Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan DWHF707.tmp [Closed]

Started by Adam 'Bob' Wright , Jan 21 2012 07:09 PM

  • This topic is locked This topic is locked

#1
Adam 'Bob' Wright
Posted 21 January 2012 - 07:09 PM

Adam 'Bob' Wright

    New Member

  • Member
  • Pip
  • 2 posts
For a while I kept getting messages from Symantec Antivirus that it had detected a Trojan Horse with the file name DWHF707.tmp. However each time it would say "log only" apparently meaning that it had detected a problem, but could do nothing about it (I hear this is because the file often disappears or some such thing). I haven't been getting these messages recently, but my computer has not been behaving as well as I would like. Things seem slower than I remember.

Also, while I am playing a particular game my computer seems to forget that the internet exists. I'll be playing and suddenly my lan line will register as having "no internet access". I will then connect wirelessly, but the same thing will eventually happen to that connection. The router I had been using will simply disappear from the list of available wireless connections. The connections are available again once I reset my system. It could just be that the game (Mabinogi) is a buggy free to play MMO that my system can't handle properly, but I'm hoping it can be fixed. Or at least someone here can tell me why it's happening.



I don't know how I got DWHF707.tmp on my system, or if it is my only problem, but it's the one that kept raising red flags.

I have not yet tried other removal methods besides "Symantec Endpoint Protection" scans.


OTL log follows.





OTL logfile created on: 1/21/2012 5:49:30 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adam Wright\Desktop\downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 56.75% Memory free
7.92 Gb Paging File | 6.00 Gb Available in Paging File | 75.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 124.89 Gb Free Space | 44.07% Space Free | Partition Type: NTFS

Computer Name: IPICAC | User Name: Adam Wright | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/12/29 14:53:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/12 21:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Adam Wright\AppData\Local\Akamai\netsession_win.exe
PRC - [2010/12/14 08:16:30 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/12/14 08:16:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/12/14 08:16:28 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/12/14 08:16:26 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/21 08:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2009/12/08 13:23:18 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
PRC - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/24 15:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/29 14:53:20 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/14 08:41:30 | 008,527,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/07/21 08:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2010/07/21 08:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/07/21 08:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/07/21 08:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/07/21 08:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/07/21 08:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/07/21 08:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/07/21 08:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/02 17:30:20 | 000,515,104 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2011/01/26 00:29:44 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/16 18:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 21:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/01/06 17:17:28 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/14 13:42:52 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/03/01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/12/14 08:16:30 | 000,428,912 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/12/14 08:16:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/12/14 08:16:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/12/14 08:16:28 | 003,249,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/12/14 08:16:28 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/09/07 15:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 06:47:52 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/12/08 13:23:18 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/02 17:15:26 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2011/06/29 16:30:32 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/08 22:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/14 08:16:32 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/12/14 08:16:32 | 000,449,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/12/14 08:16:32 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/15 17:37:06 | 000,056,320 | ---- | M] (Texas Instruments Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\umpusbvista.sys -- (umpusbvista)
DRV:64bit: - [2010/04/20 22:22:40 | 000,060,728 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hprpusbh.sys -- (hprpusbh) hprpusbh (display)
DRV:64bit: - [2009/11/06 22:05:32 | 007,370,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/27 11:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\motport.sys -- (motport)
DRV:64bit: - [2009/10/27 11:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/16 18:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 18:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 21:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/19 16:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/08 01:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/02/05 04:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/11/09 03:07:20 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 03:07:20 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/03 19:25:29 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120120.035\EX64.SYS -- (NAVEX15)
DRV - [2011/08/03 19:25:29 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120120.035\ENG64.SYS -- (NAVENG)
DRV - [2011/03/18 09:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2010/12/14 08:16:32 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/12/14 08:16:32 | 000,449,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/12/14 08:16:32 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/23 10:26:08 | 000,481,448 | ---- | M] (Blackhawk) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\bhpci.sys -- (bhpci)
DRV - [2009/03/23 10:26:08 | 000,318,248 | ---- | M] (Blackhawk) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\bh560usb.sys -- (bh560usb)
DRV - [2009/03/23 10:26:06 | 000,310,568 | ---- | M] (Blackhawk) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\bh510usb.sys -- (bh510usb)
DRV - [2009/01/15 13:10:36 | 000,097,704 | ---- | M] (Blackhawk) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysWOW64\drivers\bh560eth.sys -- (bh560eth)
DRV - [1999/05/24 18:25:18 | 000,004,576 | ---- | M] (Spectrum Digital Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysWOW64\drivers\sdiont.sys -- (sdiont)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Adam Wright\AppData\Roaming\Move Networks\plugins\071801000006\npqmp071801000006.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/29 14:53:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/15 12:40:03 | 000,000,000 | ---D | M]

[2010/03/17 14:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam Wright\AppData\Roaming\Mozilla\Extensions
[2011/03/21 19:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam Wright\AppData\Roaming\Mozilla\Firefox\Profiles\twhexitb.default\extensions
[2011/12/29 14:53:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/29 14:53:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 15:08:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/12 11:51:14 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Adam Wright\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.169.190.211 208.72.160.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{629952E6-2A95-402D-AD42-239A50F148D8}: DhcpNameServer = 69.169.190.211 208.72.160.67
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/26 00:03:09 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{4d302bbf-2d23-11df-b089-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4d302bbf-2d23-11df-b089-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.Now.exe
O33 - MountPoints2\{c3269468-f76d-11e0-ab28-a4badbad18b3}\Shell - "" = AutoRun
O33 - MountPoints2\{c3269468-f76d-11e0-ab28-a4badbad18b3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 17:48:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Adam Wright\Desktop\OTL.exe
[2012/01/21 15:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2012/01/21 15:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/01/21 15:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/01/21 13:41:59 | 000,000,000 | --SD | C] -- C:\Users\Adam Wright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mabinogi
[2012/01/15 12:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/01/15 12:38:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/14 18:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/01/14 18:21:28 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/01/12 21:09:33 | 000,000,000 | --SD | C] -- C:\Users\Adam Wright\Documents\Mabinogi
[2012/01/12 17:04:15 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\PMB Files
[2012/01/12 17:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/01/12 17:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/01/08 08:35:34 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{3A855EEE-25F0-4A80-9F78-1F56AF8D0FE7}
[2012/01/07 20:34:59 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{26D83763-F94A-4EF9-A10F-C70C5B2283F3}
[2012/01/07 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{D84E9E2B-449B-4BC4-B2BD-CDBC8802CD5F}
[2012/01/07 09:59:59 | 000,054,728 | ---- | C] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2012/01/07 09:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2012/01/07 09:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012/01/07 09:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2012/01/07 09:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012/01/07 09:43:01 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Roaming\PerformerSoft
[2012/01/07 09:42:58 | 000,016,752 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2012/01/07 08:34:16 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{05F92C6B-2621-477F-9588-3C547FC312F8}
[2012/01/06 17:18:39 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{2D99D9F3-17F6-4A90-A67D-164FC27E2A90}
[2012/01/06 17:18:22 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{ACE21B3E-45FA-4F31-B53C-173CD492CD70}
[2012/01/05 20:32:46 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{4EFBFC9B-C544-4BD9-AD49-AE5CAC445A60}
[2012/01/05 08:32:46 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{80F9CD12-53BC-4DD7-9CC7-9409F6CE84DB}
[2012/01/04 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{4F07A218-6330-4DB3-8798-DEFDF22946FA}
[2012/01/04 16:35:42 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{F80D1905-798E-4808-8F1C-4B518758D59F}
[2012/01/01 01:00:40 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{68C7A14E-AA9A-49AC-933F-DB4D20340015}
[2011/12/30 20:36:39 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{974365FE-D930-49B2-8928-14D67BFE8770}
[2011/12/30 07:32:30 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{7D98ADF9-A2B9-4232-BA9B-34FA548747ED}
[2011/12/29 10:15:02 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{6FDFE86C-2C7C-4AF8-8320-B2C79D8BBCB8}
[2011/12/28 08:52:34 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{9EFDCFBE-01C3-41F3-837B-D3FAA87B7EAB}
[2011/12/27 20:52:00 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{E26DC646-D9D8-40E6-AA59-3E1E0D5437E3}
[2011/12/27 08:51:26 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{6BB81EEC-ADC1-4C01-B065-1E4909EC5666}
[2011/12/26 20:25:29 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{293EC3AA-7A07-40B5-AFC6-C1481A6F3128}
[2011/12/26 06:38:46 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{4C7F4931-BB04-438B-8B93-480EB8143981}
[2011/12/25 13:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2011/12/25 13:47:49 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\Desktop\Alpha
[2011/12/25 13:11:22 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{BF432B6F-3D7C-48EA-A8BE-2C4CB860B231}
[2011/12/24 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{E4BA5245-BE4C-4725-B712-DEC79515ED5B}
[2011/12/24 08:00:59 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{27E13D6B-FD2B-42A8-8521-E998661F4F78}
[2011/12/23 13:50:54 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{DE2767C8-E009-4680-8516-CCA27CC6991A}
[2011/12/22 21:25:49 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{D7E213B0-F604-4F97-8362-59FFA385510E}
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Adam Wright\Desktop\*.tmp files -> C:\Users\Adam Wright\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/21 17:48:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adam Wright\Desktop\OTL.exe
[2012/01/21 17:42:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/21 17:42:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/21 17:31:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/21 17:31:06 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/21 17:25:43 | 000,001,182 | ---- | M] () -- C:\Users\Adam Wright\Desktop\ Mabinogi .lnk
[2012/01/21 15:58:22 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012/01/21 15:58:22 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2012/01/19 01:13:10 | 000,003,382 | ---- | M] () -- C:\Users\Adam Wright\AppData\Local\gcs.pref
[2012/01/15 12:40:03 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/12 21:09:30 | 2477,595,860 | ---- | M] () -- C:\Users\Adam Wright\Desktop\MabinogiSetup.exe
[2012/01/12 03:32:38 | 000,796,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/12 03:32:38 | 000,673,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/12 03:32:38 | 000,125,830 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/07 10:03:40 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/01/07 09:51:56 | 000,001,009 | ---- | M] () -- C:\Users\Adam Wright\Desktop\SpeedFan.lnk
[2012/01/07 09:51:55 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/01/07 09:43:06 | 000,001,016 | ---- | M] () -- C:\ProgramData\repository.xml
[2012/01/04 11:31:48 | 000,186,055 | ---- | M] () -- C:\Users\Adam Wright\Desktop\schedule.png
[2012/01/03 19:11:48 | 000,016,752 | ---- | M] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2012/01/02 17:15:26 | 000,054,728 | ---- | M] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2012/01/01 12:15:51 | 000,000,000 | ---- | M] () -- C:\Users\Adam Wright\Desktop\terran.exe
[2012/01/01 01:04:50 | 000,790,878 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/29 14:53:33 | 000,002,054 | ---- | M] () -- C:\Users\Adam Wright\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/25 16:18:06 | 001,967,071 | ---- | M] () -- C:\Users\Adam Wright\Desktop\Alpha_Centauri_-_Manual_-_PC.pdf
[2011/12/25 14:02:12 | 000,000,298 | ---- | M] () -- C:\Windows\EReg072.dat
[2011/12/24 21:19:05 | 000,001,918 | ---- | M] () -- C:\Users\Adam Wright\Desktop\DOSBox.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Adam Wright\Desktop\*.tmp files -> C:\Users\Adam Wright\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/21 15:58:22 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012/01/21 15:58:22 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2012/01/21 13:41:59 | 000,001,182 | ---- | C] () -- C:\Users\Adam Wright\Desktop\ Mabinogi .lnk
[2012/01/15 12:40:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/15 12:40:03 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/12 17:04:44 | 2477,595,860 | ---- | C] () -- C:\Users\Adam Wright\Desktop\MabinogiSetup.exe
[2012/01/07 10:03:40 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/01/07 09:51:56 | 000,001,009 | ---- | C] () -- C:\Users\Adam Wright\Desktop\SpeedFan.lnk
[2012/01/07 09:48:41 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/01/07 09:43:06 | 000,001,016 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/01/04 11:31:48 | 000,186,055 | ---- | C] () -- C:\Users\Adam Wright\Desktop\schedule.png
[2011/12/25 16:18:01 | 001,967,071 | ---- | C] () -- C:\Users\Adam Wright\Desktop\Alpha_Centauri_-_Manual_-_PC.pdf
[2011/12/25 14:02:12 | 000,000,298 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/12/25 13:36:27 | 000,000,000 | ---- | C] () -- C:\Users\Adam Wright\Desktop\terran.exe
[2011/12/24 21:19:05 | 000,001,918 | ---- | C] () -- C:\Users\Adam Wright\Desktop\DOSBox.lnk
[2011/07/19 21:07:36 | 000,790,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/15 18:01:37 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/03/18 20:06:41 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/02/21 23:14:59 | 000,082,864 | ---- | C] () -- C:\Windows\Unwise.exe
[2011/02/21 23:14:57 | 000,091,644 | ---- | C] () -- C:\Windows\hashicon.dll
[2011/02/14 14:25:53 | 000,003,382 | ---- | C] () -- C:\Users\Adam Wright\AppData\Local\gcs.pref
[2010/10/22 13:13:05 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/09/17 21:57:49 | 000,019,529 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010/09/05 17:00:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/20 16:32:13 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/03/11 07:07:05 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/02/01 08:33:48 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/02/01 08:33:47 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/02/01 08:33:47 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/22 04:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/10/07 20:17:36 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\.minecraft
[2010/07/23 21:13:44 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\AdventureTools
[2011/01/26 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\Autodesk
[2011/03/04 08:35:30 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\Bioshock
[2010/12/18 16:46:54 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\BitZipper
[2010/12/22 21:30:19 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\Braid
[2011/07/29 19:15:48 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\CBL-CustomParts
[2011/09/24 17:57:40 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\CBLoader
[2011/02/22 19:34:21 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\gtk-2.0
[2011/02/21 23:25:57 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\Hash Inc
[2011/06/08 16:10:32 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\LucasArts
[2010/03/22 20:05:07 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\motorola
[2011/05/24 15:04:13 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\PCDr
[2012/01/07 09:50:44 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\PerformerSoft
[2010/06/27 21:15:03 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\Spore
[2011/01/19 17:09:27 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\Subversion
[2011/06/30 19:30:12 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\SystemRequirementsLab
[2010/04/07 21:06:50 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\WildTangent
[2011/09/14 13:27:20 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:48081133

< End of report >
  • 0

Advertisements

#2
Gammo
Posted 26 January 2012 - 10:44 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
Adam 'Bob' Wright
Posted 30 January 2012 - 09:03 PM

Adam 'Bob' Wright

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I have been able to solve one of the more pressing issues. It turns out that the computer was abruptly shutting down because it was overheating. I opened it up, cleaned out the dust, and have ordered a new fan because the old one had started making funny noises. That doesn't seem to have gotten rid of all of the issues though.


For a while I kept getting messages from Symantec Antivirus that it had detected a Trojan Horse with the file name DWHF707.tmp. However each time it would say "log only" apparently meaning that it had detected a problem, but could do nothing about it (I hear this is because the file often disappears or some such thing). I haven't been getting these messages recently, but my computer has not been behaving as well as I would like. Things seem slower than I remember.


Firefox seems to go through a period of "not responding" the first time I start it up after every computer boot. Also just before I took this most recent OTL scan it had been going in and out of "not responding" and causing a great deal of hang time trying to do anything on the computer.

I also keep getting a message from windows warning me that my antivirus program (Symantc) has been turned off. Sometimes I can just turn it back on, sometimes it will resist turning back on but then comes back on by itself, sometimes it wont come back on at all.

I don't know how I got DWHF707.tmp on my system, or if it is my only problem, but it's the one that kept raising red flags. Maybe a recent Symantec update got rid of it and that's why I haven't been hearing about it recently.

I have not yet tried other removal methods besides "Symantec Endpoint Protection" scans.

Here is my most recent scan.



OTL logfile created on: 1/30/2012 7:53:48 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adam Wright\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 41.05% Memory free
3.92 Gb Paging File | 2.34 Gb Available in Paging File | 59.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 130.35 Gb Free Space | 45.99% Space Free | Partition Type: NTFS

Computer Name: IPICAC | User Name: Adam Wright | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/21 17:48:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adam Wright\Desktop\OTL.exe
PRC - [2011/12/29 14:53:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/23 05:57:30 | 003,334,432 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Adam Wright\AppData\Local\Akamai\netsession_win.exe
PRC - [2010/12/14 08:16:30 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/12/14 08:16:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/12/14 08:16:28 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/12/14 08:16:26 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/21 08:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2009/12/08 13:23:18 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
PRC - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/29 14:53:20 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/14 08:41:30 | 008,527,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/07/21 08:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2010/07/21 08:34:20 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/07/21 08:34:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/07/21 08:33:58 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/07/21 08:33:52 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/07/21 08:33:50 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/07/21 08:33:46 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/07/21 08:33:22 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto) [Auto | Stopped] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2011/01/26 00:29:44 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/16 18:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/28 21:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/01/06 17:17:28 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/12/14 13:42:52 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/03/01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/12/14 08:16:30 | 000,428,912 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/12/14 08:16:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/12/14 08:16:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/12/14 08:16:28 | 003,249,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/12/14 08:16:28 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/09/07 15:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 06:47:52 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/12/08 13:23:18 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/25 18:56:46 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2011/06/29 16:30:32 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/08 22:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/14 08:16:32 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/12/14 08:16:32 | 000,449,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/12/14 08:16:32 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/15 17:37:06 | 000,056,320 | ---- | M] (Texas Instruments Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\umpusbvista.sys -- (umpusbvista)
DRV:64bit: - [2010/04/20 22:22:40 | 000,060,728 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hprpusbh.sys -- (hprpusbh) hprpusbh (display)
DRV:64bit: - [2009/11/06 22:05:32 | 007,370,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/27 11:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\motport.sys -- (motport)
DRV:64bit: - [2009/10/27 11:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/16 18:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 18:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 21:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/19 16:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/08 01:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/02/05 04:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/11/09 03:07:20 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/09 03:07:20 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/03 19:25:29 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120130.021\EX64.SYS -- (NAVEX15)
DRV - [2011/08/03 19:25:29 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120130.021\ENG64.SYS -- (NAVENG)
DRV - [2011/03/18 09:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2010/12/14 08:16:32 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/12/14 08:16:32 | 000,449,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/12/14 08:16:32 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/23 10:26:08 | 000,481,448 | ---- | M] (Blackhawk) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\bhpci.sys -- (bhpci)
DRV - [2009/03/23 10:26:08 | 000,318,248 | ---- | M] (Blackhawk) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\bh560usb.sys -- (bh560usb)
DRV - [2009/03/23 10:26:06 | 000,310,568 | ---- | M] (Blackhawk) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\bh510usb.sys -- (bh510usb)
DRV - [2009/01/15 13:10:36 | 000,097,704 | ---- | M] (Blackhawk) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysWOW64\drivers\bh560eth.sys -- (bh560eth)
DRV - [2007/02/16 02:05:48 | 000,014,464 | ---- | M] (Christian Diefer) [Kernel | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\fanio.sys -- (fanio)
DRV - [1999/05/24 18:25:18 | 000,004,576 | ---- | M] (Spectrum Digital Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysWOW64\drivers\sdiont.sys -- (sdiont)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3626793767-91860240-2494331603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3626793767-91860240-2494331603-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3626793767-91860240-2494331603-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3626793767-91860240-2494331603-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Adam Wright\AppData\Roaming\Move Networks\plugins\071801000006\npqmp071801000006.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/29 14:53:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/15 12:40:03 | 000,000,000 | ---D | M]

[2010/03/17 14:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam Wright\AppData\Roaming\Mozilla\Extensions
[2011/03/21 19:42:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam Wright\AppData\Roaming\Mozilla\Firefox\Profiles\twhexitb.default\extensions
[2011/12/29 14:53:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/29 14:53:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 15:08:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/12 11:51:14 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3626793767-91860240-2494331603-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3626793767-91860240-2494331603-1000..\Run: [Akamai NetSession Interface] C:\Users\Adam Wright\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.169.190.211 208.72.160.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D08C780-2A58-4B64-9FEB-70DED7A4BE6A}: DhcpNameServer = 10.8.0.2 10.8.0.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{629952E6-2A95-402D-AD42-239A50F148D8}: DhcpNameServer = 69.169.190.211 208.72.160.67
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/26 00:03:09 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{4d302bbf-2d23-11df-b089-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4d302bbf-2d23-11df-b089-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.Now.exe
O33 - MountPoints2\{c3269468-f76d-11e0-ab28-a4badbad18b3}\Shell - "" = AutoRun
O33 - MountPoints2\{c3269468-f76d-11e0-ab28-a4badbad18b3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 16:40:38 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{0A6B5693-0457-4074-9893-9604E48CDF85}
[2012/01/30 16:40:27 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{036C7BAB-C54B-454C-A86D-06CA793DEECF}
[2012/01/29 10:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2012/01/29 10:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012/01/27 22:18:12 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Roaming\MinMaxGames
[2012/01/24 12:39:29 | 000,054,728 | ---- | C] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2012/01/23 00:59:58 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\Desktop\realtemp
[2012/01/23 00:54:12 | 000,014,464 | ---- | C] (Christian Diefer) -- C:\Windows\SysWow64\drivers\fanio.sys
[2012/01/23 00:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\I8kfanGUI
[2012/01/23 00:20:23 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{6E544986-308A-41C0-8EBB-94A0A9B7910A}
[2012/01/23 00:20:11 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Roaming\Windows Live Writer
[2012/01/23 00:20:11 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\Windows Live Writer
[2012/01/23 00:18:49 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\Desktop\aida
[2012/01/21 17:48:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Adam Wright\Desktop\OTL.exe
[2012/01/21 15:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2012/01/21 15:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/01/21 15:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/01/15 12:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/01/14 18:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/01/14 18:21:28 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/01/12 21:09:33 | 000,000,000 | --SD | C] -- C:\Users\Adam Wright\Documents\Mabinogi
[2012/01/12 17:04:15 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\PMB Files
[2012/01/12 17:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/01/12 17:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/01/08 08:35:34 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{3A855EEE-25F0-4A80-9F78-1F56AF8D0FE7}
[2012/01/07 20:34:59 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{26D83763-F94A-4EF9-A10F-C70C5B2283F3}
[2012/01/07 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{D84E9E2B-449B-4BC4-B2BD-CDBC8802CD5F}
[2012/01/07 09:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2012/01/07 09:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012/01/07 09:43:01 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Roaming\PerformerSoft
[2012/01/07 09:42:58 | 000,016,752 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2012/01/07 08:34:16 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{05F92C6B-2621-477F-9588-3C547FC312F8}
[2012/01/06 17:18:39 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{2D99D9F3-17F6-4A90-A67D-164FC27E2A90}
[2012/01/06 17:18:22 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{ACE21B3E-45FA-4F31-B53C-173CD492CD70}
[2012/01/05 20:32:46 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{4EFBFC9B-C544-4BD9-AD49-AE5CAC445A60}
[2012/01/05 08:32:46 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{80F9CD12-53BC-4DD7-9CC7-9409F6CE84DB}
[2012/01/04 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{4F07A218-6330-4DB3-8798-DEFDF22946FA}
[2012/01/04 16:35:42 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{F80D1905-798E-4808-8F1C-4B518758D59F}
[2012/01/01 01:00:40 | 000,000,000 | ---D | C] -- C:\Users\Adam Wright\AppData\Local\{68C7A14E-AA9A-49AC-933F-DB4D20340015}
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Adam Wright\Desktop\*.tmp files -> C:\Users\Adam Wright\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/30 19:25:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/28 21:06:01 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/28 21:06:01 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/28 20:56:39 | 1579,438,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/27 13:25:30 | 000,003,387 | ---- | M] () -- C:\Users\Adam Wright\AppData\Local\gcs.pref
[2012/01/25 18:56:46 | 000,054,728 | ---- | M] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2012/01/24 12:38:27 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/01/22 20:33:14 | 000,796,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/22 20:33:14 | 000,673,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/22 20:33:14 | 000,125,830 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/21 17:48:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adam Wright\Desktop\OTL.exe
[2012/01/21 15:58:22 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012/01/21 15:58:22 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2012/01/15 12:40:03 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/07 09:51:56 | 000,001,009 | ---- | M] () -- C:\Users\Adam Wright\Desktop\SpeedFan.lnk
[2012/01/07 09:51:55 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/01/07 09:43:06 | 000,001,016 | ---- | M] () -- C:\ProgramData\repository.xml
[2012/01/04 11:31:48 | 000,186,055 | ---- | M] () -- C:\Users\Adam Wright\Desktop\schedule.png
[2012/01/03 19:11:48 | 000,016,752 | ---- | M] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2012/01/01 12:15:51 | 000,000,000 | ---- | M] () -- C:\Users\Adam Wright\Desktop\terran.exe
[2012/01/01 01:04:50 | 000,790,878 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Adam Wright\Desktop\*.tmp files -> C:\Users\Adam Wright\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/21 15:58:22 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012/01/21 15:58:22 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
[2012/01/15 12:40:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/15 12:40:03 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/07 10:03:40 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/01/07 09:51:56 | 000,001,009 | ---- | C] () -- C:\Users\Adam Wright\Desktop\SpeedFan.lnk
[2012/01/07 09:48:41 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/01/07 09:43:06 | 000,001,016 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/01/04 11:31:48 | 000,186,055 | ---- | C] () -- C:\Users\Adam Wright\Desktop\schedule.png
[2011/12/25 14:02:12 | 000,000,298 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/07/19 21:07:36 | 000,790,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/15 18:01:37 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/03/18 20:06:41 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/02/21 23:14:59 | 000,082,864 | ---- | C] () -- C:\Windows\Unwise.exe
[2011/02/21 23:14:57 | 000,091,644 | ---- | C] () -- C:\Windows\hashicon.dll
[2011/02/14 14:25:53 | 000,003,387 | ---- | C] () -- C:\Users\Adam Wright\AppData\Local\gcs.pref
[2010/10/22 13:13:05 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/09/17 21:57:49 | 000,019,529 | ---- | C] () -- C:\Windows\hpqins13.dat
[2010/09/05 17:00:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/20 16:32:13 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/03/11 07:07:05 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/02/01 08:33:48 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/02/01 08:33:47 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/02/01 08:33:47 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/22 04:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/10/07 20:17:36 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\.minecraft
[2010/07/23 21:13:44 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\AdventureTools
[2011/01/26 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\Autodesk
[2011/03/04 08:35:30 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\Bioshock
[2010/12/18 16:46:54 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\BitZipper
[2010/12/22 21:30:19 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\Braid
[2011/07/29 19:15:48 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\CBL-CustomParts
[2011/09/24 17:57:40 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\CBLoader
[2011/02/22 19:34:21 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\gtk-2.0
[2011/02/21 23:25:57 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\Hash Inc
[2011/06/08 16:10:32 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\LucasArts
[2012/01/27 22:18:12 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\MinMaxGames
[2010/03/22 20:05:07 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\motorola
[2011/05/24 15:04:13 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\PCDr
[2012/01/07 09:50:44 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\PerformerSoft
[2010/06/27 21:15:03 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\Spore
[2011/01/19 17:09:27 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\Subversion
[2011/06/30 19:30:12 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\SystemRequirementsLab
[2010/04/07 21:06:50 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\WildTangent
[2012/01/23 00:20:11 | 000,000,000 | ---D | M] -- C:\Users\Adam Wright\AppData\Roaming\Windows Live Writer
[2011/09/14 13:27:20 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:48081133

< End of report >
  • 0

#4
Gammo
Posted 04 February 2012 - 09:57 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
I'm sorry for the late reply.

I'm not seeing any malware in your OTL log, but let's dig a little bit deeper just to be sure. :thumbsup:

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now



Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

If you're asked whether you want to download the latest Avast virus definitions, choose "Yes".

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#5
Gammo
Posted 07 April 2012 - 08:07 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP