:02 . 2012-05-17 21:02 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
    2012-05-17 21:02 . 2012-05-17 21:02 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-17 21:02 . 2012-05-17 21:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-05-17 21:02 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-17 03:46 . 2012-05-17 03:46 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-16 16:15 . 2012-05-16 16:15 -------- d-----w- c:\windows\Sun
    2012-05-15 23:13 . 2012-05-15 23:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-05-15 23:13 . 2012-05-15 23:14 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-05-14 05:38 . 2012-05-14 05:38 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-05-14 05:38 . 2012-05-14 05:38 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-05-14 05:38 . 2012-05-14 05:38 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-12 15:33 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
    2012-05-12 15:33 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-05-12 15:33 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-12 15:33 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
    2012-05-12 15:33 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-12 15:33 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-12 15:32 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-12 15:31 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-12 15:31 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-05-12 15:31 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 15:31 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 15:31 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-05-12 15:31 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-05-10 17:01 . 2012-05-10 17:02 -------- d-----w- c:\program files\Microsoft SQL Server
    2012-05-10 17:00 . 2012-05-18 10:57 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
    2012-05-10 17:00 . 2012-05-10 17:00 -------- d-----w- C:\IAC Files
    2012-04-23 19:44 . 2012-04-27 04:01 -------- d-----w- c:\users\Chris\AppData\Local\NPE
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-17 03:46 . 2012-04-05 20:32 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-17 03:46 . 2012-02-16 13:16 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-16 19:51 . 2012-02-15 14:40 148152 ----a-w- c:\windows\SysWow64\WRusr.dll
    2012-05-16 19:51 . 2012-02-15 14:40 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys
    2012-05-16 19:51 . 2012-02-15 14:40 100760 ----a-w- c:\windows\system32\WRusr.dll
    2012-03-01 06:46 . 2012-04-14 23:57 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 06:38 . 2012-04-14 23:57 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-03-01 06:33 . 2012-04-14 23:57 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-03-01 06:28 . 2012-04-14 23:57 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-03-01 05:37 . 2012-04-14 23:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-03-01 05:33 . 2012-04-14 23:57 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-03-01 05:29 . 2012-04-14 23:57 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-02-28 06:56 . 2012-04-15 00:00 2311168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 06:49 . 2012-04-15 00:00 1390080 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 06:48 . 2012-04-15 00:00 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 06:42 . 2012-04-15 00:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-28 01:18 . 2012-04-15 00:00 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-02-28 01:11 . 2012-04-15 00:00 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11 . 2012-04-15 00:00 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-02-28 01:03 . 2012-04-15 00:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-02-23 16:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2010-01-26 17:11 . 2012-02-09 03:58 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-07 39408]
    "Jump Desktop"="c:\program files (x86)\Jump Desktop\JumpDesktop.exe" [2011-12-21 424008]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-10-13 606208]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-05-16 679608]
    "3170 Scan2PC"="c:\windows\twain_32\Samsung\CLX3170\Scan2Pc.exe" [2009-06-12 503808]
    "tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2010-07-08 815704]
    "Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2012-2-26 484976]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    "NoDFSTab"= 0 (0x0)
    "NoEncryptOnMove"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoStartMenuSubFolders"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"= 0 (0x0)
    "NoDFSTab"= 0 (0x0)
    "NoEncryptOnMove"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoStartMenuSubFolders"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "DisableLocalMachineRun"= 0 (0x0)
    "DisableLocalMachineRunOnce"= 0 (0x0)
    "DisableCurrentUserRun"= 0 (0x0)
    "DisableCurrentUserRunOnce"= 0 (0x0)
    "NoFile"= 0 (0x0)
    "HideClock"= 0 (0x0)
    "NoDevMgrUpdate"= 0 (0x0)
    "NoDFSTab"= 0 (0x0)
    "NoEncryptOnMove"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoStartMenuSubFolders"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 257696]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-14 129976]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
    S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-07-16 146592]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-07-16 91296]
    S2 JumpDesktop;Jump Desktop Service;c:\program files (x86)\Jump Desktop\JumpService.exe [2011-12-21 7680]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 MSSQL$IAC;SQL Server (IAC);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [x]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
    S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2010-07-08 815704]
    S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-05-16 679608]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:46]
    .
    2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 15:38]
    .
    2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 15:38]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-07-16 791200]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-07-16 657568]
    "combofix"="c:\combofix\CF17908.3XE" [2010-11-21 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://samsung.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append the content of the link to existing PDF file - c:\program files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    IE: Append to existing PDF file - c:\program files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    IE: Create PDF file - c:\program files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    IE: Create PDF file from the content of the link - c:\program files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    IE: Create PDF files from the selected links - c:\program files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
    IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
    IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
    IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll
    TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
    FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7r01hjhb.default\
    .
    .
    ------- File Associations -------
    .
    inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
    txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    @DACL=(02 0000)
    "Installed"="1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    @DACL=(02 0000)
    "Installed"="1"
    "NoChange"="1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    @DACL=(02 0000)
    "Installed"="1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
    c:\program files (x86)\Common Files\Teleca Shared\logger.exe
    c:\program files (x86)\Common Files\Teleca Shared\Generic.exe
    c:\program files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-20 12:35:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-20 18:35
    .
    Pre-Run: 122,807,189,504 bytes free
    Post-Run: 122,259,365,888 bytes free
    .
    - - End Of File - - A347D4A091C932CF1F662E6FD94796AC
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good news :)

    Combofix log looks good.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. coflyfisher

    coflyfisher TS Rookie Topic Starter

    here are the scans

    OTL logfile created on: 5/20/2012 8:18:13 PM - Run 1
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Chris\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.48 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 57.64% Memory free
    6.96 Gb Paging File | 4.70 Gb Available in Paging File | 67.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 179.00 Gb Total Space | 113.88 Gb Free Space | 63.62% Space Free | Partition Type: NTFS
    Drive D: | 267.10 Gb Total Space | 245.84 Gb Free Space | 92.04% Space Free | Partition Type: NTFS

    Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/05/20 20:17:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    PRC - [2012/05/16 13:51:34 | 000,679,608 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
    PRC - [2012/05/15 22:55:05 | 003,472,840 | ---- | M] (MetaQuotes Software Corp.) -- C:\Program Files (x86)\OANDA - MetaTrader\terminal.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/02/29 13:56:45 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2012/02/07 18:53:52 | 002,815,664 | ---- | M] (MetaQuotes Software Corp.) -- C:\Program Files (x86)\MetaTrader FOREX Ltd\terminal.exe
    PRC - [2012/01/26 19:04:18 | 000,484,976 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
    PRC - [2012/01/13 10:11:34 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\FXTSpp.exe
    PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/12/21 14:50:10 | 000,424,008 | ---- | M] (Phase Five Systems) -- C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
    PRC - [2011/12/21 14:44:46 | 000,007,680 | ---- | M] (Phase Five Systems) -- C:\Program Files (x86)\Jump Desktop\JumpService.exe
    PRC - [2011/07/15 18:16:16 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    PRC - [2011/02/24 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/07/08 07:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe
    PRC - [2010/03/19 15:05:08 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    PRC - [2010/03/19 15:04:58 | 000,249,856 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Sync Manager\SyncIndicator.exe
    PRC - [2010/03/17 15:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    PRC - [2010/03/17 15:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    PRC - [2010/03/17 15:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    PRC - [2009/12/11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
    PRC - [2009/11/19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
    PRC - [2009/10/13 04:41:27 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    PRC - [2009/06/12 01:10:18 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
    PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
    PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/13 19:21:11 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll
    MOD - [2012/05/13 19:21:02 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/13 19:20:28 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
    MOD - [2012/05/13 19:20:19 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
    MOD - [2012/05/13 19:20:16 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
    MOD - [2012/05/13 19:19:54 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/13 19:19:48 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/13 19:19:41 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/01/26 19:04:18 | 000,484,976 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
    MOD - [2012/01/13 10:11:34 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\FXTSpp.exe
    MOD - [2012/01/13 10:10:29 | 000,003,072 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\FXCMRSSenu.lng
    MOD - [2012/01/13 10:07:27 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\FXCMFXTSenu.lng
    MOD - [2012/01/13 10:06:41 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\OptimizerPluginenu.lng
    MOD - [2012/01/13 10:04:05 | 000,479,232 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\chartenu.lng
    MOD - [2012/01/13 10:03:27 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\RSSenu.lng
    MOD - [2012/01/13 10:01:30 | 001,204,224 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\FXTSenu.lng
    MOD - [2012/01/13 09:59:15 | 000,458,752 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\OptimizerPlugin.dll
    MOD - [2012/01/13 09:58:40 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\RSS.dll
    MOD - [2012/01/13 09:55:48 | 004,386,816 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\ChartPlugin.dll
    MOD - [2012/01/13 09:37:39 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\PCCH.dll
    MOD - [2012/01/13 09:37:22 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\lnkplugin.dll
    MOD - [2012/01/13 09:37:09 | 001,355,776 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\fxts.dll
    MOD - [2012/01/13 09:35:04 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\report.dll
    MOD - [2012/01/13 09:34:57 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\plugincmp.dll
    MOD - [2012/01/13 09:34:16 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\cmncmp.dll
    MOD - [2012/01/13 09:33:27 | 000,270,336 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\gasctrl.dll
    MOD - [2012/01/13 09:29:12 | 002,486,272 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\fxcommon.dll
    MOD - [2012/01/13 09:25:20 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\trcmp.dll
    MOD - [2012/01/13 09:24:33 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\lucmp.dll
    MOD - [2012/01/13 09:23:38 | 001,507,328 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\fxcore.dll
    MOD - [2012/01/13 09:20:31 | 000,598,016 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\btoptcmn.dll
    MOD - [2012/01/13 09:19:17 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\cmnifaces.dll
    MOD - [2012/01/13 09:18:45 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\logger.dll
    MOD - [2012/01/13 09:18:13 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\pdas.dll
    MOD - [2012/01/13 09:18:00 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\fxtc.dll
    MOD - [2012/01/13 09:17:20 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\fxmsgenu.lng
    MOD - [2012/01/13 09:17:15 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\fxmsg.dll
    MOD - [2012/01/13 09:16:15 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\mailsender.dll
    MOD - [2012/01/13 09:16:03 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\SMTPMailSender.dll
    MOD - [2012/01/13 09:10:53 | 000,417,792 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\indicore2.dll
    MOD - [2012/01/13 09:09:55 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\Lua5.1.std.dll
    MOD - [2012/01/13 09:09:45 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\Lua5.1.dll
    MOD - [2012/01/13 09:09:10 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\gsalgo.dll
    MOD - [2012/01/13 09:09:06 | 001,019,904 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\gsframe.dll
    MOD - [2012/01/13 09:08:15 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\gsskin.dll
    MOD - [2012/01/13 09:06:46 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\skinhook.dll
    MOD - [2012/01/13 09:06:41 | 002,220,032 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\XTP9700Lib.dll
    MOD - [2012/01/13 09:05:14 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\gstool2.dll
    MOD - [2012/01/13 09:04:27 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\zlib.dll
    MOD - [2012/01/13 09:04:11 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\expat.dll
    MOD - [2012/01/13 09:04:02 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Candleworks\FXTS2\local2.dll
    MOD - [2010/03/19 15:04:56 | 000,012,800 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Sync Manager\SyncEngineAppps.dll
    MOD - [2010/03/17 15:20:30 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
    MOD - [2010/02/10 18:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
    MOD - [2010/02/10 18:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
    MOD - [2009/10/13 04:41:27 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    MOD - [2009/07/27 02:47:54 | 000,402,432 | ---- | M] () -- C:\Program Files (x86)\Common Files\ScanSoft Shared\PDF6\olres_eng.dll
    MOD - [2009/07/27 02:45:30 | 000,432,128 | ---- | M] () -- C:\Program Files (x86)\Common Files\ScanSoft Shared\PDF6\OutlookAddin.dll
    MOD - [2009/06/12 01:10:18 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
    MOD - [2008/06/26 21:46:08 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll
    MOD - [2008/06/26 21:45:14 | 000,367,104 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll
    MOD - [2008/06/26 21:45:06 | 000,155,648 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll
    MOD - [2007/01/11 17:33:20 | 000,106,496 | R--- | M] () -- C:\Program Files (x86)\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/05/16 13:51:34 | 000,679,608 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
    SRV:64bit: - [2011/10/13 14:30:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/09/22 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/05/16 21:46:47 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/05/13 23:38:35 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/12/21 14:44:46 | 000,007,680 | ---- | M] (Phase Five Systems) [Auto | Running] -- C:\Program Files (x86)\Jump Desktop\JumpService.exe -- (JumpDesktop)
    SRV - [2011/07/15 18:16:16 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
    SRV - [2011/07/15 18:10:34 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2011/03/01 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/24 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/07/08 07:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/05/16 13:51:35 | 000,112,656 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/25 01:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
    DRV:64bit: - [2011/10/13 15:37:30 | 010,496,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/10/13 13:52:50 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/10/12 01:53:50 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
    DRV:64bit: - [2011/08/31 12:02:36 | 000,197,416 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2011/08/17 14:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2011/08/17 01:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2011/08/03 05:57:04 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/07/15 18:13:34 | 000,289,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2011/07/15 18:13:18 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2011/07/15 18:13:12 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2011/07/15 18:13:08 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2011/07/15 18:13:02 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2011/07/15 18:12:58 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2011/07/15 18:12:52 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
    DRV:64bit: - [2011/07/15 18:12:46 | 000,259,744 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2011/06/16 13:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2011/06/16 13:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2011/05/17 00:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/04/11 04:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/17 23:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/25 05:44:39 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
    DRV:64bit: - [2007/10/22 00:58:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msnbc.msn.com/
    IE - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS473
    IE - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/13 23:38:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/02/07 09:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
    [2012/05/03 08:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7r01hjhb.default\extensions
    [2012/02/14 14:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/13 23:38:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/01/29 07:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/29 07:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========


    O1 HOSTS File: ([2012/05/20 12:06:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create! 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create! 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
    O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
    O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
    O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
    O4 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000..\Run: [Jump Desktop] C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe (Phase Five Systems)
    O4 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
     
  16. coflyfisher

    coflyfisher TS Rookie Topic Starter

    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
    O7 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
    O8:64bit: - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll2.htm ()
    O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll1.htm ()
    O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll.htm ()
    O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll ()
    O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Create PDF file - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Create! 6\Bin\ZeonIEFavClient.dll (Zeon Corporation)
    O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll2.htm ()
    O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll1.htm ()
    O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WEBCapture.dll.htm ()
    O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll ()
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD5C982A-EEBD-4126-ABEB-37B2AFC58C75}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D11BE09D-1EBD-4033-83A0-0256BB21F28F}: DhcpNameServer = 192.168.0.1 205.171.2.25
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
    O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
    O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
    O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
    O29 - HKLM SecurityProviders - (digest.dll) - File not found
    O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-1833043278-1489670560-2515665415-1000..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/20 20:17:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    [2012/05/20 12:36:58 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/05/20 12:06:20 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    [2012/05/20 12:06:12 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/05/20 11:40:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/05/20 11:40:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/05/20 11:40:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/05/20 11:37:36 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2012/05/20 11:34:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/05/20 11:33:34 | 004,499,706 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
    [2012/05/20 06:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012/05/20 06:49:10 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Chris\Desktop\FixTDSS.exe
    [2012/05/20 06:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2012/05/20 06:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2012/05/20 06:47:37 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/05/19 22:02:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\tdsskiller
    [2012/05/19 15:01:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\bootkit_remover
    [2012/05/18 22:47:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
    [2012/05/17 15:31:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
    [2012/05/17 15:02:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
    [2012/05/17 15:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/05/17 15:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/05/17 15:02:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2012/05/17 15:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/05/16 10:15:50 | 000,000,000 | ---D | C] -- C:\windows\Sun
    [2012/05/15 17:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/05/15 17:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/05/15 17:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2012/05/13 23:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/05/13 23:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/05/10 11:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005
    [2012/05/10 11:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
    [2012/05/10 11:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
    [2012/05/10 11:00:14 | 000,000,000 | ---D | C] -- C:\IAC Files
    [2012/05/02 10:11:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9E30258F-EB01-4747-8C8E-45413E3BD73E}
    [2012/05/02 10:10:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{6C04213D-E7DF-48A1-AADB-ECB12E31BF15}
    [2012/05/02 10:10:15 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{1B624856-CFB4-46FE-91DB-646E2BE32CA0}
    [2012/05/02 10:10:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{5760D95B-77B2-474B-A6B8-CF73F5C2A936}
    [2012/05/02 09:53:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{0F9BF396-87E3-4343-BB18-C45C8CAA2C07}
    [2012/05/02 09:53:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{F4208B22-5A87-41FF-9081-62F462A3C1EF}
    [2012/04/23 13:44:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\NPE

    ========== Files - Modified Within 30 Days ==========

    [2012/05/20 20:17:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    [2012/05/20 20:16:22 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/20 20:16:19 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/05/20 20:16:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/05/20 12:07:32 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/20 12:07:32 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/20 12:06:10 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2012/05/20 12:06:00 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/20 11:59:55 | 3736,985,600 | -HS- | M] () -- C:\hiberfil.sys
    [2012/05/20 11:48:39 | 000,674,006 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/05/20 11:48:39 | 000,124,804 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/05/20 11:48:38 | 000,795,774 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/05/20 11:38:17 | 004,499,706 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
    [2012/05/20 06:49:17 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Chris\Desktop\FixTDSS.exe
    [2012/05/18 23:05:14 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
    [2012/05/18 22:47:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
    [2012/05/18 04:59:28 | 000,747,538 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/05/17 15:31:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
    [2012/05/17 15:29:42 | 000,302,592 | ---- | M] () -- C:\Users\Chris\Desktop\4nvcjztb.exe
    [2012/05/17 15:02:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/05/16 16:27:44 | 000,592,936 | ---- | M] () -- C:\Users\Chris\Documents\QScan05162012_162701.pdf
    [2012/05/16 13:51:35 | 000,148,152 | ---- | M] (Webroot) -- C:\windows\SysWow64\WRusr.dll
    [2012/05/16 13:51:35 | 000,112,656 | ---- | M] (Webroot) -- C:\windows\SysNative\drivers\WRkrn.sys
    [2012/05/16 13:51:35 | 000,100,760 | ---- | M] (Webroot) -- C:\windows\SysNative\WRusr.dll
    [2012/05/15 22:49:38 | 000,000,665 | ---- | M] () -- C:\windows\SysNative\phonebook.pbs
    [2012/05/13 20:25:31 | 000,001,137 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2012/05/13 19:13:39 | 000,366,088 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2012/05/10 14:32:08 | 000,004,096 | -H-- | M] () -- C:\Users\Chris\AppData\Local\keyfile3.drm
    [2012/05/10 11:14:45 | 000,002,615 | ---- | M] () -- C:\Users\Public\Desktop\Quote EZ.lnk

    ========== Files Created - No Company Name ==========

    [2012/05/20 11:40:36 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/05/20 11:40:36 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/05/20 11:40:36 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/05/20 11:40:36 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/05/20 11:40:36 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/05/18 23:05:14 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
    [2012/05/17 15:29:38 | 000,302,592 | ---- | C] () -- C:\Users\Chris\Desktop\4nvcjztb.exe
    [2012/05/17 15:02:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/05/16 16:27:43 | 000,592,936 | ---- | C] () -- C:\Users\Chris\Documents\QScan05162012_162701.pdf
    [2012/05/15 22:49:38 | 000,000,665 | ---- | C] () -- C:\windows\SysNative\phonebook.pbs
    [2012/05/10 14:32:08 | 000,004,096 | -H-- | C] () -- C:\Users\Chris\AppData\Local\keyfile3.drm
    [2012/05/10 11:04:10 | 000,747,538 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/05/10 11:00:23 | 000,002,627 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quote EZ.lnk
    [2012/05/10 11:00:23 | 000,002,615 | ---- | C] () -- C:\Users\Public\Desktop\Quote EZ.lnk
    [2012/03/18 16:48:22 | 019,284,644 | ---- | C] () -- C:\ProgramData\SamPCFax00001DC80000
    [2012/02/17 01:48:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2012/02/09 12:00:53 | 000,011,182 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\SmarThruOptions.xml
    [2012/02/09 12:00:41 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\SvcMan.exe
    [2012/02/09 12:00:11 | 000,172,032 | ---- | C] () -- C:\windows\SysWow64\SecSNMP.dll
    [2012/02/09 11:59:56 | 000,000,136 | ---- | C] () -- C:\windows\Readiris.ini
    [2012/02/09 11:59:52 | 000,023,040 | ---- | C] () -- C:\windows\SysWow64\irisco32.dll
    [2012/02/09 11:51:02 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
    [2012/02/09 11:50:58 | 000,113,768 | ---- | C] () -- C:\windows\Wiainst.exe
    [2012/02/08 21:58:53 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
    [2012/02/07 08:49:33 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/02/07 00:46:35 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
    [2011/11/16 06:42:36 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
    [2011/11/16 05:58:01 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
    [2011/11/16 05:42:10 | 000,001,276 | ---- | C] () -- C:\windows\HotFixList.ini
    [2011/11/01 01:00:03 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
    [2011/11/01 01:00:03 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
    [2011/11/01 01:00:02 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
    [2011/10/13 01:53:18 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
    [2011/10/13 01:53:02 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll

    ========== LOP Check ==========

    [2012/02/07 01:09:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FXTS2
    [2012/02/13 18:16:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IsolatedStorage
    [2012/02/08 18:54:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Nuance
    [2012/02/13 18:17:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Pershing
    [2012/03/12 11:30:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Phase Five Systems
    [2012/02/09 12:00:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SmarThru4
    [2012/04/12 17:59:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Teleca
    [2012/03/15 14:10:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TightVNC
    [2012/04/11 03:10:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
    [2012/05/13 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\VDownloader
    [2012/03/01 03:29:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\X-Chat 2
    [2012/02/07 09:07:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Zeon
    [2009/07/13 23:08:49 | 000,022,686 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/05/20 12:36:14 | 000,022,078 | ---- | M] () -- C:\ComboFix.txt
    [2012/05/20 11:59:55 | 3736,985,600 | -HS- | M] () -- C:\hiberfil.sys
    [2012/05/20 11:59:59 | 3736,985,600 | -HS- | M] () -- C:\pagefile.sys
    [2011/11/16 05:13:44 | 000,002,184 | ---- | M] () -- C:\RHDSetup.log
    [2011/11/16 06:44:41 | 000,000,198 | ---- | M] () -- C:\setup.log
    [2012/05/19 22:07:47 | 000,130,192 | ---- | M] () -- C:\TDSSKiller.2.7.35.0_19.05.2012_22.02.54_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >
    [2010/08/06 01:09:44 | 000,016,018 | ---- | M] () -- C:\windows\Samsung.png

    < %systemroot%\*.scr >
    [2011/08/02 01:57:07 | 026,481,522 | ---- | M] (Jan Kolarik & Ondrej Vaverka) -- C:\windows\Perfect Balance.scr
    [2011/05/13 00:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2012/03/18 14:53:57 | 000,001,638 | -HS- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\LastFlashConfig.wfc

    < %PROGRAMFILES%\*.* >
    [2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/02/07 00:48:09 | 000,000,221 | -HS- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/05/17 15:29:42 | 000,302,592 | ---- | M] () -- C:\Users\Chris\Desktop\4nvcjztb.exe
    [2012/05/18 22:47:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
    [2012/05/20 11:38:17 | 004,499,706 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe
    [2012/05/20 06:49:17 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Chris\Desktop\FixTDSS.exe
    [2012/05/20 20:17:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
    [2012/02/29 12:59:24 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Chris\Desktop\uTorrent.exe

    < %PROGRAMFILES%\Common Files\*.* >
    [2010/01/26 11:11:08 | 000,444,283 | ---- | M] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/05/20 20:31:05 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/05/20 12:06:00 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/20 20:16:22 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/20 12:00:07 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
    [2009/07/13 23:08:49 | 000,022,686 | ---- | M] () -- C:\windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 07:15:17 | 000,000,402 | -HS- | M] () -- C:\Users\Chris\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/02/07 08:49:43 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/03/18 16:48:29 | 019,284,644 | ---- | M] () -- C:\ProgramData\SamPCFax00001DC80000
    [2011/11/16 06:39:59 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2011/11/16 06:32:44 | 000,000,113 | ---- | M] () -- C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
    [2011/11/16 06:37:03 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2011/11/16 06:36:06 | 000,000,106 | ---- | M] () -- C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
    [2011/11/16 06:39:19 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:07C8C7C8
    < End of report >
     
  17. coflyfisher

    coflyfisher TS Rookie Topic Starter

    OTL Extras logfile created on: 5/20/2012 8:18:13 PM - Run 1
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Chris\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.48 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 57.64% Memory free
    6.96 Gb Paging File | 4.70 Gb Available in Paging File | 67.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 179.00 Gb Total Space | 113.88 Gb Free Space | 63.62% Space Free | Partition Type: NTFS
    Drive D: | 267.10 Gb Total Space | 245.84 Gb Free Space | 92.04% Space Free | Partition Type: NTFS

    Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = internetshortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

    [HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>]

    [HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 0
    "AntivirusOverride" = 0
    "AntiSpywareDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{10B1A363-81F2-4179-82F6-15A4E3EA6504}" = lport=139 | protocol=6 | dir=in | app=system |
    "{1BC23985-FDB2-446C-A4DE-9664D6E89BDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{21C3E092-A3DD-4FE3-A910-9E5EB9D29493}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{252E28F1-754D-465F-9F29-FCEB95B21761}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{277A649D-4158-4FF3-B852-6912A93324D9}" = lport=137 | protocol=17 | dir=in | app=system |
    "{2AD38EFE-EF1A-4E76-A907-2D9BA9FA7172}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4D2C661C-D05C-4D74-B6FC-4707B7531D66}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5505737B-7143-4C7D-B093-A2B297F2E1DE}" = rport=139 | protocol=6 | dir=out | app=system |
    "{56C3992E-5FDC-428F-A8EF-D5B2C446D662}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{60371A13-02F1-4FC5-92D9-6C4C9D22D68B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{68EB3C5F-DC9B-4AE9-9973-3C973977C33E}" = rport=445 | protocol=6 | dir=out | app=system |
    "{76C606B5-67D5-414D-BE26-81CE435EB3E1}" = rport=137 | protocol=17 | dir=out | app=system |
    "{79EDB5CA-2068-4133-A711-1EC62A821C08}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A503B4FB-2DF0-479F-BB92-03E99B3E6607}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{AB9D2AA6-2F13-4611-891B-9CD3BAF09E5C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{B3094467-753C-43DE-8126-271D08FC29FD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B6C98602-3F35-49A8-803B-CA04D3ECE797}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BDDEFDB4-72D5-40BF-90B1-474AFD32037F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BF62015F-5EC6-47B1-853B-AC3D4690AE64}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C6BCCA8A-83AD-40EA-BC5F-13F78DE109E3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{CB2C6DF9-051B-4852-8B34-6F82BCB5F97D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D106E236-B234-4B52-B413-D59530624486}" = rport=138 | protocol=17 | dir=out | app=system |
    "{D1A58D47-A489-469D-B49E-03B87EB24BB4}" = lport=445 | protocol=6 | dir=in | app=system |
    "{E14B7321-A550-41B4-9C62-61F29A061A56}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{F69275BE-E572-4358-9D66-AB9FA91624E4}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{023F4625-A0F8-49D5-A9C1-869408114032}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{067B6254-037C-4F75-8481-98D669E81FB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{10D24A93-A770-432A-94FC-88E4D4BD78D2}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe |
    "{17208B75-D5DF-4D75-A418-67E1E2AA4104}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{1D96E464-1667-40CE-A13E-C800ECC8FDDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{26D8A838-868E-4A1D-871E-C4B15A97F4CF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{2E6AF1C0-65A1-44AC-82F9-3155814665B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{3A8310B8-308B-48A9-995C-0527978058DC}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
    "{3B0813CC-B02D-4A31-9ED4-FEF12D0F7946}" = protocol=17 | dir=in | app=c:\program files (x86)\jump desktop\jumpdesktop.exe |
    "{413CBF2B-CB1E-4A97-8D99-7A16C3C5674D}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
    "{47F11FB4-4F14-4777-AFF5-ABC47E32DB58}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4B160037-15BE-4C8E-AC5D-B81A268864EE}" = protocol=6 | dir=out | app=system |
    "{4B7DF134-B185-4237-9A5D-9F6E157FC050}" = protocol=17 | dir=in | app=c:\program files (x86)\jump desktop\jumpwinclient.exe |
    "{4D068FF9-6A85-4656-80DF-EC2AF6940A0B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
    "{4FDE9E75-719D-463E-AE03-631302C2CC67}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe |
    "{5DA91ACD-C1F8-4651-B98A-11A48847486E}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
    "{6085C75B-4901-4B57-B858-F07A935196F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{6BB5A193-C98B-4661-BC52-24ECAB8BDA27}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{7B92912D-8C0A-4E7B-82CA-AC9C1EB8BFE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{7F54078A-B2DD-47AA-B926-38719755F704}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8203D927-618A-4834-8959-A4E0D4541656}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{85F42FC4-15A4-4111-9E7D-A64C30152FF1}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe |
    "{99244491-1558-45CD-91F1-3D9DB171C04D}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
    "{ABEC2464-256D-4D21-B2BD-E7DEC783CA01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{B195C9D0-2D5D-4796-9C23-42464D0C3266}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{B929EEB1-5A08-4976-AF1C-88F317720051}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{BAF6B243-48EB-4C6F-8E1B-31961EB9D9E9}" = protocol=17 | dir=in | app=c:\program files (x86)\jump desktop\jumpservice.exe |
    "{C6A06422-22F2-4687-B928-34E13060E003}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
    "{C6CC1B38-659E-4A7B-96EA-648BB0EF798B}" = protocol=6 | dir=in | app=c:\program files (x86)\jump desktop\jumpwinclient.exe |
    "{CCAED254-A301-4C3A-B1CD-0F052D5305FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{CD4D2E6A-66F1-4132-BF92-87D722A2AF74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{CF6E0BDB-ACA0-41F5-9525-7B5AF7CF2BA4}" = protocol=6 | dir=in | app=c:\program files (x86)\jump desktop\jumpservice.exe |
    "{CFE6FEA0-C1CA-471B-8FCC-343CB2650152}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D6BA2D29-411F-4818-BE4B-A5784F6FCAA5}" = protocol=6 | dir=in | app=c:\program files (x86)\jump desktop\jumpdesktop.exe |
    "{D898AA2E-8B4C-484E-8206-48D1FC98B3C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D8BE9072-590B-42F0-AA55-A1986EDF8BAB}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
    "{E53E1967-C958-4484-B6E5-D7643205AF33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E6A0E893-4C67-4850-A06C-862774B9CE76}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{E86308A1-F8D3-4294-A6C0-B306271C9016}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{EDD8CD7A-BCD0-45E9-9FCF-1BCA0A2CB44F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EDE5A4C5-84FD-4533-A9D8-949785A469A9}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
    "{EFFA825C-8A2E-4262-8C0B-DF574B495B2F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{FF005341-AA44-46B4-93C6-8BAB0A99ABC3}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe |
    "TCP Query User{A0DE0524-8EF8-4909-9B29-C5E137FD76DB}C:\program files (x86)\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xchat\xchat.exe |
    "TCP Query User{AB8DEC79-47B1-49BF-BFA6-FD93F2438015}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{BCAE6E07-DD57-4912-B833-4AA84C332BE9}C:\program files (x86)\livestream\broadcaster\livestreambroadcaster.exe" = protocol=6 | dir=in | app=c:\program files (x86)\livestream\broadcaster\livestreambroadcaster.exe |
    "TCP Query User{FAAE0123-034B-48D9-A570-E51BDD492A00}C:\windows\twain_32\samsung\clx3170\sscan2io.exe" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
    "UDP Query User{08F6ABCC-C473-4E0C-806F-FC6A52F3BEA0}C:\program files (x86)\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xchat\xchat.exe |
    "UDP Query User{62B50472-C04F-4DBE-9A3F-E3E8A4F72730}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{9D4E81D2-8DD3-4120-9028-69919C1B42B3}C:\windows\twain_32\samsung\clx3170\sscan2io.exe" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe |
    "UDP Query User{D52C8AF6-625A-42C1-894E-24EE37C8BA9F}C:\program files (x86)\livestream\broadcaster\livestreambroadcaster.exe" = protocol=17 | dir=in | app=c:\program files (x86)\livestream\broadcaster\livestreambroadcaster.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
    "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1B4ED54A-A741-5D36-40C6-0DA839CA033F}" = AMD Catalyst Install Manager
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
    "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
    "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
    "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
    "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
    "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
    "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
    "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
    "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
    "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
    "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
    "{45E3D837-4855-7F41-A22E-D1D0AEA71EF8}" = AMD Steady Video Plug-In
    "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
    "{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
    "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
    "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
    "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
    "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
    "{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
    "{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
    "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
    "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
    "{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
    "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
    "{804F1A38-3B3F-7C26-4706-43765849773E}" = ccc-utility64
    "{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
    "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{9035EEAC-E957-467C-89F7-90C48AA26331}" = Nuance PDF Create! 6
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
    "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
    "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
    "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
    "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
    "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
    "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
    "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
    "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
    "{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Elantech" = ETDWare PS/2-X64 10.0.7.3_WHQL
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
    "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
    "{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
    "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
    "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
    "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
    "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
    "{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
    "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
    "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
    "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
    "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
    "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
    "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
    "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
    "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
    "{122800FE-3AAF-4974-9FBD-54B023FA756A}" = „Windows Live Messenger“
    "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
    "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
    "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
    "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
    "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
    "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
     
  18. coflyfisher

    coflyfisher TS Rookie Topic Starter

    "{17A9BA11-389A-C33D-508E-E0D05186FD2A}" = CCC Help Turkish
    "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
    "{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
    "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
    "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
    "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
    "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
    "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
    "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
    "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
    "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
    "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
    "{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
    "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (IAC)
    "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
    "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
    "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
    "{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
    "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
    "{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
    "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
    "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
    "{332C7CD9-34DF-0157-3CBB-B0CA0A3E9F9E}" = CCC Help Spanish
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{343A6D63-E943-FFBE-C750-ED20422EC0EC}" = CCC Help Russian
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
    "{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
    "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
    "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
    "{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3F357AC3-D10E-5F8E-5F0D-21813283A75B}" = CCC Help Greek
    "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
    "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
    "{4215D8AD-4EE5-0BFB-0D8A-A9B8134A2BA5}" = CCC Help English
    "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
    "{4292173D-CDB8-7562-92FC-6ED59181D210}" = CCC Help German
    "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
    "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
    "{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
    "{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
    "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
    "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
    "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
    "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
    "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{494367EC-82A9-4C0D-A788-74A967998E8C}" = FXCM Trading Station
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
    "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
    "{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
    "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
    "{4CBCDE18-2A92-5076-9C63-C3E70AA8D64F}" = CCC Help Italian
    "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
    "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
    "{4EA30BB1-DDB2-2B98-891E-CED9A8132A81}" = CCC Help Thai
    "{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
    "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
    "{50EE4129-2B14-D002-92A8-6A0503493B86}" = CCC Help Portuguese
    "{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
    "{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
    "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
    "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
    "{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
    "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
    "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
    "{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
    "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
    "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
    "{5E664F04-69B7-242E-E68B-BB1CCAB3836E}" = CCC Help Danish
    "{5E8C456C-2FDD-AE39-B9A3-53149E25449B}" = CCC Help Norwegian
    "{5F702CEA-61F2-103B-68BF-8B7D38BC55F9}" = Catalyst Control Center Localization All
    "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
    "{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
    "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
    "{641410DD-5F16-4DEA-83C9-36D2D290FC18}" = Jump Desktop
    "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
    "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
    "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
    "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
    "{66A98CB1-3256-1191-C302-D2F3FA9DD065}" = CCC Help Polish
    "{66B0D063-011A-F89D-5628-F99D71FBD284}" = CCC Help Chinese Traditional
    "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
    "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
    "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
    "{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
    "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
    "{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
    "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
    "{6B77DDC6-93A8-4730-887E-C8F46728358F}" = Catalyst Control Center - Branding
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
    "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
    "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
    "{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
    "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
    "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
    "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
    "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
    "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
    "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
    "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
    "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
    "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
    "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
    "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
    "{76CD3D3A-3419-B56C-C9ED-49EC12F2520C}" = CCC Help Chinese Standard
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
    "{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
    "{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
    "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
    "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
    "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
    "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
    "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
    "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
    "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
    "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
    "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
    "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
    "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
    "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
    "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
    "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
    "{83A9A723-239D-B643-C1E3-6F0D17A8F84C}" = Catalyst Control Center InstallProxy
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83D2FFB0-E378-49FE-8A53-580CA7B5761F}" = Windows Live Messenger
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
    "{846267F2-A5EF-2CE6-9FC3-3D24FDE64A2E}" = CCC Help Dutch
    "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
    "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
    "{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
    "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
    "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
    "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
    "{95BB7324-77D3-4BF3-8CF6-29F0857AC175}" = Easy File Share
    "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
    "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
    "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
    "{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
    "{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
    "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
    "{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.8.985
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
    "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
    "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
    "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
    "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
    "{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
    "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
    "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
    "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
    "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
    "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
    "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
    "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
    "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
    "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
    "{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
    "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
    "{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
    "{B8BCB744-89CC-BD99-9740-E317835031C3}" = CCC Help Swedish
    "{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
    "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
    "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
    "{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
    "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
    "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
    "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
    "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
    "{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
    "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
    "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
    "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
    "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
    "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
    "{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
    "{C886C799-FBD0-0A18-E992-DE26B964D727}" = CCC Help French
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
    "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
    "{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
    "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
    "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
    "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
    "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
    "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
    "{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
    "{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
    "{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
    "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
    "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
    "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D47C66BE-0EB5-4587-93FE-D1E176C4B25C}" = Windows Live Messenger
    "{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
    "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
    "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{D8281314-4EEA-B91B-18C7-8A5C37A3E634}" = CCC Help Czech
    "{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
    "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
    "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
    "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
    "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
    "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
    "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
    "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
    "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
    "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0BE1488-4FEA-43AC-EA7E-B22AB7016A7C}" = AMD VISION Engine Control Center
    "{E2DD7CF7-478A-2139-F601-0621DC9F0FD2}" = CCC Help Korean
    "{E43D469E-C3BA-4900-96D4-12A5B29D740A}" = Quote EZ
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
    "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
    "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
    "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
    "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
    "{EA50969B-A027-5CC6-852A-31877EC40D92}" = CCC Help Hungarian
    "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
    "{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
    "{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
    "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
    "{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
    "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
    "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
    "{F5FB1356-7F0A-0554-B287-336C3AF604B6}" = CCC Help Finnish
    "{F5FE4120-A51D-997D-D313-D982B5336109}" = CCC Help Japanese
    "{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
    "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0
    "{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
    "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
    "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
    "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA20D803-14E5-4B00-8F03-B519D46F9D4A}" = Windows Live Messenger
    "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
    "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
    "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
    "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
    "{FCAFEEB3-3520-4539-89AF-4B743D2DFAEC}" = HTC Sync
    "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
    "{FD2731A2-5492-4118-B5D0-AC9EAFBA84FA}" = NetX360
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
    "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
    "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
    "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
    "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
    "{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Amazon Kindle" = Amazon Kindle
    "FXCM Trading Station" = FXCM Trading Station
    "Game Console - WildGames" = WildTangent ORB Game Console
    "HiDownload Platinum_is1" = HiDownloadPlatinum
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
    "InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MetaTrader FOREX Ltd" = MetaTrader FOREX Ltd.
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "OANDA - MetaTrader" = OANDA - MetaTrader
    "PdaNet_is1" = PdaNet for Android 3.25
    "Samsung CLX-3170 Series" = Samsung CLX-3170 Series
    "SmarThru PC Fax" = SmarThru PC Fax
    "TightVNC" = TightVNC 2.0.2
    "uTorrent" = µTorrent
    "WildTangent wildgames Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live 程式集
    "WinPcapInst" = WinPcap 4.1.1
    "WinRAR archiver" = WinRAR 4.10 (32-bit)
    "WRUNINST" = Webroot SecureAnywhere
    "WT085559" = Diner Dash 2 Restaurant Rescue
    "WT085567" = Chuzzle Deluxe
    "WT085580" = John Deere Drive Green
    "WT085581" = Penguins!
    "WT085583" = Polar Golfer
    "WT085587" = Agatha Christie - Death on the Nile
    "WT085597" = Build-a-lot
    "WT085618" = Farm Frenzy
    "WT085622" = Insaniquarium Deluxe
    "WT085663" = Peggle
    "WT085669" = Plants vs. Zombies
    "WT089285" = Zuma Deluxe
    "WT089286" = Bejeweled 2 Deluxe

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 5.1.0.880

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      @Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:07C8C7C8
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =========================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. coflyfisher

    coflyfisher TS Rookie Topic Starter

    here are the first few scans

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
    ADS C:\ProgramData\Temp:07C8C7C8 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Chris
    ->Temp folder emptied: 91159 bytes
    ->Temporary Internet Files folder emptied: 50983042 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 867 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 844 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 49.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Chris
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Chris
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.43.1 log created on 05202012_212729
    Files\Folders moved on Reboot...
    C:\Users\Chris\AppData\Local\Temp\ExchangePerflog_8484fa3197777ee6cfcccd43.dat moved successfully.
    C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Chris\AppData\Local\Temp\~DF749345F5BAAC53A6.TMP not found!
    File\Folder C:\Users\Chris\AppData\Local\Temp\~DFCC28C50E6F708FDE.TMP not found!
    File\Folder C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS0000.tmp not found!
    C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0NDY4VL\billboard[1].htm moved successfully.
    C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZMWGRB3\partner[1].htm moved successfully.
    C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZMWGRB3\partner[2].htm moved successfully.
    C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FI3Y7P82\bizo_multi[1].htm moved successfully.
    C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FI3Y7P82\dpsync[1].htm moved successfully.
    C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FI3Y7P82\dpsync[2].htm moved successfully.
    C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FI3Y7P82\dpsync[3].htm moved successfully.
    C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FI3Y7P82\PugTracker[1].htm moved successfully.
    C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FI3Y7P82\up[1].htm moved successfully.
    C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2CAEXBJ\malware-removal-help-needed[1].htm moved successfully.
    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    JavaFX 2.1.0
    Java(TM) 6 Update 30
    Java(TM) 7 Update 4
    Out of date Java installed!
    Adobe Reader X (10.1.3)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Spybot Teatimer.exe is disabled!
    windows defender MpCmdRun.exe
    ``````````End of Log````````````


    Farbar Service Scanner Version: 17-05-2012
    Ran by Chris (administrator) on 20-05-2012 at 21:36:45
    Running from "C:\Users\Chris\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe
    [2011-11-16 05:42] - [2011-03-01 02:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  21. coflyfisher

    coflyfisher TS Rookie Topic Starter

    no threats were found with the ESET scan
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Uninstall:
    JavaFX 2.1.0
    Java(TM) 6 Update 30

    ================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    The issue seems to be resolved.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...