Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

100% CPU Usage spikes WIN 7 Ultimate Home

Started by bleeka , Jan 29 2013 02:48 PM

Please log in to reply

#1
bleeka

Posted 29 January 2013 - 02:48 PM

New Member

Member
7 posts

the problems that I am experiencing is that when I am trying to run multiple programs. (Skype, I Tunes, Adobe Photoshop, etc.) The CPU Usage spikes to 100 then bounces back down then up... not sure what is going on but I have had no luck in disgnosing the problem.. It is mostuly when I am Viudeo Conferencing and the video broadcast freexes from em ..

!) why am I get HIGH CPU Usage
2) How can I remedy this problem myself or whit your assistance.
3) Reg EDIT & Malware Bytes have been used and uninstalled..

Please help me ...

OTL logfile created on: 1/29/2013 3:28:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 47.62% Memory free
6.92 Gb Paging File | 4.82 Gb Available in Paging File | 69.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 82.68 Gb Free Space | 35.52% Space Free | Partition Type: NTFS
Drive E: | 279.46 Gb Total Space | 28.24 Gb Free Space | 10.10% Space Free | Partition Type: NTFS

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/29 15:27:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
PRC - [2013/01/20 16:53:18 | 028,467,264 | ---- | M] (ooVoo LLC) -- C:\Program Files\oovoo\ooVoo.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/30 16:08:58 | 001,149,400 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2012/07/30 16:08:56 | 000,921,048 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2012/07/30 16:08:55 | 006,956,504 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2012/06/15 21:24:20 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccsvchst.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/10/16 09:00:13 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:28 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
PRC - [2009/07/13 20:14:24 | 001,401,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
PRC - [2007/05/31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/13 10:20:55 | 001,545,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\5063f4dbdf92779f2a99706874fe4927\MMCEx.ni.dll
MOD - [2013/01/13 10:19:59 | 006,438,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\f662fb92c32cb9ee1d359dc0d2f5ed66\MIGUIControls.ni.dll
MOD - [2013/01/13 10:19:56 | 000,561,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\c674244b9347a70722146b5440dcb245\Microsoft.ManagementConsole.ni.dll
MOD - [2013/01/13 10:19:56 | 000,287,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\6cf5df9fe8e116d68d4b1496d3e6c124\MMCFxCommon.ni.dll
MOD - [2013/01/13 10:19:55 | 000,553,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\c9b9fea52f7ba16e066c6d8f2848200b\EventViewer.ni.dll
MOD - [2013/01/13 08:48:07 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MOD - [2013/01/13 08:47:58 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013/01/13 08:47:20 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/13 08:47:13 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/13 08:46:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/13 08:46:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/13 08:46:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/13 08:46:37 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/12/04 20:15:15 | 012,456,040 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 20:15:15 | 000,460,904 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 20:15:14 | 004,008,040 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 20:14:29 | 000,587,880 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 20:14:28 | 000,124,520 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 20:14:21 | 000,157,304 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 20:14:20 | 000,275,576 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 20:14:19 | 002,168,952 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV - [2013/01/09 14:28:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/28 18:38:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/07 16:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 16:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/06 09:50:24 | 000,248,248 | R--- | M] (Western Digital) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/07/30 16:08:55 | 006,956,504 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2012/06/15 21:24:20 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/11/14 14:13:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/10/16 08:41:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/08 09:45:10 | 001,034,752 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 09:44:50 | 000,484,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 09:41:36 | 000,237,056 | ---- | M] (WDC) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\zghsmdm.sys -- (zghsmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2013/01/16 00:16:20 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130129.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 00:16:20 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130129.005\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/15 21:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/12/12 08:09:48 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/12/12 08:09:48 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/12/11 16:46:50 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130126.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/30 21:18:28 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys -- (DisplayLinkUsbPort)
DRV - [2012/07/30 16:09:13 | 000,275,320 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2012/07/30 16:09:13 | 000,015,224 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2012/07/05 21:17:58 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP)
DRV - [2012/07/05 21:17:58 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX)
DRV - [2012/06/06 23:43:44 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/06/02 04:31:16 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/05/21 20:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys -- (SymEFA)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/18 06:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2012/01/11 01:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/11/23 21:23:20 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/11/16 22:38:00 | 000,318,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symnets.sys -- (SymNetS)
DRV - [2011/11/16 22:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON)
DRV - [2011/10/17 15:07:48 | 003,566,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2011/08/16 01:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys -- (SymDS)
DRV - [2011/08/02 16:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/12/13 13:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/24 00:47:48 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 18:54:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb80236.sys -- (usbrndis6)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comca...id=cgps06022012
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{4BD8DEFA-B561-4151-88D4-42E0CA13938B}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGHP_enUS453
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.igoogle.com"
FF - prefs.js..extensions.enabledAddons: vlvwyntfql%40vlvwyntfql.org:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@zoom.us/ZoomVideoPlugin: C:\Users\Dennis\AppData\Roaming\Zoom\bin\npzoomplugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/12/12 10:28:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013/01/26 05:29:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/28 18:38:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/01/15 00:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cwnzkdah.default\extensions
[2012/08/01 19:53:09 | 000,001,678 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cwnzkdah.default\extensions\[email protected]
[2013/01/15 00:40:31 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cwnzkdah.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/12/28 18:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/28 18:38:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/27 11:43:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/03 01:16:51 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: barebackrt.com ([www] * in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A021D8A-AF2B-469A-B2D8-9802FD98E903}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB9B7052-293A-49F5-93AA-75CE74E03C88}: DhcpNameServer = 192.168.14.1 66.233.172.12 75.94.255.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B840834D-61A4-4CC8-A2B7-3EAD552D85DB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B840834D-61A4-4CC8-A2B7-3EAD552D85DB}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E05EBFD2-58DF-40A1-948E-524DFB81A63A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\browserprotect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{08072c8f-2621-11e2-8d84-0025645c349a}\Shell - "" = AutoRun
O33 - MountPoints2\{08072c8f-2621-11e2-8d84-0025645c349a}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
O33 - MountPoints2\{94c0b54c-b098-11e1-9d54-0025645c349a}\Shell - "" = AutoRun
O33 - MountPoints2\{94c0b54c-b098-11e1-9d54-0025645c349a}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
O33 - MountPoints2\{94c0b67d-b098-11e1-9d54-0025645c349a}\Shell - "" = AutoRun
O33 - MountPoints2\{94c0b67d-b098-11e1-9d54-0025645c349a}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O33 - MountPoints2\{b619e672-3056-11e2-af5b-0025645c349a}\Shell - "" = AutoRun
O33 - MountPoints2\{b619e672-3056-11e2-af5b-0025645c349a}\Shell\AutoRun\command - "" = E:\Autorun.exe /s
O33 - MountPoints2\{fcb36249-96ca-11e1-8c50-0025645c349a}\Shell - "" = AutoRun
O33 - MountPoints2\{fcb36249-96ca-11e1-8c50-0025645c349a}\Shell\AutoRun\command - "" = E:\WinInit.exe -c
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/29 15:27:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2013/01/29 09:42:40 | 000,000,000 | R--D | C] -- C:\Users\Dennis\Contacts
[2013/01/28 23:37:12 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2013/01/28 21:15:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\images n clipart 2013
[2013/01/23 07:32:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013/01/23 02:44:25 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Zoom
[2013/01/13 11:31:39 | 000,275,320 | ---- | C] (DisplayLink Corp.) -- C:\Windows\System32\drivers\dlkmd.sys
[2013/01/13 11:31:39 | 000,015,224 | ---- | C] (DisplayLink Corp.) -- C:\Windows\System32\drivers\dlkmdldr.sys
[2013/01/13 11:22:53 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2013/01/13 11:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2013/01/03 13:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ

========== Files - Modified Within 30 Days ==========

[2013/01/29 15:28:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/29 15:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/29 15:27:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2013/01/29 11:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/28 21:05:28 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/28 20:49:36 | 000,014,388 | ---- | M] () -- C:\Users\Dennis\Documents\cc_20130128_204920.reg
[2013/01/26 21:36:04 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/26 21:36:04 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/26 17:08:19 | 000,747,184 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/26 17:08:19 | 000,711,240 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013/01/26 17:08:19 | 000,703,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/26 17:08:19 | 000,538,082 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2013/01/26 17:08:19 | 000,526,256 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2013/01/26 17:08:19 | 000,410,012 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2013/01/26 17:08:19 | 000,164,594 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/26 17:08:19 | 000,157,258 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013/01/26 17:08:19 | 000,134,754 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/26 17:08:19 | 000,132,614 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2013/01/26 17:08:19 | 000,118,022 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2013/01/26 17:08:19 | 000,108,710 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2013/01/26 05:29:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/26 05:28:38 | 2787,397,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/24 15:58:39 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2013/01/24 13:00:22 | 000,122,317 | ---- | M] () -- C:\Users\Dennis\Documents\return.pdf
[2013/01/24 11:51:17 | 000,054,729 | ---- | M] () -- C:\Users\Dennis\Documents\shoulder.pdf
[2013/01/24 11:49:42 | 000,107,921 | ---- | M] () -- C:\Users\Dennis\Documents\RIHRecordsRequest (2).pdf
[2013/01/24 11:17:05 | 000,092,101 | ---- | M] () -- C:\Users\Dennis\Documents\RIHRecordsRequest.pdf
[2013/01/13 11:30:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\dlumd9.dll
[2013/01/13 11:30:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\dlumd11.dll
[2013/01/13 11:30:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\dlumd10.dll
[2013/01/12 14:38:59 | 000,298,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/03 14:03:41 | 000,181,069 | ---- | M] () -- C:\Users\Dennis\Documents\rabies deej.pdf
[2013/01/01 20:36:30 | 000,000,678 | ---- | M] () -- C:\Users\Dennis\Desktop\PORN READY - Shortcut.lnk

========== Files Created - No Company Name ==========

[2013/01/28 20:49:29 | 000,014,388 | ---- | C] () -- C:\Users\Dennis\Documents\cc_20130128_204920.reg
[2013/01/24 13:00:22 | 000,122,317 | ---- | C] () -- C:\Users\Dennis\Documents\return.pdf
[2013/01/24 11:49:03 | 000,107,921 | ---- | C] () -- C:\Users\Dennis\Documents\RIHRecordsRequest (2).pdf
[2013/01/24 11:17:05 | 000,092,101 | ---- | C] () -- C:\Users\Dennis\Documents\RIHRecordsRequest.pdf
[2013/01/23 07:32:52 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/01/22 13:24:21 | 000,054,729 | ---- | C] () -- C:\Users\Dennis\Documents\shoulder.pdf
[2013/01/13 11:30:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll
[2013/01/13 11:30:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd11.dll
[2013/01/13 11:30:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll
[2013/01/03 13:17:50 | 000,181,069 | ---- | C] () -- C:\Users\Dennis\Documents\rabies deej.pdf
[2013/01/01 20:36:30 | 000,000,678 | ---- | C] () -- C:\Users\Dennis\Desktop\PORN READY - Shortcut.lnk
[2012/11/19 13:54:29 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/11/10 11:30:36 | 003,566,336 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2012/11/10 11:30:36 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2012/11/04 13:38:34 | 000,002,395 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012/07/25 11:58:13 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/04/19 02:01:16 | 141,504,021 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2012/04/19 01:53:08 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe
[2012/04/19 01:53:04 | 003,121,152 | ---- | C] () -- C:\Program Files\openofficeorg34.msi
[2012/04/19 01:53:04 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2012/04/15 13:28:05 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/04/15 13:28:05 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/04/15 13:28:05 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/04/13 20:18:38 | 000,124,052 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012/01/07 05:19:27 | 000,007,605 | R--- | C] () -- C:\Users\Dennis\AppData\Local\resmon.resmoncfg
[2011/10/20 15:56:15 | 000,003,584 | R--- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/16 17:03:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/10/16 17:01:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/10/16 11:26:03 | 000,711,240 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2011/10/16 11:26:03 | 000,526,256 | ---- | C] () -- C:\Windows\System32\perfh00B.dat
[2011/10/16 11:26:03 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2011/10/16 11:26:03 | 000,279,790 | ---- | C] () -- C:\Windows\System32\perfi00B.dat
[2011/10/16 11:26:03 | 000,157,258 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2011/10/16 11:26:03 | 000,118,022 | ---- | C] () -- C:\Windows\System32\perfc00B.dat
[2011/10/16 11:26:03 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
[2011/10/16 11:26:03 | 000,038,258 | ---- | C] () -- C:\Windows\System32\perfd00B.dat
[2011/10/16 11:26:03 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2011/10/16 11:26:02 | 000,410,012 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
[2011/10/16 11:26:02 | 000,132,614 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
[2011/10/16 11:26:02 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
[2011/10/16 10:57:12 | 000,538,082 | ---- | C] () -- C:\Windows\System32\perfh014.dat
[2011/10/16 10:57:12 | 000,298,300 | ---- | C] () -- C:\Windows\System32\perfi014.dat
[2011/10/16 10:57:12 | 000,108,710 | ---- | C] () -- C:\Windows\System32\perfc014.dat
[2011/10/16 10:57:12 | 000,036,156 | ---- | C] () -- C:\Windows\System32\perfd014.dat
[2011/10/16 10:53:33 | 000,747,184 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/10/16 10:53:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/10/16 10:53:33 | 000,164,594 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/10/16 10:53:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011/10/13 11:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/06/15 08:20:52 | 000,105,240 | ---- | C] () -- C:\Windows\System32\RSTCoin.dll
[2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/08/21 08:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/12 13:49:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Azureus
[2012/11/03 10:29:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Babylon
[2012/12/26 08:15:22 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Canon
[2012/11/14 09:13:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech
[2013/01/29 00:15:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ooVoo Details
[2012/12/27 11:42:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenCandy
[2012/11/02 12:43:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org
[2012/11/02 12:46:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinAVI
[2012/04/01 19:39:30 | 000,000,000 | RHSD | M] -- C:\Users\Dennis\AppData\Roaming\windwos
[2013/01/23 07:47:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Zoom

========== Purity Check ==========

< End of report >

OTL EXTRA REPORT

OTL Extras logfile created on: 1/29/2013 3:28:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 47.62% Memory free
6.92 Gb Paging File | 4.82 Gb Available in Paging File | 69.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 82.68 Gb Free Space | 35.52% Space Free | Partition Type: NTFS
Drive E: | 279.46 Gb Total Space | 28.24 Gb Free Space | 10.10% Space Free | Partition Type: NTFS

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B544749-F9BF-4EDC-B7B8-37F703AEC476}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D557243-35FD-42A3-95DB-37947E0C6F06}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{0E0F6BE3-5A8B-4CE8-89D1-04074F6B7797}" = lport=2869 | protocol=6 | dir=in | app=system |
"{113283D0-1592-4741-94DC-B1FD751ACB4F}" = rport=445 | protocol=6 | dir=out | app=system |
"{12324F0B-2197-4CA6-97A4-EDEDEB3E19D0}" = rport=137 | protocol=17 | dir=out | app=system |
"{13D92BCA-D91F-4A8A-9C92-F3EC5E4569D8}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{167C8C42-EF91-4D27-A448-3D1A392DA5DB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1BE2E82A-C613-404F-8F78-9382B4965C36}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1CA3D2F3-C12D-45C9-A58B-5CD1C0216E47}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1EDEF0FB-5326-49AA-94E3-1C8106312E3F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{20235BB7-98BE-4B5E-A4CC-A290BC077986}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{256ABD65-0079-40CD-8633-01D4EFF37689}" = lport=137 | protocol=17 | dir=in | app=system |
"{270841F1-F31C-497E-9A24-CEBF74634504}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2DD53928-5B70-412C-ACA4-E043B79E4A10}" = rport=1701 | protocol=17 | dir=out | app=system |
"{2F064506-1926-41A2-8E97-20F81D0B7996}" = lport=138 | protocol=17 | dir=in | app=system |
"{3319B1C3-12B4-4A88-8953-DD529E0DFAC5}" = lport=1723 | protocol=6 | dir=in | app=system |
"{3D304E47-6BE8-472B-816B-E41D882C14BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44E4CF49-99A0-400C-9BF1-DAEB19529D04}" = rport=1723 | protocol=6 | dir=out | app=system |
"{486FA40D-89ED-4ED1-A8F1-6F079F130E05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C949B36-A407-4D2A-80BA-2FBC929007D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5371C9BD-11C3-442E-86DF-7F70769AC62A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5C4B3280-3F10-40FB-BBEE-D2F3A18EDCBE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5E07643D-7C64-4601-9E17-C7E6C1B32104}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{62871721-EC28-4EE6-91E9-14360BA19536}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65F202C2-A107-4C10-BE07-890B514C1E2F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{668B291B-DF19-48A5-A402-481B89A959FA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E589CDA-8A27-4774-AC7F-B6777C7F7024}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71E18879-93F1-4750-BC34-0601FCC6AE74}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{755C5DA7-7DCA-478D-9B83-6BAE91D3D17D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75BE3F46-F517-457F-BE92-1ED0634DCF92}" = rport=139 | protocol=6 | dir=out | app=system |
"{8A354ABF-11DE-4F62-89F2-1878B73E879C}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{8ED3C580-F578-4C00-8197-70D300808C64}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F2274C0-1D19-4A07-A31F-1363243DD680}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{8F36CB29-0EB4-4E1F-A644-5731229DD86D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8F6D0379-A1BD-433D-BA9A-119BE9FF61A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{936A38DE-D92C-4DEB-BF6B-0C4B018005E9}" = lport=139 | protocol=6 | dir=in | app=system |
"{97C8A39B-1220-4982-BB03-AA6E43299B40}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9E8129B1-ED1C-44CF-8B73-90AD78D808D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A675D7EA-9BA1-4719-8E96-D30EA6C7D8B4}" = lport=445 | protocol=6 | dir=in | app=system |
"{B49822B9-B0EB-4B09-AA37-A2367C598DBE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{B9233FBD-036D-40EB-891A-915B262EE4D3}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D0CEB7C3-4AAD-4DFB-A5FF-7BB1F08E852F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D6207B2E-D14B-4350-B939-70E9CF727B56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D96711DA-3767-4AD0-AFD2-DE8FD6743F2D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB3AFD12-2EA4-42ED-8CF3-5B93DAAC4B34}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{E0090EEB-E65E-4631-BCAB-B4985BF195BC}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{E63AEE1C-DFD3-4767-9BBB-187DC124EA06}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E65CA128-C287-4AE0-994A-40EE2AE45F43}" = lport=1701 | protocol=17 | dir=in | app=system |
"{E7DF33D3-F031-46EB-BFB1-661023EBF57A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB205D50-D8B5-4D8D-A345-CC834B5CF223}" = rport=138 | protocol=17 | dir=out | app=system |
"{F74E37F6-2261-4A6F-BD54-748BF34E9CC4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04596F61-D6C3-44CE-B71A-113FCE83285E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{054AAB61-13C1-4E9C-A712-E8B64994006E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B7C6CB6-9015-45E7-8076-A235504FDEA9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0CAC98BB-C1A1-41B8-9B77-10F79826EBAE}" = protocol=1 | dir=out | [email protected],-28544 |
"{11AF22DA-8005-4B85-8D0F-5FF499C1B308}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{13C5DD52-0925-4036-89C3-A1907191A25D}" = protocol=6 | dir=in | app=c:\users\dennis\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{15B59065-D8D6-4F41-A819-CC3D6F05C592}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B049509-6BD0-419C-BBEB-42A212101FFB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{23EC9EBF-68F0-49C8-B779-4C6D7BFB6C4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37416584-47EB-46E0-A967-23A9F802299D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D72C7DD-E64D-463B-ACC1-E20CBBC617C3}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{3FD8B878-0C0F-4404-827C-CE0A7ECFBA4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4DC1A4E1-E8E3-42AF-B2C7-A72332F2B0D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53F47FB9-62D5-4153-A92A-ACBB1E3A8C8D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5755488C-2826-40CD-9799-91BC99A0FA9B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{58B02E59-8B5A-46E8-8CF3-04D7E5431BB3}" = protocol=47 | dir=in | app=system |
"{627EE7F9-90C0-4C58-A0F9-21E93113B7B8}" = protocol=1 | dir=in | [email protected],-28543 |
"{717AB3D4-0F87-4CDD-9352-3A7015165933}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7402B2B6-C863-435D-8B48-D9E57B3E7F2E}" = protocol=17 | dir=in | app=c:\users\dennis\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7B4CDFCC-0EFF-4444-9EFE-680E3574737D}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{7BB64802-9CC0-4010-8B05-D48CB49037A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D5A7CB6-17A4-4429-BF6B-B302DE3D605D}" = protocol=58 | dir=in | [email protected],-148 |
"{83087619-07CA-4BF8-8D59-F8364A1D9630}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8E7699CF-6C06-4A67-B489-58D3A82463AD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{93367D10-21B6-476E-B3B9-263DA7C97E2C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{956A7485-A2D4-4AC3-AEE9-2060784F6E5F}" = protocol=6 | dir=in | app=c:\users\dennis\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9AF9792E-C81B-4866-A221-40643425945E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A075E30F-B14F-4884-AF5B-0EDB86233613}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{A10BFAF5-2C9F-4F06-AAC7-83367E468426}" = protocol=17 | dir=in | app=c:\users\dennis\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A501BE20-1A5A-42DD-9B3F-FF2F2321834A}" = protocol=47 | dir=out | app=system |
"{AF6E8965-89EE-4FCB-938B-D6AB958E33EA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF3003B0-72DF-4FCB-9165-5990C4C99029}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C7CDC134-AA05-4D15-AD56-6CE1923A41BD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4F44FF8-2774-4411-80EC-A5CF6021FC24}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{D818B165-157A-4BC1-BE16-BC911CCCD4B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D8F1CBCA-D66C-44FE-82F3-557B2DD5BEFE}" = protocol=6 | dir=out | app=system |
"{DC0CF847-F76D-43B7-B48E-BAF8DDB54429}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF418189-0897-441C-99B9-494C271D14A5}" = protocol=58 | dir=in | [email protected],-28545 |
"{E3A6C2F1-C778-4FA9-ABDA-646FB57E58F6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E3C8BE1F-61C1-423F-A6EB-AF490342DCCB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F2D9639F-3D8D-4602-AB3D-F4ABFB0F479B}" = protocol=58 | dir=out | [email protected],-28546 |
"{F6C21ED2-811D-4F28-B30E-50DB6F8867B4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{FCFFA041-189C-4570-B002-68AA2382952B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{ABD1743C-D24C-4929-A270-28D751C27388}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{CB5AE9C1-62B4-4DF7-B975-667E49037A0A}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{F15838DB-5CB1-48C5-9278-522349DC7703}C:\program files\ispq videochat 9\ispqvideochat9.exe" = protocol=6 | dir=in | app=c:\program files\ispq videochat 9\ispqvideochat9.exe |
"UDP Query User{10CC7145-E076-4FBD-8CAF-8264A1601070}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{9585F695-A8A8-4062-89B3-8EE46003F426}C:\program files\ispq videochat 9\ispqvideochat9.exe" = protocol=17 | dir=in | app=c:\program files\ispq videochat 9\ispqvideochat9.exe |
"UDP Query User{E80B216F-5F00-4B73-8752-C2FB6878EF60}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{041F704B-2224-4C53-8D9A-00CCB9C6E0AD}" = DisplayLink Graphics
"{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1" = Remove Empty Directories version 2.2
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BDD3B5A-454C-448F-991C-B656C318B77B}" = DisplayLink Core Software
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{98D451C4-4ACA-4273-BB47-57CFE46B048E}" = WD SmartWare
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A03E40E6-5395-46FC-A128-6997FC9D7080}" = iSpQ VideoChat 9
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"N360" = Norton Security Suite
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MusicManager" = Music Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2013 5:41:59 AM | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/24/2013 5:41:59 AM | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5148

Error - 1/24/2013 5:41:59 AM | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5148

Error - 1/24/2013 5:42:00 AM | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/24/2013 5:42:00 AM | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6396

Error - 1/24/2013 5:42:00 AM | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6396

Error - 1/24/2013 7:54:26 AM | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/24/2013 7:54:26 AM | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7951683

Error - 1/24/2013 7:54:26 AM | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7951683

Error - 1/27/2013 1:31:21 PM | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iTunes.exe, version: 11.0.1.12, time stamp:
0x50c8fc7e Faulting module name: QuickTime.qts, version: 7.73.80.64, time stamp:
0x50890e53 Exception code: 0xc0000005 Fault offset: 0x00880aba Faulting process id:
0xca0 Faulting application start time: 0x01cdfcb3b3d57b4d Faulting application path:
C:\Program Files\iTunes\iTunes.exe Faulting module path: C:\Program Files\QuickTime\QTSystem\QuickTime.qts
Report
Id: 5d53ea0e-68a7-11e2-a6da-0025645c349a

[ Media Center Events ]
Error - 7/30/2012 4:46:49 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 4:46:48 PM - Error connecting to the internet. 4:46:48 PM - Unable
to contact server..

Error - 7/30/2012 4:47:03 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 4:46:54 PM - Error connecting to the internet. 4:46:54 PM - Unable
to contact server..

Error - 7/31/2012 6:16:25 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 6:16:25 PM - Error connecting to the internet. 6:16:25 PM - Unable
to contact server..

Error - 7/31/2012 6:16:47 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 6:16:30 PM - Error connecting to the internet. 6:16:30 PM - Unable
to contact server..

Error - 12/9/2012 4:27:50 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 3:27:50 PM - Error connecting to the internet. 3:27:50 PM - Unable
to contact server..

Error - 12/9/2012 4:28:24 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 3:28:19 PM - Error connecting to the internet. 3:28:19 PM - Unable
to contact server..

Error - 12/9/2012 5:29:13 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 4:29:13 PM - Error connecting to the internet. 4:29:13 PM - Unable
to contact server..

Error - 12/9/2012 5:29:42 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 4:29:42 PM - Error connecting to the internet. 4:29:42 PM - Unable
to contact server..

Error - 12/9/2012 6:30:41 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 5:30:41 PM - Error connecting to the internet. 5:30:41 PM - Unable
to contact server..

Error - 12/9/2012 6:31:15 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 5:31:10 PM - Error connecting to the internet. 5:31:10 PM - Unable
to contact server..

[ System Events ]
Error - 1/29/2013 4:09:06 PM | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = The HomeGroup Listener service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/29/2013 4:09:06 PM | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = The PnP-X IP Bus Enumerator service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 1/29/2013 4:09:06 PM | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = The Network Connections service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 100 milliseconds:
Restart the service.

Error - 1/29/2013 4:09:06 PM | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = The Program Compatibility Assistant Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 1/29/2013 4:09:06 PM | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = The Superfetch service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/29/2013 4:09:06 PM | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = The Distributed Link Tracking Client service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 1/29/2013 4:09:06 PM | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = The Desktop Window Manager Session Manager service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 1/29/2013 4:09:06 PM | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = The WLAN AutoConfig service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 1/29/2013 4:09:06 PM | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = The Portable Device Enumerator Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 1/29/2013 4:09:06 PM | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.

< End of report >

#2
RKinner

Posted 01 February 2013 - 03:41 PM

Malware Expert

Expert
24,624 posts

Download the adwCleaner

Run the Tool
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the option
Select the Delete button.
When the scan completes, it will open a notepad windows.
Please, copy the content of this file in your next reply.

Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

(If you can catch a process explorer log when the cpu usage is high that would help.)

Ron

#3
bleeka

Posted 01 February 2013 - 11:22 PM

New Member

Topic Starter
Member
7 posts

Ron,

Thank you for you reply .. .I belive i Have done this correctly but then again I am no computer guy ..
Here is what you asked for.

Dennis

ADW Cleaner
# AdwCleaner v2.109 - Logfile created 02/01/2013 at 19:14:35
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Dennis - DENNIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Dennis\AppData\Local\APN
Folder Deleted : C:\Users\Dennis\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dennis\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Dennis\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\e538d8abd3ebf49
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\TENCENT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cwnzkdah.default\prefs.js

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cwnzkdah.default\user.js ... Deleted !

Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.FirstTime", "true");
Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Deleted : user_pref("CT3220468.UserID", "UN74843327084960748");
Deleted : user_pref("CT3220468.autoDisableScopes", 14);
Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Deleted : user_pref("CT3220468.fixUrls", true);
Deleted : user_pref("CT3220468.installId", "fftC523.tmp.exe");
Deleted : user_pref("CT3220468.installType", "XPE");
Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.google.com%2[...]
Deleted : user_pref("CT3220468.openThankYouPage", "true");
Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.settingsINI", true);
Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Deleted : user_pref("CT3220468.toolbarBornServerTime", "14-11-2012");
Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "14-11-2012");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "eecc92c8000000000000761a04169ed8");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15647");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.811:30:04");
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1338437824);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 15);
Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1338437824");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1338437824");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Mon Oct 15 2012 09:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Sun Oct 21 2012 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1350308625");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1346315339927");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2241320%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1346031219289");
Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "90");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Mon Oct 15[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 6);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function h(){v[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15,1000014");
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 15);
Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 90);
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Deleted : user_pref("extensions.crossriderapp2258.bic", "137a6ef7c53865fdbc379be3eb12228f");
Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1338535542);
Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22505144);
Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22505144);
Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1341418972524");
Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1341418972513");
Deleted : user_pref("extensions.crossriderapp2258.modetype", "production");

*************************

AdwCleaner[S1].txt - [319 octets] - [01/02/2013 19:03:31]
AdwCleaner[S2].txt - [18763 octets] - [01/02/2013 19:14:35]

########## EOF - C:\AdwCleaner[S2].txt - [18824 octets] ##########

aswmbr

# AdwCleaner v2.109 - Logfile created 02/01/2013 at 19:14:35
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Dennis - DENNIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Dennis\AppData\Local\APN
Folder Deleted : C:\Users\Dennis\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dennis\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Dennis\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\e538d8abd3ebf49
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\TENCENT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cwnzkdah.default\prefs.js

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cwnzkdah.default\user.js ... Deleted !

Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.FirstTime", "true");
Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Deleted : user_pref("CT3220468.UserID", "UN74843327084960748");
Deleted : user_pref("CT3220468.autoDisableScopes", 14);
Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Deleted : user_pref("CT3220468.fixUrls", true);
Deleted : user_pref("CT3220468.installId", "fftC523.tmp.exe");
Deleted : user_pref("CT3220468.installType", "XPE");
Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.google.com%2[...]
Deleted : user_pref("CT3220468.openThankYouPage", "true");
Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.settingsINI", true);
Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Deleted : user_pref("CT3220468.toolbarBornServerTime", "14-11-2012");
Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "14-11-2012");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "eecc92c8000000000000761a04169ed8");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15647");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.811:30:04");
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1338437824);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 15);
Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1338437824");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1338437824");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Mon Oct 15 2012 09:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Sun Oct 21 2012 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1350308625");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1346315339927");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2241320%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1346031219289");
Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "90");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Mon Oct 15[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 6);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function h(){v[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15,1000014");
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 15);
Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 90);
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Deleted : user_pref("extensions.crossriderapp2258.bic", "137a6ef7c53865fdbc379be3eb12228f");
Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1338535542);
Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22505144);
Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22505144);
Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1341418972524");
Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1341418972513");
Deleted : user_pref("extensions.crossriderapp2258.modetype", "production");

*************************

AdwCleaner[S1].txt - [319 octets] - [01/02/2013 19:03:31]
AdwCleaner[S2].txt - [18763 octets] - [01/02/2013 19:14:35]

########## EOF - C:\AdwCleaner[S2].txt - [18824 octets] ##########

combofix

ComboFix 13-02-01.04 - Dennis 02/01/2013 19:59:10.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3544.2102 [GMT -5:00]
Running from: c:\users\Dennis\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dir
c:\program files\Setup.exe
c:\users\Dennis\AppData\Roaming\msxml4.dll
c:\users\Dennis\AppData\Roaming\msxml4a.dll
c:\users\Dennis\AppData\Roaming\msxml4r.dll
c:\windows\system32\DEBUG.log
c:\windows\system32\dlumd10.dll
c:\windows\system32\dlumd11.dll
c:\windows\system32\dlumd9.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\Microsoft\windwos
.
.
((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
.
.
2013-02-02 01:11 . 2013-02-02 01:11 -------- dc----w- c:\users\Dennis\AppData\Local\temp
2013-02-02 01:11 . 2013-02-02 01:11 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-01-31 03:02 . 2013-01-31 03:02 -------- dc----w- c:\users\Dennis\AppData\Local\Apple
2013-01-30 22:03 . 2013-01-30 22:03 -------- dc----w- c:\users\Dennis\AppData\Local\Macromedia
2013-01-30 22:02 . 2013-01-31 19:02 -------- dc----w- c:\users\Dennis\AppData\Local\CrashDumps
2013-01-29 03:04 . 2013-01-29 03:04 -------- d-----w- c:\windows\system32\wbem\Logs
2013-01-29 02:14 . 2013-01-29 02:14 -------- d-----w- c:\windows\system32\wbem\MOF
2013-01-23 07:44 . 2013-01-23 12:47 -------- d-----w- c:\users\Dennis\AppData\Roaming\Zoom
2013-01-13 16:31 . 2012-07-30 21:09 275320 ----a-w- c:\windows\system32\drivers\dlkmd.sys
2013-01-13 16:31 . 2012-07-30 21:09 15224 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys
2013-01-13 16:22 . 2013-01-23 12:30 -------- d-----w- c:\windows\WindowsMobile
2013-01-12 19:55 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs
2013-01-12 19:55 . 2012-12-07 10:46 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-12 19:55 . 2012-12-07 10:46 40960 ----a-w- c:\windows\system32\cob-au.rs
2013-01-09 11:07 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 11:07 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 11:07 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-03 18:31 . 2013-01-03 18:31 -------- dc----w- c:\programdata\CanonIJ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 19:28 . 2012-04-14 00:50 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 19:28 . 2011-10-15 22:55 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-23 13:08 . 2012-12-23 13:09 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-23 13:08 . 2012-05-16 17:55 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-23 13:08 . 2011-10-15 22:37 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 14:13 . 2012-12-21 03:57 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 03:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-29 23:17 . 2003-08-28 10:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-11-29 23:17 . 2003-02-22 15:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-11-14 02:09 . 2012-12-13 08:03 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 08:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 08:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 08:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 08:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 08:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-13 05:09 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-04 18:36 . 2012-11-04 18:36 98304 ----a-w- c:\users\Dennis\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2012-11-04 18:36 . 2012-11-04 18:36 24576 ----a-w- c:\users\Dennis\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2012-11-04 18:36 . 2012-11-04 18:36 1347584 ----a-w- c:\users\Dennis\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2012-04-19 06:53 . 2012-04-19 06:53 3121152 -c--a-w- c:\program files\openofficeorg34.msi
2013-01-30 22:11 . 2013-01-30 22:11 262552 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"73CA050ACBC0493DD48ED4A275029F28550F7E8E._service_run"="c:\users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Dennis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MP495 series Printer.lnk]
path=c:\users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MP495 series Printer.lnk
backup=c:\windows\pss\Canon IJ Status Monitor Canon MP495 series Printer.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\73CA050ACBC0493DD48ED4A275029F28550F7E8E._service_run]
2012-12-05 01:15 1242728 -c--a-w- c:\users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 01:50 2516296 -c--a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 15:18 1185112 -c--a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-10-13 17:15 171288 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-10-13 17:15 138008 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaLAN]
2011-11-14 19:13 1884064 -c--a-w- c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 18:57 152544 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-10-13 17:15 172824 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 08:12 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Amped Wireless UA600 High Power Wireless-300N 600mW USB Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R3 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [x]
R3 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
R3 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [x]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130131.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0604000.009\SYMNETS.SYS [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
GPSvcGroup REG_MULTI_SZ GPSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 19:28]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-29 15:17]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-29 15:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps06022012
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: barebackrt.com\www
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B840834D-61A4-4CC8-A2B7-3EAD552D85DB}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cwnzkdah.default\
FF - prefs.js: browser.startup.homepage - www.igoogle.com
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\update\realsched.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4c,f0,b2,0f,3b,1b,cd,01
.
[HKEY_USERS\S-1-5-21-4184815768-3132322913-4140952495-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-4184815768-3132322913-4140952495-1001)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\gnotify.exe"
.
[HKEY_USERS\S-1-5-21-4184815768-3132322913-4140952495-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-4184815768-3132322913-4140952495-1001)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-01 20:15:39
ComboFix-quarantined-files.txt 2013-02-02 01:15
.
Pre-Run: 83,374,534,656 bytes free
Post-Run: 80,637,915,136 bytes free
.
- - End Of File - - 16702E2E33D9132D0ACF26E62B940F40

TDSSKiller

■2#2#:#0#9#:#4#8#.#0#6#9#1# #4#5#9#2# # #T#D#S#S# #r#o#o#t#k#i#t# #r#e#m#o#v#i#n#g# #t#o#o#l# #2#.#8#.#1#5#.#0# #O#c#t# #3#1# #2#0#1#2# #2#1#:#4#7#:#3#5#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=#=# # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#A#f#c#.#s#y#s#
# # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#a#l#i#i#d#e#.#s#y#s#A#p#p#H#o#s#t#S#v#c# # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#i#n#e#t#s#r#v#\#a#p#p#h#o#s#t#s#v#c#.#d#l#l#0#7#1#4# #4#5#9#6# # #A#u#d#i#o#s#r#v# #-# #o#k#
#4#5#9#6# # #B#r#F#i#l#t#L#o# #-# #o#k#4#D#4#B# #]# #B#r#i#d#g#e#M#P# # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#b#r#i#d#g#e#.#s#y#s#0#:#2#5#.#0#5#2#3# #4#5#9#6# # #[# #D#8#8#0#4#0#F#8#1#6#F#D#A#3#1#C#3#B#4#6#6#F#0#F#A#0#9#1#8#F#2#9# #]# #c#l#r#_#o#p#t#i#m#i#z#a#t#i#o#n#_#v#2#.#0#.#5#0#7#2#7#_#3#2# #C#:#\#W#i#n#d#o#w#s#\#M#i#c#r#o#s#o#f#t#.#N#E#T#\#F#r#a#m#e#w#o#r#k#\#v#2#.#0#.#5#0#7#2#7#\#m#s#c#o#r#s#v#w#.#e#x#e#2#2#:#1#0#:#2#6#.#0#2#7#2# #4#5#9#6# # #[# #7#6#6#0#F#0#1#D#3#B#3#8#A#C#A#1#7#4#7#E#3#9#7#D#2#1#D#7#9#0#A#F# #]# #D#c#o#m#L#a#u#n#c#h# # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#r#p#c#s#s#.#d#l#l#
#4#5#9#6# # #d#i#s#c#a#c#h#e# #-# #o#k#y#s# #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#f#d#c#.#s#y#s#
#4#5#9#6# # #[# #8#A#7#3#E#7#9#0#8#9#B#2#8#2#1#0#0#B#9#3#9#3#B#6#4#4#C#B#8#5#3#B# #]# #f#v#e#v#o#l# # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#f#v#e#v#o#l#.#s#y#s# #[# #E#8#9#7#E#A#F#5#E#D#6#B#A#4#1#E#0#8#1#0#6#0#C#9#B#4#4#7#A#6#7#3# #]# #g#p#s#v#c# # # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#S#y#s#t#e#m#3#2#\#g#p#s#v#c#.#d#l#l#k#0# #4#5#9#6# # #[# #A#C#B#3#6#4#B#9#0#7#5#A#4#5#C#0#7#3#6#E#5#C#4#7#B#E#5#C#A#E#1#9# #]# #I#P#B#u#s#E#n#u#m# # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#i#p#b#u#s#e#n#u#m#.#d#l#l#
#4#5#9#6# # #[# #4#B#D#7#1#3#4#6#1#8#C#1#D#2#A#2#7#4#6#6#A#0#9#9#0#6#2#5#4#7#B#F# #]# #I#P#M#I#D#R#V# # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#I#P#M#I#D#r#v#.#s#y#s#1#0#:#3#1#.#0#4#2#0# #4#5#9#6# # #[# #8#9#A#7#B#9#C#C#9#8#D#0#D#8#0#C#6#F#3#1#B#9#1#C#0#A#3#1#0#F#C#D# #]# #K#t#m#R#m# # # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#m#s#d#t#c#k#r#m#.#d#l#l# # #[# #8#E#1#7#D#5#1#3#D#8#0#1#1#B#0#E#E#0#3#C#3#5#5#E#A#A#B#0#E#0#C#C# #]# #M#a#n#y#C#a#m# # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#m#c#v#i#d#r#v#.#s#y#s#
#4#5#9#6# # #M#o#d#e#m# #-# #o#k#M#a#i#n#t#e#n#a#n#c#e# #S#e#r#v#i#c#e#\#m#a#i#n#t#e#n#a#n#c#e#s#e#r#v#i#c#e#.#e#x#e# # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#m#s#i#s#a#d#r#v#.#s#y#s#o#n#s#\#V#i#r#u#s#D#e#f#s#\#2#0#1#3#0#2#0#1#.#0#2#0#\#N#A#V#E#N#G#.#S#Y#S#
#f#i#n#i#t#i#o#n#s#\#V#i#r#u#s#D#e#f#s#\#2#0#1#3#0#2#0#1#.#0#2#0#\#N#A#V#E#X#1#5#.#S#Y#S#0#8#5#3# #4#5#9#6# # #N#e#t#M#s#m#q#A#c#t#i#v#a#t#o#r# #-# #o#k#F#7#1#7#D# #]# #n#v#_#a#g#p# # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#n#v#_#a#g#p#.#s#y#s#
#4#5#9#6# # #[# #6#7#3#E#5#5#C#3#4#9#8#E#B#9#7#0#0#8#8#E#8#1#2#E#A#8#2#0#A#A#8#F# #]# #p#c#i# # # # # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#p#c#i#.#s#y#s#F#E#A#C#1#8#2#4#C#1#5#A#3#F#A# #]# #P#h#3#x#I#B#3#2# # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#P#h#3#x#I#B#3#2#.#s#y#s# # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#q#l#4#0#x#x#.#s#y#s#
#]# #R#D#P#D#R# # # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#r#d#p#d#r#.#s#y#s#3#A#C#4#1#6#C#C#E#F#2#B#C#A# #]# #s#b#p#2#p#o#r#t# # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#s#b#p#2#p#o#r#t#.#s#y#s# # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#s#f#f#d#i#s#k#.#s#y#s#
#]# #s#i#s#a#g#p# # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#s#i#s#a#g#p#.#s#y#s# #]# #S#p#o#o#l#e#r# # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#S#y#s#t#e#m#3#2#\#s#p#o#o#l#s#v#.#e#x#e#s#w#e#n#u#m# # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#s#w#e#n#u#m#.#s#y#s#
#4#5#9#6# # #T#B#S# #-# #o#k#\#D#R#I#V#E#R#S#\#t#c#p#i#p#.#s#y#s#p#3#5# # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#u#a#g#p#3#5#.#s#y#s#2#7#9# #4#5#9#6# # #u#s#b#e#h#c#i# #-# #o#k#
# #u#s#b#r#n#d#i#s#6# #-# #o#k#\#v#g#a#.#s#y#s#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#v#w#i#f#i#m#p#.#s#y#s#
#-# #o#k#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#w#d#c#s#a#m#.#s#y#s#\#w#i#m#m#o#u#n#t#.#s#y#s#:#1#0#:#4#6#.#0#0#3#8# #4#5#9#6# # #[# #6#F#5#D#4#9#E#F#E#0#E#7#1#6#4#E#0#3#A#E#7#7#3#A#3#F#E#2#5#3#4#0# #]# #w#s#c#s#v#c# # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#w#s#c#s#v#c#.#d#l#l#
#C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#W#S#D#S#c#a#n#.#s#y#s#E#8#4#4#4#9#F#F#0#7#E#D#3#5#1#7#B#4#3#A#3#1# #]# #\#D#e#v#i#c#e#\#H#a#r#d#d#i#s#k#0#\#D#R#0#l#e#s#\#A#d#o#b#e#\#A#R#M#\#1#.#0#\#a#r#m#s#v#c#.#e#x#e#
#M#o#n#i#t#o#r#\#B#e#l#k#i#n#S#e#r#v#i#c#e#.#e#x#e#.#0#2#5#4# #4#1#7#2# # #[# #C#D#5#9#1#4#1#7#0#2#9#7#1#2#6#B#6#2#6#6#8#6#0#1#9#8#D#1#D#4#F#0# #]# #a#m#d#i#d#e# # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#a#m#d#i#d#e#.#s#y#s#s#.#s#y#s#6# #4#1#7#2# # #[# #E#5#8#5#4#4#5#D#5#0#2#1#9#7#1#F#A#E#1#0#3#9#3#F#0#F#1#C#3#9#6#1# #]# #B#I#T#S# # # # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#q#m#g#r#.#d#l#l#
#4#1#7#2# # #B#I#T#S# #-# #o#k# #o#k# # #C#o#m#p#F#i#l#t#e#r# #-# #o#k#
# # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#r#p#c#s#s#.#d#l#l#C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#D#i#s#p#l#a#y#L#i#n#k#U#s#b#P#o#r#t#_#6#.#3#.#4#0#6#6#0#.#0#.#s#y#s# #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#e#l#x#s#t#o#r#.#s#y#s#
#4#1#7#2# # #[# #B#3#A#5#E#C#6#B#6#B#6#6#7#3#D#B#7#E#8#7#C#2#B#C#D#B#D#D#C#0#7#4# #]# #F#o#n#t#C#a#c#h#e# # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#F#n#t#C#a#c#h#e#.#d#l#l#B#7#F#D#A#0#A#C#7#7#A#7#9#B#0#F#D#3#D#E#1#A#2#F# #]# #F#o#n#t#C#a#c#h#e#3#.#0#.#0#.#0# #C#:#\#W#i#n#d#o#w#s#\#M#i#c#r#o#s#o#f#t#.#N#e#t#\#F#r#a#m#e#w#o#r#k#\#v#3#.#0#\#W#P#F#\#P#r#e#s#e#n#t#a#t#i#o#n#F#o#n#t#C#a#c#h#e#.#e#x#e#t#e#m#3#2#\#D#R#I#V#E#R#S#\#h#i#d#b#t#h#.#s#y#s#8#0#B#E#4#0#1#C#7#4# #]# #I#D#S#V#i#x#8#6# # # # # # # # #C#:#\#P#r#o#g#r#a#m#D#a#t#a#\#N#o#r#t#o#n#\#{#0#C#5#5#C#0#9#6#-#0#F#1#D#-#4#F#2#8#-#A#A#A#2#-#8#5#E#F#5#9#1#1#2#6#E#7#}#\#N#3#6#0#_#6#.#0#.#0#.#1#4#5#\#D#e#f#i#n#i#t#i#o#n#s#\#I#P#S#D#e#f#s#\#2#0#1#3#0#2#0#1#.#0#0#1#\#I#D#S#v#i#x#8#6#.#s#y#s#
#4#1#7#2# # #i#n#t#e#l#i#d#e# #-# #o#k#r#s#\#i#s#a#p#n#p#.#s#y#s#:#3#8#.#0#5#1#2# #4#1#7#2# # #L#S#I#_#S#A#S# #-# #o#k#
# # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#M#c#x#2#S#v#c#.#d#l#l#9#B#E#5#E#A# #]# #M#M#C#S#S# # # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#m#m#c#s#s#.#d#l#l#4#1#7#2# # #[# #0#1#2#C#5#F#4#E#9#3#4#9#E#7#1#1#E#1#1#E#0#F#1#9#A#8#5#8#9#F#0#A# #]# #m#s#a#h#c#i# # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#m#s#a#h#c#i#.#s#y#s#7#2# # #M#S#T#E#E# #-# #o#k#
#o#k#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#N#D#P#r#o#x#y#.#s#y#s#4#1#7#2# # #N#p#f#s# #-# #o#k#
#]# #p#2#p#s#v#c# # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#p#2#p#s#v#c#.#d#l#l#1#7#2# # #[# #6#7#3#E#5#5#C#3#4#9#8#E#B#9#7#0#0#8#8#E#8#1#2#E#A#8#2#0#A#A#8#F# #]# #p#c#i# # # # # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#p#c#i#.#s#y#s# #6#3#1#E#3#E#2#0#5#A#D#6#D#8#6#F#2#A#E#D#6#A#4#A#8#E#6#9#F#2#D#B# #]# #P#p#t#p#M#i#n#i#p#o#r#t# # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#r#a#s#p#p#t#p#.#s#y#s#C#B#9#E#0#4#D#C#0#5#E#A#C#F#5#B#9#A#3#6#C#A#2#7#6#D#4#7#5#0#0#6# #]# #R#a#s#M#a#n# # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#S#y#s#t#e#m#3#2#\#r#a#s#m#a#n#s#.#d#l#l#
#4#1#7#2# # #R#a#s#P#p#p#o#e# #-# #o#k#:#1#3#:#4#8#.#0#1#6#8# #4#1#7#2# # #[# #7#8#D#0#7#2#F#3#5#B#C#4#5#D#9#E#4#E#1#B#6#1#8#9#5#C#1#5#2#2#3#4# #]# #R#p#c#E#p#t#M#a#p#p#e#r# # # # #C#:#\#W#i#n#d#o#w#s#\#S#y#s#t#e#m#3#2#\#R#p#c#E#p#M#a#p#.#d#l#l#4#9#.#0#4#0#1# #4#1#7#2# # #[# #D#C#B#7#F#C#D#C#C#9#7#F#8#7#3#6#0#F#7#5#D#7#7#4#2#5#B#8#1#7#3#7# #]# #S#E#N#S# # # # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#s#e#n#s#.#d#l#l#
# #s#f#f#p#_#m#m#c# #-# #o#k#5#0#.#0#5#0#8# #4#1#7#2# # #[# #3#7#2#7#0#9#7#B#5#5#7#3#8#E#2#F#5#5#4#9#7#2#C#3#B#E#5#B#C#1#A#A# #]# #S#i#S#R#a#i#d#4# # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#s#i#s#r#a#i#d#4#.#s#y#s#9#1#A#E#0#6#A#7#1#8#A#4#F#A#8#A#B#C# #]# #s#r#v#n#e#t# # # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#s#r#v#n#e#t#.#s#y#s#5#2#.#0#5#2#1#
#4#1#7#2# # #S#y#m#I#R#O#N# #-# #o#k#2#\#t#h#e#m#e#s#e#r#v#i#c#e#.#d#l#l#V#P#F#S#r#v# # # # # # # # #C#:#\#P#r#o#g#r#a#m# #F#i#l#e#s#\#C#o#m#m#o#n# #F#i#l#e#s#\#l#o#g#i#s#h#r#d#\#L#V#M#V#F#M#\#U#M#V#P#F#S#r#v#.#e#x#e#
#-# #o#k# # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#D#R#I#V#E#R#S#\#u#s#b#u#h#c#i#.#s#y#s# # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#v#o#l#m#g#r#.#s#y#s#
#4#1#7#2# # #W#a#n#a#r#p#v#6# #-# #o#k#S#v#c# # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#W#a#t#\#W#a#t#A#d#m#i#n#S#v#c#.#e#x#e#E#F#9#D#C#9#6#2#6#5#F#D#0#B#4#2#3#D#B#7#2#E#7#C#3#8#C#2#A#5# #]# #W#d#i#S#e#r#v#i#c#e#H#o#s#t# # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#w#d#i#.#d#l#l#2# # #[# #1#6#9#3#5#C#9#8#F#F#6#3#9#D#1#8#5#0#8#6#A#3#5#2#9#B#1#F#2#0#6#7# #]# #W#l#a#n#s#v#c# # # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#S#y#s#t#e#m#3#2#\#w#l#a#n#s#v#c#.#d#l#l#
#]# #w#m#i#A#p#S#r#v# # # # # # # # #C#:#\#W#i#n#d#o#w#s#\#s#y#s#t#e#m#3#2#\#w#b#e#m#\#W#m#i#A#p#S#r#v#.#e#x#e#d#o#w#s#\#s#y#s#t#e#m#3#2#\#d#r#i#v#e#r#s#\#W#u#d#f#P#f#.#s#y#s#1#

MALWAREBYTES

■M#a#l#w#a#r#e#b#y#t#e#s# #A#n#t#i#-#M#a#l#w#a#r#e# #1#.#7#0#.#0#.#1#1#0#0#

VEW
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/02/2013 11:10:18 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/02/2013 4:07:42 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 02/02/2013 4:07:22 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/02/2013 4:06:31 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#.

Log: 'System' Date/Time: 02/02/2013 4:05:02 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

VEW APPLICATION

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/02/2013 11:12:47 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/02/2013 4:09:52 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-4184815768-3132322913-4140952495-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The object was not found. (HRESULT : 0x80041201) (0x80041201)

OTL 1

OTL logfile created on: 2/1/2013 11:30:00 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 69.56% Memory free
6.92 Gb Paging File | 5.76 Gb Available in Paging File | 83.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 75.31 Gb Free Space | 32.35% Space Free | Partition Type: NTFS
Drive E: | 279.46 Gb Total Space | 41.47 Gb Free Space | 14.84% Space Free | Partition Type: NTFS

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/29 15:27:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/30 16:08:58 | 001,149,400 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2012/07/30 16:08:56 | 000,921,048 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2012/07/30 16:08:55 | 006,956,504 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2012/06/15 21:24:20 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccsvchst.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/14 14:13:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/18 00:39:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - [2013/01/30 17:11:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 14:28:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/06 09:50:24 | 000,248,248 | R--- | M] (Western Digital) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/07/30 16:08:55 | 006,956,504 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2012/06/15 21:24:20 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/11/14 14:13:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/10/16 08:41:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/08 09:45:10 | 001,034,752 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 09:44:50 | 000,484,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 09:41:36 | 000,237,056 | ---- | M] (WDC) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\zghsmdm.sys -- (zghsmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dennis\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/01/16 00:16:20 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130201.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 00:16:20 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130201.020\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/15 21:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/12 08:09:48 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/12/12 08:09:48 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/12/11 16:46:50 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130201.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/30 21:18:28 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys -- (DisplayLinkUsbPort)
DRV - [2012/07/30 16:09:13 | 000,275,320 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2012/07/30 16:09:13 | 000,015,224 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2012/07/05 21:17:58 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP)
DRV - [2012/07/05 21:17:58 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX)
DRV - [2012/06/06 23:43:44 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/06/02 04:31:16 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/05/21 20:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys -- (SymEFA)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/18 06:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2012/01/11 01:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/11/23 21:23:20 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/11/16 22:38:00 | 000,318,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symnets.sys -- (SymNetS)
DRV - [2011/11/16 22:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON)
DRV - [2011/10/17 15:07:48 | 003,566,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2011/08/16 01:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys -- (SymDS)
DRV - [2011/08/02 16:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/12/13 13:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/24 00:47:48 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 18:54:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb80236.sys -- (usbrndis6)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comca...id=cgps06022012
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4BD8DEFA-B561-4151-88D4-42E0CA13938B}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.igoogle.com"
FF - prefs.js..extensions.enabledAddons: vlvwyntfql%40vlvwyntfql.org:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@zoom.us/ZoomVideoPlugin: C:\Users\Dennis\AppData\Roaming\Zoom\bin\npzoomplugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/12/12 10:28:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013/02/01 23:06:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/30 17:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/01/30 17:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Extensions
[2013/01/15 00:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cwnzkdah.default\extensions
[2012/08/01 19:53:09 | 000,001,678 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cwnzkdah.default\extensions\[email protected]
[2013/01/15 00:40:31 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cwnzkdah.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/01/30 17:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/30 17:11:47 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/27 11:43:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/03 01:16:51 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/02/01 20:11:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: barebackrt.com ([www] * in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A021D8A-AF2B-469A-B2D8-9802FD98E903}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB9B7052-293A-49F5-93AA-75CE74E03C88}: DhcpNameServer = 192.168.14.1 66.233.172.12 75.94.255.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B840834D-61A4-4CC8-A2B7-3EAD552D85DB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B840834D-61A4-4CC8-A2B7-3EAD552D85DB}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E05EBFD2-58DF-40A1-948E-524DFB81A63A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/01 23:03:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2013/02/01 22:22:48 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2013/02/01 22:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/01 22:22:31 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/01 22:19:13 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dennis\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/01 22:08:50 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dennis\Desktop\tdsskiller.exe
[2013/02/01 20:15:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/01 20:15:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/01 20:15:42 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\temp
[2013/02/01 19:57:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/01 19:57:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/01 19:57:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/01 19:53:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/01 19:52:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/01 19:51:19 | 005,030,042 | R--- | C] (Swearware) -- C:\Users\Dennis\Desktop\ComboFix.exe
[2013/02/01 19:24:37 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Dennis\Desktop\aswMBR.exe
[2013/02/01 19:20:15 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\geeks to go
[2013/01/31 15:51:11 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\mri RIGHT KNEE
[2013/01/31 15:34:57 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\mri SHOULDER 12-26-12
[2013/01/30 22:02:01 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Apple
[2013/01/30 21:29:39 | 000,000,000 | R--D | C] -- C:\Users\Dennis\Videos
[2013/01/30 17:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/30 17:03:27 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Macromedia
[2013/01/30 17:02:42 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\CrashDumps
[2013/01/30 16:08:35 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\MRI
[2013/01/30 15:59:41 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\{00C520CA-D6D8-4028-AAB0-3458F43318C9}
[2013/01/30 14:23:15 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\misc documents
[2013/01/30 14:21:37 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\Dennis Docs
[2013/01/29 15:27:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2013/01/29 09:42:40 | 000,000,000 | R--D | C] -- C:\Users\Dennis\Contacts
[2013/01/28 21:15:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\images n clipart 2013
[2013/01/23 07:32:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013/01/23 02:44:25 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Zoom
[2013/01/13 11:31:39 | 000,275,320 | ---- | C] (DisplayLink Corp.) -- C:\Windows\System32\drivers\dlkmd.sys
[2013/01/13 11:31:39 | 000,015,224 | ---- | C] (DisplayLink Corp.) -- C:\Windows\System32\drivers\dlkmdldr.sys
[2013/01/13 11:22:53 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2013/01/13 11:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2013/01/12 14:55:00 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/12 14:55:00 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/12 14:55:00 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/12 14:54:59 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/12 14:54:59 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/12 14:54:59 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/12 14:54:59 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/12 14:54:59 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/12 14:54:59 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/12 14:54:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/12 14:54:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/12 14:54:59 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/12 14:54:58 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/12 14:54:57 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/12 14:54:57 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/12 14:54:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 06:07:16 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 06:06:32 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 06:06:32 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 06:06:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 06:06:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 06:06:03 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 06:06:00 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/03 13:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ

========== Files - Modified Within 30 Days ==========

[2013/02/01 23:28:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/01 23:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/01 23:13:41 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/01 23:13:41 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/01 23:08:32 | 000,061,440 | ---- | M] ( ) -- C:\Users\Dennis\Desktop\VEW.exe
[2013/02/01 23:06:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/01 23:06:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/01 23:05:46 | 2787,397,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/01 23:02:45 | 004,009,167 | ---- | M] () -- C:\Users\Dennis\Desktop\ServicesRepair.exe
[2013/02/01 22:22:33 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/01 22:19:20 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dennis\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/01 22:08:58 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dennis\Desktop\tdsskiller.exe
[2013/02/01 20:11:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/02/01 19:51:27 | 005,030,042 | R--- | M] (Swearware) -- C:\Users\Dennis\Desktop\ComboFix.exe
[2013/02/01 19:25:46 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Dennis\Desktop\aswMBR.exe
[2013/02/01 19:22:27 | 000,003,045 | ---- | M] () -- C:\Users\Dennis\Desktop\iSpQ 9.lnk
[2013/02/01 19:02:26 | 000,580,235 | ---- | M] () -- C:\Users\Dennis\Desktop\adwcleaner.exe
[2013/02/01 18:49:40 | 000,018,383 | ---- | M] () -- C:\Users\Dennis\Desktop\601146_4040750751143_157371434_n.jpg
[2013/01/31 09:59:13 | 000,075,071 | ---- | M] () -- C:\Users\Dennis\Desktop\45515_10151373590792453_1037239881_n.jpg
[2013/01/30 16:35:01 | 000,747,184 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/30 16:35:01 | 000,711,240 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013/01/30 16:35:01 | 000,703,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/30 16:35:01 | 000,538,082 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2013/01/30 16:35:01 | 000,526,256 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2013/01/30 16:35:01 | 000,410,012 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2013/01/30 16:35:01 | 000,164,594 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/30 16:35:01 | 000,157,258 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013/01/30 16:35:01 | 000,134,754 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/30 16:35:01 | 000,132,614 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2013/01/30 16:35:01 | 000,118,022 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2013/01/30 16:35:01 | 000,108,710 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2013/01/29 15:27:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2013/01/28 21:05:28 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/24 15:58:39 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2013/01/12 14:38:59 | 000,298,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/09 14:28:17 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/09 14:28:17 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/02/01 23:08:31 | 000,061,440 | ---- | C] ( ) -- C:\Users\Dennis\Desktop\VEW.exe
[2013/02/01 23:02:38 | 004,009,167 | ---- | C] () -- C:\Users\Dennis\Desktop\ServicesRepair.exe
[2013/02/01 22:22:33 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/01 19:57:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/01 19:57:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/01 19:57:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/01 19:57:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/01 19:57:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/01 19:22:27 | 000,003,045 | ---- | C] () -- C:\Users\Dennis\Desktop\iSpQ 9.lnk
[2013/02/01 19:02:23 | 000,580,235 | ---- | C] () -- C:\Users\Dennis\Desktop\adwcleaner.exe
[2013/02/01 18:49:40 | 000,018,383 | ---- | C] () -- C:\Users\Dennis\Desktop\601146_4040750751143_157371434_n.jpg
[2013/01/31 09:59:13 | 000,075,071 | ---- | C] () -- C:\Users\Dennis\Desktop\45515_10151373590792453_1037239881_n.jpg
[2013/01/23 07:32:52 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/11/19 13:54:29 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/11/10 11:30:36 | 003,566,336 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2012/11/10 11:30:36 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2012/11/04 13:38:34 | 000,002,395 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012/07/25 11:58:13 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/04/19 02:01:16 | 141,504,021 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2012/04/19 01:53:04 | 003,121,152 | ---- | C] () -- C:\Program Files\openofficeorg34.msi
[2012/04/19 01:53:04 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2012/04/15 13:28:05 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/04/15 13:28:05 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/04/15 13:28:05 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/04/13 20:18:38 | 000,124,052 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012/01/07 05:19:27 | 000,007,605 | R--- | C] () -- C:\Users\Dennis\AppData\Local\resmon.resmoncfg
[2011/10/20 15:56:15 | 000,003,584 | R--- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/16 17:03:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/10/16 17:01:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/10/16 11:26:03 | 000,711,240 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2011/10/16 11:26:03 | 000,526,256 | ---- | C] () -- C:\Windows\System32\perfh00B.dat
[2011/10/16 11:26:03 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2011/10/16 11:26:03 | 000,279,790 | ---- | C] () -- C:\Windows\System32\perfi00B.dat
[2011/10/16 11:26:03 | 000,157,258 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2011/10/16 11:26:03 | 000,118,022 | ---- | C] () -- C:\Windows\System32\perfc00B.dat
[2011/10/16 11:26:03 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
[2011/10/16 11:26:03 | 000,038,258 | ---- | C] () -- C:\Windows\System32\perfd00B.dat
[2011/10/16 11:26:03 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2011/10/16 11:26:02 | 000,410,012 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
[2011/10/16 11:26:02 | 000,132,614 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
[2011/10/16 11:26:02 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
[2011/10/16 10:57:12 | 000,538,082 | ---- | C] () -- C:\Windows\System32\perfh014.dat
[2011/10/16 10:57:12 | 000,298,300 | ---- | C] () -- C:\Windows\System32\perfi014.dat
[2011/10/16 10:57:12 | 000,108,710 | ---- | C] () -- C:\Windows\System32\perfc014.dat
[2011/10/16 10:57:12 | 000,036,156 | ---- | C] () -- C:\Windows\System32\perfd014.dat
[2011/10/16 10:53:33 | 000,747,184 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/10/16 10:53:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/10/16 10:53:33 | 000,164,594 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/10/16 10:53:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011/10/13 11:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/06/15 08:20:52 | 000,105,240 | ---- | C] () -- C:\Windows\System32\RSTCoin.dll
[2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/08/21 08:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< Log: 'System' Date/Time: 02/02/2013 4:07:42 AM >
Invalid Switch: 2013 4:07:42 AM

< Type: Error Category: 0 >

< Event: 10016 Source: Microsoft-Windows-DistributedCOM >

< The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. >

< >

< Log: 'System' Date/Time: 02/02/2013 4:07:22 AM >
Invalid Switch: 2013 4:07:22 AM

< Type: Error Category: 0 >

< Event: 10016 Source: Microsoft-Windows-DistributedCOM >

< The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. >

< >

< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >

< 'System' Log - Warning Type >

< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >

< Log: 'System' Date/Time: 02/02/2013 4:06:31 AM >
Invalid Switch: 2013 4:06:31 AM

< Type: Warning Category: 212 >

< Event: 219 Source: Microsoft-Windows-Kernel-PnP >

< The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#. >

< >

< Log: 'System' Date/Time: 02/02/2013 4:05:02 AM >
Invalid Switch: 2013 4:05:02 AM

< Type: Warning Category: 0 >

< Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig >

< WLAN AutoConfig service has successfully stopped. >

< End of report >

OTL 2

FSS

Farbar Service Scanner Version: 30-01-2013
Ran by Dennis (administrator) on 01-02-2013 at 23:42:29
Running from "C:\Users\Dennis\Desktop"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll
[2012-12-15 13:46] - [2012-08-21 08:35] - 0163840 ____A (Microsoft Corporation) 320B13F43726EB73B2D7AE8869AFAACE

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Proces explorer

∩╗┐Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 76.15 0 K 24 K
procexp.exe 4920 12.61 27,136 K 46,916 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
DisplayLinkManager.exe 1264 5.23 26,400 K 32,128 K DisplayLinkManager Application DisplayLink Corp. (Verified) DISPLAYLINK
dwm.exe 3544 2.52 69,316 K 39,228 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a 1.67 0 K 0 K Hardware Interrupts and DPCs
System 4 0.72 52 K 1,576 K
csrss.exe 500 0.35 1,912 K 12,500 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 3576 0.23 38,864 K 59,848 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
ccsvchst.exe 672 0.17 22,356 K 15,004 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
DisplayLinkUI.exe 3764 0.05 1,712 K 5,660 K DisplayLinkUI Sys-Tray Application DisplayLink Corp. (Verified) DISPLAYLINK
AppleMobileDeviceService.exe 1936 0.04 2,316 K 8,104 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
lsm.exe 628 0.03 1,288 K 3,136 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 2788 0.02 42,736 K 38,104 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 996 0.02 18,404 K 30,032 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1192 0.02 8,124 K 13,616 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ccsvchst.exe 3628 0.02 13,460 K 10,240 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
spoolsv.exe 1644 0.02 5,640 K 10,624 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 620 0.02 4,184 K 10,216 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 296 0.02 6,104 K 11,968 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1452 0.01 12,040 K 11,660 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 4016 0.01 4,792 K 6,184 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 908 0.01 17,932 K 17,776 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 968 0.01 61,284 K 68,744 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbamgui.exe 2932 0.01 2,336 K 6,460 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
svchost.exe 1832 0.01 7,460 K 6,964 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 2100 < 0.01 4,768 K 11,196 K Microsoft┬« Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
csrss.exe 424 < 0.01 1,416 K 3,740 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1680 < 0.01 9,664 K 12,464 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 3024 1,404 K 4,984 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3636 1,864 K 4,880 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2188 640 K 2,388 K Microsoft┬« Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 544 1,808 K 5,032 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 508 992 K 3,548 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
VSSVC.exe 2800 1,404 K 4,972 K Microsoft┬« Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows
UMVPFSrv.exe 1032 988 K 3,384 K Logitech User mode UMVPF service Logitech Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
taskhost.exe 3552 6,824 K 6,548 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1180 508 K 1,996 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 748 3,476 K 7,180 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1992 1,028 K 3,696 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 824 3,024 K 6,160 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1156 1,644 K 4,220 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1304 4,312 K 7,336 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1888 3,240 K 6,876 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4228 3,152 K 8,048 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4520 924 K 3,308 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5920 2,172 K 6,244 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2716 1,920 K 4,832 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 332 272 K 832 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 604 4,928 K 7,972 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
PresentationFontCache.exe 372 14,264 K 13,848 K PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 3360 1,124 K 5,024 K Notepad Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 1972 1,568 K 4,604 K Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamservice.exe 2092 110,824 K 3,124 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamscheduler.exe 4072 1,820 K 5,056 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
DisplayLinkUserAgent.exe 1508 32,144 K 16,336 K DisplayLinkUserAgent Application DisplayLink Corp. (Verified) DISPLAYLINK
chrome.exe 3468 6,744 K 13,432 K Google Chrome Google Inc. (Verified) Google Inc
BelkinService.exe 1864 1,736 K 6,324 K BelkinService Affinegy, Inc. (Verified) Affinegy
armsvc.exe 1840 816 K 2,988 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

#4
bleeka

Posted 01 February 2013 - 11:56 PM

New Member

Topic Starter
Member
7 posts

sorry ron I forgot the extra report from OTL

■O#T#L# #E#x#t#r#a#s# #l#o#g#f#i#l#e# #c#r#e#a#t#e#d# #o#n#:# #2#/#2#/#2#0#1#3# #1#2#:#1#3#:#2#8# #A#M# #-# #R#u#n# #3# #[#@# #=# #J#S#F#i#l#e#]# #-#-# #C#:#\#W#i#n#d#o#w#s#\#S#y#s#t#e#m#3#2#\#W#S#c#r#i#p#t#.#e#x#e# #(#M#i#c#r#o#s#o#f#t# #C#o#r#p#o#r#a#t#i#o#n#)#%#\#s#y#s#t#e#m#3#2#\#m#s#h#t#m#l#.#d#l#l#,#P#r#i#n#t#H#T#M#L# #"#%#1#"# #(#M#i#c#r#o#s#o#f#t# #C#o#r#p#o#r#a#t#i#o#n#)#
#"#%#1#"# #(#M#i#c#r#o#s#o#f#t# #C#o#r#p#o#r#a#t#i#o#n#)#)#t#y#p#e# #-#-# #F#i#l#e# #n#o#t# #f#o#u#n#d#
i#c#a#t#i#o#n#s#\#L#i#s#t#]#t#e#r#s#\#F#i#r#e#w#a#l#l#P#o#l#i#c#y#\#F#i#r#e#w#a#l#l#R#u#l#e#s#]#-#4#E#D#1#-#A#8#F#1#-#6#F#0#7#9#F#1#3#0#E#0#5#}#"# #=# #l#p#o#r#t#=#1#9#0#0# #|# #p#r#o#t#o#c#o#l#=#1#7# #|# #d#i#r#=#i#n# #|# #s#v#c#=#s#s#d#p#s#r#v# #|# #a#p#p#=#%#s#y#s#t#e#m#r#o#o#t#%#\#s#y#s#t#e#m#3#2#\#s#v#c#h#o#s#t#.#e#x#e# #|# #
#"#{#8#F#6#D#0#3#7#9#-#A#1#B#D#-#4#3#3#D#-#B#A#9#A#-#1#1#9#B#E#9#F#F#6#1#A#9#}#"# #=# #l#p#o#r#t#=#5#3#5#5# #|# #p#r#o#t#o#c#o#l#=#1#7# #|# #d#i#r#=#i#n# #|# #s#v#c#=#d#n#s#c#a#c#h#e# #|# #a#p#p#=#%#s#y#s#t#e#m#r#o#o#t#%#\#s#y#s#t#e#m#3#2#\#s#v#c#h#o#s#t#.#e#x#e# #|# #
#|# #p#r#o#t#o#c#o#l#=#1#7# #|# #d#i#r#=#i#n# #|# #s#v#c#=#s#h#a#r#e#d#a#c#c#e#s#s# #|# #a#p#p#=#%#s#y#s#t#e#m#r#o#o#t#%#\#s#y#s#t#e#m#3#2#\#s#v#c#h#o#s#t#.#e#x#e# #|# #L#O#C#A#L#_#M#A#C#H#I#N#E#\#S#Y#S#T#E#M#\#C#u#r#r#e#n#t#C#o#n#t#r#o#l#S#e#t#\#S#e#r#v#i#c#e#s#\#S#h#a#r#e#d#A#c#c#e#s#s#\#P#a#r#a#m#e#t#e#r#s#\#F#i#r#e#w#a#l#l#P#o#l#i#c#y#\#F#i#r#e#w#a#l#l#R#u#l#e#s#]#1#3#B#7#B#8#}#"# #=# #p#r#o#t#o#c#o#l#=#1# #|# #d#i#r#=#i#n# #|# #n#a#m#e#=#@#f#i#r#e#w#a#l#l#a#p#i#.#d#l#l#,#-#2#8#5#4#3# #|# #
#|# #4#-#4#4#1#1#-#8#0#E#C#-#A#5#C#F#6#0#2#1#F#C#2#4#}#"# #=# #p#r#o#t#o#c#o#l#=#6# #|# #d#i#r#=#i#n# #|# #a#p#p#=#c#:#\#p#r#o#g#r#a#m# #f#i#l#e#s#\#b#e#l#k#i#n#\#r#o#u#t#e#r# #s#e#t#u#p# #a#n#d# #m#o#n#i#t#o#r#\#b#e#l#k#i#n#s#e#t#u#p#.#e#x#e# #|# #v#o#o#\#o#o#v#o#o#.#e#x#e#"# #=# #p#r#o#t#o#c#o#l#=#1#7# #|# #d#i#r#=#i#n# #|# #a#p#p#=#c#:#\#p#r#o#g#r#a#m# #f#i#l#e#s#\#o#o#v#o#o#\#o#o#v#o#o#.#e#x#e# #|# #-#B#6#5#6#C#3#1#8#B#7#7#B#}#"# #=# #D#i#s#p#l#a#y#L#i#n#k# #C#o#r#e# #S#o#f#t#w#a#r#e#
#=# #A#p#p#l#e# #S#o#f#t#w#a#r#e# #U#p#d#a#t#e#{#C#C#E#8#2#5#D#B#-#3#4#7#A#-#4#0#0#4#-#A#1#8#6#-#5#F#4#A#6#F#D#D#8#5#4#7#}#"# #=# #A#p#p#l#e# #A#p#p#l#i#c#a#t#i#o#n# #S#u#p#p#o#r#t#w#s# #L#i#v#e# #E#s#s#e#n#t#i#a#l#s#
#i#o#n# #=# #5#:#3#0#:#4#1# #P#M# #-# #E#r#r#o#r# #c#o#n#n#e#c#t#i#n#g# #t#o# #t#h#e# #i#n#t#e#r#n#e#t#.# # #5#:#3#0#:#4#1# #P#M# #-# # # # # #U#n#a#b#l#e#

#5
RKinner

Posted 02 February 2013 - 12:12 AM

Malware Expert

Expert
24,624 posts

TDSSKiller looks like you might have tried to post the program instead of the log. Please try again. Perhaps it would work better if you just attach it.

The final OTL scan failed because you didn't copy and paste the right stuff. (Instead you got the VEW logs pasted into OTL.) Could you also Attach the Extras log. I don't know what you opened it in but I can't read it.

What kind of PC is this?

Do you know what this Firefox Add-on is?
FF - prefs.js..extensions.enabledAddons: vlvwyntfql%40vlvwyntfql.org:1.0

If not, I would go into Firefox, click on the firefox in the upper left then on Add-Ons. Then on Extensions. If you see it vlvwyntfql%40vlvwyntfql or maybe it just says vlvwyntfql click on Disable.

I'm not seeing anything bad otherwise tho I still need TDSSKiller and the final OTL to make sure. You can try an ESET scan and see if it finds anything:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).

#6
bleeka

Posted 02 February 2013 - 05:10 AM

New Member

Topic Starter
Member
7 posts

Here is the PC info, TDSSKiller, 2 OTL's, ESET LOG, Bitdefender & Process EXP LOG
It took me all night but I think I finally got it

Dennis
-
PC INFO

Processor Intel® Core™2 Duo CPU P8700 @ 2.53GHz 6.1 3.4
Memory (RAM) 4.00 GB
Graphics Mobile Intel® 4 Series Express Chipset Family
Gaming graphics 1580 MB Total available graphics memory
Primary hard disk 75GB Free (233GB Total)
Windows 7 Ultimate

System
--------------------------------------------------------------------------------
Manufacturer Dell Inc.
Model Inspiron 1545
Total amount of system memory 4.00 GB RAM
System type 32-bit operating system
Number of processor cores 2
64-bit capable Yes

Storage
--------------------------------------------------------------------------------
Total size of hard disk(s) 512 GB
Disk partition (C:) 75 GB Free (233 GB Total)
Media drive (D:) CD/DVD
Disk partition (E:) 41 GB Free (279 GB Total)

Graphics
--------------------------------------------------------------------------------
Display adapter type Mobile Intel® 4 Series Express Chipset Family
Total available graphics memory 1580 MB
Dedicated graphics memory 64 MB
Dedicated system memory 0 MB
Shared system memory 1516 MB
Display adapter driver version 8.15.10.2555
Primary monitor resolution 1280x1024
DirectX version DirectX 10

Network
--------------------------------------------------------------------------------
Network Adapter Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Network Adapter Microsoft Virtual WiFi Miniport Adapter
Network Adapter Dell Wireless 1515 Wireless-N Adapter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=8eb5d862ada36049bbe9fd14f2e60b77
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-02 10:09:10
# local_time=2013-02-02 05:09:10 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 83 98 1694015 110375846 0 0
# compatibility_mode=5893 16776574 100 94 20248456 111344541 0 0
# scanned=292080
# found=0
# cleaned=0
# scan_time=8703

OTL logfile created on: 2/2/2013 5:36:28 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Desktop\geeks software downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 50.17% Memory free
6.92 Gb Paging File | 4.94 Gb Available in Paging File | 71.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 75.30 Gb Free Space | 32.35% Space Free | Partition Type: NTFS
Drive E: | 279.46 Gb Total Space | 41.47 Gb Free Space | 14.84% Space Free | Partition Type: NTFS

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/29 15:27:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\geeks software downloads\OTL.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/30 16:08:58 | 001,149,400 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2012/07/30 16:08:55 | 006,956,504 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2012/06/15 21:24:20 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccsvchst.exe
PRC - [2012/05/10 14:09:44 | 013,805,568 | ---- | M] (Google Inc.) -- C:\Users\Dennis\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/18 00:39:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/01 23:56:23 | 012,459,888 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
MOD - [2012/12/04 20:15:15 | 000,460,904 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 20:15:14 | 004,008,040 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 20:14:29 | 000,587,880 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 20:14:28 | 000,124,520 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 20:14:21 | 000,157,304 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 20:14:20 | 000,275,576 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 20:14:19 | 002,168,952 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/05/10 13:58:32 | 000,344,064 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2012/05/10 13:58:22 | 000,346,624 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2012/05/10 13:57:28 | 000,198,656 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2012/05/10 13:57:16 | 000,364,032 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Programs\Google\MusicManager\libid3tag.dll

========== Services (SafeList) ==========

SRV - [2013/01/30 17:11:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 14:28:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/06 09:50:24 | 000,248,248 | R--- | M] (Western Digital) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/07/30 16:08:55 | 006,956,504 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2012/06/15 21:24:20 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/11/14 14:13:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/10/16 08:41:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/08 09:45:10 | 001,034,752 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 09:44:50 | 000,484,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 09:41:36 | 000,237,056 | ---- | M] (WDC) [On_Demand | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\zghsmdm.sys -- (zghsmdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dennis\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/01/16 00:16:20 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130201.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 00:16:20 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130201.033\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/15 21:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/12 08:09:48 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/12/12 08:09:48 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/12/11 16:46:50 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130201.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/30 21:18:28 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys -- (DisplayLinkUsbPort)
DRV - [2012/07/30 16:09:13 | 000,275,320 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2012/07/30 16:09:13 | 000,015,224 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2012/07/05 21:17:58 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP)
DRV - [2012/07/05 21:17:58 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX)
DRV - [2012/06/06 23:43:44 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/06/02 04:31:16 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/05/21 20:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys -- (SymEFA)
DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/01/18 06:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2012/01/11 01:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/11/23 21:23:20 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/11/16 22:38:00 | 000,318,584 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symnets.sys -- (SymNetS)
DRV - [2011/11/16 22:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON)
DRV - [2011/10/17 15:07:48 | 003,566,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2011/08/16 01:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys -- (SymDS)
DRV - [2011/08/02 16:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/12/13 13:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/24 00:47:48 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 18:54:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb80236.sys -- (usbrndis6)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comca...id=cgps06022012
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4BD8DEFA-B561-4151-88D4-42E0CA13938B}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.igoogle.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dennis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@zoom.us/ZoomVideoPlugin: C:\Users\Dennis\AppData\Roaming\Zoom\bin\npzoomplugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/12/12 10:28:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013/02/01 23:06:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/30 17:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/01/30 17:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Extensions
[2013/02/02 04:05:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cwnzkdah.default\extensions
[2013/01/15 00:40:31 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\cwnzkdah.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/01/30 17:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/30 17:11:47 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/27 11:43:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/03 01:16:51 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/02/01 20:11:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: barebackrt.com ([www] * in Trusted sites)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A021D8A-AF2B-469A-B2D8-9802FD98E903}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB9B7052-293A-49F5-93AA-75CE74E03C88}: DhcpNameServer = 192.168.14.1 66.233.172.12 75.94.255.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B840834D-61A4-4CC8-A2B7-3EAD552D85DB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B840834D-61A4-4CC8-A2B7-3EAD552D85DB}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E05EBFD2-58DF-40A1-948E-524DFB81A63A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe - (Western Digital Technologies, Inc.)
MsConfig - StartUpFolder: C:^Users^Dennis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MP495 series Printer.lnk - - File not found
MsConfig - StartUpReg: 73CA050ACBC0493DD48ED4A275029F28550F7E8E._service_run - hkey= - key= - C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenuEx - hkey= - key= - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: InstaLAN - hkey= - key= - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Windows Mobile-based device management - hkey= - key= - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {A59B76D1-5E3B-4893-BB7F-AF69B2570A73} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EE330FEC-4206-4FD0-891C-7216477A74B3} - NoIE8Tour
ActiveX: {F390FCA4-7CCF-4A1A-A849-C381E489A3CA} - Yahoo! Search Settings Update
ActiveX: >{05a8b730-c37c-4238-b746-135952927472} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/02 04:24:54 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\QuickScan
[2013/02/02 04:24:30 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Program Files
[2013/02/02 02:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/02/02 02:31:54 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Dennis\Desktop\esetsmartinstaller_enu.exe
[2013/02/02 00:57:43 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\geeks software downloads
[2013/02/01 22:22:48 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2013/02/01 22:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/01 22:22:31 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/01 20:15:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/01 20:15:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/01 20:15:42 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\temp
[2013/02/01 19:57:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/01 19:57:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/01 19:57:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/01 19:53:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/01 19:52:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/01 19:20:15 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\geeks to go
[2013/01/30 22:02:01 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Apple
[2013/01/30 21:29:39 | 000,000,000 | R--D | C] -- C:\Users\Dennis\Videos
[2013/01/30 17:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/30 17:03:27 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Macromedia
[2013/01/30 17:02:42 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\CrashDumps
[2013/01/30 15:59:41 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\{00C520CA-D6D8-4028-AAB0-3458F43318C9}
[2013/01/30 14:23:15 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\misc documents
[2013/01/30 14:21:37 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\Dennis Docs
[2013/01/29 09:42:40 | 000,000,000 | R--D | C] -- C:\Users\Dennis\Contacts
[2013/01/28 21:15:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\images n clipart 2013
[2013/01/23 07:32:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013/01/23 02:44:25 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Zoom
[2013/01/13 11:31:39 | 000,275,320 | ---- | C] (DisplayLink Corp.) -- C:\Windows\System32\drivers\dlkmd.sys
[2013/01/13 11:31:39 | 000,015,224 | ---- | C] (DisplayLink Corp.) -- C:\Windows\System32\drivers\dlkmdldr.sys
[2013/01/13 11:22:53 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2013/01/13 11:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2013/01/12 14:55:00 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/12 14:55:00 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/12 14:55:00 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/12 14:54:59 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/12 14:54:59 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/12 14:54:59 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/12 14:54:59 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/12 14:54:59 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/12 14:54:59 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/12 14:54:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/12 14:54:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/12 14:54:59 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/12 14:54:58 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/12 14:54:57 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/12 14:54:57 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/12 14:54:57 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 06:07:16 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 06:06:32 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 06:06:32 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 06:06:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 06:06:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 06:06:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 06:06:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 06:06:03 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 06:06:00 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/03 13:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ

========== Files - Modified Within 30 Days ==========

[2013/02/02 05:28:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/02 05:28:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/02 03:38:07 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 03:38:07 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 02:32:21 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Dennis\Desktop\esetsmartinstaller_enu.exe
[2013/02/01 23:06:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/01 23:06:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/01 23:05:46 | 2787,397,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/01 20:11:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/02/01 19:22:27 | 000,003,045 | ---- | M] () -- C:\Users\Dennis\Desktop\iSpQ 9.lnk
[2013/02/01 18:49:40 | 000,018,383 | ---- | M] () -- C:\Users\Dennis\Desktop\601146_4040750751143_157371434_n.jpg
[2013/01/30 16:35:01 | 000,747,184 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/30 16:35:01 | 000,711,240 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013/01/30 16:35:01 | 000,703,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/30 16:35:01 | 000,538,082 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2013/01/30 16:35:01 | 000,526,256 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2013/01/30 16:35:01 | 000,410,012 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2013/01/30 16:35:01 | 000,164,594 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/30 16:35:01 | 000,157,258 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013/01/30 16:35:01 | 000,134,754 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/30 16:35:01 | 000,132,614 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2013/01/30 16:35:01 | 000,118,022 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2013/01/30 16:35:01 | 000,108,710 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2013/01/28 21:05:28 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/24 15:58:39 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2013/01/12 14:38:59 | 000,298,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/09 14:28:17 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/09 14:28:17 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/02/01 19:57:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/01 19:57:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/01 19:57:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/01 19:57:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/01 19:57:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/01 19:22:27 | 000,003,045 | ---- | C] () -- C:\Users\Dennis\Desktop\iSpQ 9.lnk
[2013/02/01 18:49:40 | 000,018,383 | ---- | C] () -- C:\Users\Dennis\Desktop\601146_4040750751143_157371434_n.jpg
[2013/01/23 07:32:52 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/11/19 13:54:29 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/11/10 11:30:36 | 003,566,336 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2012/11/10 11:30:36 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2012/11/04 13:38:34 | 000,002,395 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012/07/25 11:58:13 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/04/19 02:01:16 | 141,504,021 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2012/04/19 01:53:04 | 003,121,152 | ---- | C] () -- C:\Program Files\openofficeorg34.msi
[2012/04/19 01:53:04 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2012/04/15 13:28:05 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/04/15 13:28:05 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/04/15 13:28:05 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/04/13 20:18:38 | 000,124,052 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012/01/07 05:19:27 | 000,007,605 | R--- | C] () -- C:\Users\Dennis\AppData\Local\resmon.resmoncfg
[2011/10/20 15:56:15 | 000,003,584 | R--- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/16 17:03:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/10/16 17:01:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/10/16 11:26:03 | 000,711,240 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2011/10/16 11:26:03 | 000,526,256 | ---- | C] () -- C:\Windows\System32\perfh00B.dat
[2011/10/16 11:26:03 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2011/10/16 11:26:03 | 000,279,790 | ---- | C] () -- C:\Windows\System32\perfi00B.dat
[2011/10/16 11:26:03 | 000,157,258 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2011/10/16 11:26:03 | 000,118,022 | ---- | C] () -- C:\Windows\System32\perfc00B.dat
[2011/10/16 11:26:03 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
[2011/10/16 11:26:03 | 000,038,258 | ---- | C] () -- C:\Windows\System32\perfd00B.dat
[2011/10/16 11:26:03 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2011/10/16 11:26:02 | 000,410,012 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
[2011/10/16 11:26:02 | 000,132,614 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
[2011/10/16 11:26:02 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
[2011/10/16 10:57:12 | 000,538,082 | ---- | C] () -- C:\Windows\System32\perfh014.dat
[2011/10/16 10:57:12 | 000,298,300 | ---- | C] () -- C:\Windows\System32\perfi014.dat
[2011/10/16 10:57:12 | 000,108,710 | ---- | C] () -- C:\Windows\System32\perfc014.dat
[2011/10/16 10:57:12 | 000,036,156 | ---- | C] () -- C:\Windows\System32\perfd014.dat
[2011/10/16 10:53:33 | 000,747,184 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/10/16 10:53:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/10/16 10:53:33 | 000,164,594 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/10/16 10:53:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011/10/13 11:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/06/15 08:20:52 | 000,105,240 | ---- | C] () -- C:\Windows\System32\RSTCoin.dll
[2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/08/21 08:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9250315AS
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Multi-Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: Maxtor OneTouch III USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 233.00GB
Starting Offset: 105906176
Hidden sectors: 0

DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 279.00GB
Starting Offset: 32256
Hidden sectors: 0

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013/01/28 21:16:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe
[2013/01/28 21:14:29 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Apple Computer
[2012/12/12 13:49:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Azureus
[2012/12/26 08:15:22 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Canon
[2012/11/14 09:13:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech
[2012/11/02 12:43:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia
[2013/02/01 22:22:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2012/11/02 12:46:40 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft
[2013/01/30 17:03:20 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla
[2013/01/29 00:15:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ooVoo Details
[2012/11/02 12:43:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org
[2013/02/02 05:24:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\QuickScan
[2013/01/28 21:14:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Real
[2013/01/31 16:48:29 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Skype
[2012/11/02 12:46:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinAVI
[2012/04/01 19:39:30 | 000,000,000 | RHSD | M] -- C:\Users\Dennis\AppData\Roaming\windwos
[2013/01/23 07:47:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Zoom

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll
[2012/10/03 11:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_6a0c0c4b82524209\nlaapi.dll
[2012/10/03 11:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\System32\nlaapi.dll
[2012/10/03 11:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_695757ae6954dec1\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 20:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 20:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/01/30 17:11:46 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/01/30 17:11:46 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/01/30 17:11:46 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/01/30 17:11:47 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/01/30 17:11:47 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/01/30 17:11:47 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/10/16 09:00:13 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/10/16 09:00:13 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/10/16 09:00:13 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/11/16 11:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/11/16 11:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/01/30 17:11:46 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/01/30 17:11:46 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/01/30 17:11:46 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/01/30 17:11:47 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/01/30 17:11:47 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/01/30 17:11:47 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/10/16 09:00:13 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/10/16 09:00:13 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/10/16 09:00:13 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/11/16 11:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/11/16 11:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

OTL Extras logfile created on: 2/2/2013 5:36:28 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Desktop\geeks software downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 50.17% Memory free
6.92 Gb Paging File | 4.94 Gb Available in Paging File | 71.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 75.30 Gb Free Space | 32.35% Space Free | Partition Type: NTFS
Drive E: | 279.46 Gb Total Space | 41.47 Gb Free Space | 14.84% Space Free | Partition Type: NTFS

Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B544749-F9BF-4EDC-B7B8-37F703AEC476}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D557243-35FD-42A3-95DB-37947E0C6F06}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{0E0F6BE3-5A8B-4CE8-89D1-04074F6B7797}" = lport=2869 | protocol=6 | dir=in | app=system |
"{113283D0-1592-4741-94DC-B1FD751ACB4F}" = rport=445 | protocol=6 | dir=out | app=system |
"{12324F0B-2197-4CA6-97A4-EDEDEB3E19D0}" = rport=137 | protocol=17 | dir=out | app=system |
"{13D92BCA-D91F-4A8A-9C92-F3EC5E4569D8}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{167C8C42-EF91-4D27-A448-3D1A392DA5DB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1BE2E82A-C613-404F-8F78-9382B4965C36}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1CA3D2F3-C12D-45C9-A58B-5CD1C0216E47}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1EDEF0FB-5326-49AA-94E3-1C8106312E3F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{20235BB7-98BE-4B5E-A4CC-A290BC077986}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{256ABD65-0079-40CD-8633-01D4EFF37689}" = lport=137 | protocol=17 | dir=in | app=system |
"{270841F1-F31C-497E-9A24-CEBF74634504}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2DD53928-5B70-412C-ACA4-E043B79E4A10}" = rport=1701 | protocol=17 | dir=out | app=system |
"{2F064506-1926-41A2-8E97-20F81D0B7996}" = lport=138 | protocol=17 | dir=in | app=system |
"{3319B1C3-12B4-4A88-8953-DD529E0DFAC5}" = lport=1723 | protocol=6 | dir=in | app=system |
"{3D304E47-6BE8-472B-816B-E41D882C14BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44E4CF49-99A0-400C-9BF1-DAEB19529D04}" = rport=1723 | protocol=6 | dir=out | app=system |
"{486FA40D-89ED-4ED1-A8F1-6F079F130E05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C949B36-A407-4D2A-80BA-2FBC929007D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5371C9BD-11C3-442E-86DF-7F70769AC62A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5C4B3280-3F10-40FB-BBEE-D2F3A18EDCBE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5E07643D-7C64-4601-9E17-C7E6C1B32104}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{62871721-EC28-4EE6-91E9-14360BA19536}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65F202C2-A107-4C10-BE07-890B514C1E2F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{668B291B-DF19-48A5-A402-481B89A959FA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E589CDA-8A27-4774-AC7F-B6777C7F7024}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71E18879-93F1-4750-BC34-0601FCC6AE74}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{755C5DA7-7DCA-478D-9B83-6BAE91D3D17D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75BE3F46-F517-457F-BE92-1ED0634DCF92}" = rport=139 | protocol=6 | dir=out | app=system |
"{8A354ABF-11DE-4F62-89F2-1878B73E879C}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{8ED3C580-F578-4C00-8197-70D300808C64}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F2274C0-1D19-4A07-A31F-1363243DD680}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{8F36CB29-0EB4-4E1F-A644-5731229DD86D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8F6D0379-A1BD-433D-BA9A-119BE9FF61A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{936A38DE-D92C-4DEB-BF6B-0C4B018005E9}" = lport=139 | protocol=6 | dir=in | app=system |
"{97C8A39B-1220-4982-BB03-AA6E43299B40}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9E8129B1-ED1C-44CF-8B73-90AD78D808D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A675D7EA-9BA1-4719-8E96-D30EA6C7D8B4}" = lport=445 | protocol=6 | dir=in | app=system |
"{B49822B9-B0EB-4B09-AA37-A2367C598DBE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{B9233FBD-036D-40EB-891A-915B262EE4D3}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D0CEB7C3-4AAD-4DFB-A5FF-7BB1F08E852F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D6207B2E-D14B-4350-B939-70E9CF727B56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D96711DA-3767-4AD0-AFD2-DE8FD6743F2D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DB3AFD12-2EA4-42ED-8CF3-5B93DAAC4B34}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{E0090EEB-E65E-4631-BCAB-B4985BF195BC}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{E63AEE1C-DFD3-4767-9BBB-187DC124EA06}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E65CA128-C287-4AE0-994A-40EE2AE45F43}" = lport=1701 | protocol=17 | dir=in | app=system |
"{E7DF33D3-F031-46EB-BFB1-661023EBF57A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB205D50-D8B5-4D8D-A345-CC834B5CF223}" = rport=138 | protocol=17 | dir=out | app=system |
"{F74E37F6-2261-4A6F-BD54-748BF34E9CC4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04596F61-D6C3-44CE-B71A-113FCE83285E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{054AAB61-13C1-4E9C-A712-E8B64994006E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B7C6CB6-9015-45E7-8076-A235504FDEA9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0CAC98BB-C1A1-41B8-9B77-10F79826EBAE}" = protocol=1 | dir=out | [email protected],-28544 |
"{11AF22DA-8005-4B85-8D0F-5FF499C1B308}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{13C5DD52-0925-4036-89C3-A1907191A25D}" = protocol=6 | dir=in | app=c:\users\dennis\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{15B59065-D8D6-4F41-A819-CC3D6F05C592}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B049509-6BD0-419C-BBEB-42A212101FFB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{23EC9EBF-68F0-49C8-B779-4C6D7BFB6C4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37416584-47EB-46E0-A967-23A9F802299D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D72C7DD-E64D-463B-ACC1-E20CBBC617C3}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{3FD8B878-0C0F-4404-827C-CE0A7ECFBA4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4DC1A4E1-E8E3-42AF-B2C7-A72332F2B0D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53F47FB9-62D5-4153-A92A-ACBB1E3A8C8D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5755488C-2826-40CD-9799-91BC99A0FA9B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{58B02E59-8B5A-46E8-8CF3-04D7E5431BB3}" = protocol=47 | dir=in | app=system |
"{627EE7F9-90C0-4C58-A0F9-21E93113B7B8}" = protocol=1 | dir=in | [email protected],-28543 |
"{717AB3D4-0F87-4CDD-9352-3A7015165933}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7402B2B6-C863-435D-8B48-D9E57B3E7F2E}" = protocol=17 | dir=in | app=c:\users\dennis\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7B4CDFCC-0EFF-4444-9EFE-680E3574737D}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{7BB64802-9CC0-4010-8B05-D48CB49037A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D5A7CB6-17A4-4429-BF6B-B302DE3D605D}" = protocol=58 | dir=in | [email protected],-148 |
"{83087619-07CA-4BF8-8D59-F8364A1D9630}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8E7699CF-6C06-4A67-B489-58D3A82463AD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{93367D10-21B6-476E-B3B9-263DA7C97E2C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{956A7485-A2D4-4AC3-AEE9-2060784F6E5F}" = protocol=6 | dir=in | app=c:\users\dennis\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9AF9792E-C81B-4866-A221-40643425945E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A075E30F-B14F-4884-AF5B-0EDB86233613}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{A10BFAF5-2C9F-4F06-AAC7-83367E468426}" = protocol=17 | dir=in | app=c:\users\dennis\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A501BE20-1A5A-42DD-9B3F-FF2F2321834A}" = protocol=47 | dir=out | app=system |
"{AF6E8965-89EE-4FCB-938B-D6AB958E33EA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF3003B0-72DF-4FCB-9165-5990C4C99029}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C7CDC134-AA05-4D15-AD56-6CE1923A41BD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4F44FF8-2774-4411-80EC-A5CF6021FC24}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{D818B165-157A-4BC1-BE16-BC911CCCD4B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D8F1CBCA-D66C-44FE-82F3-557B2DD5BEFE}" = protocol=6 | dir=out | app=system |
"{DC0CF847-F76D-43B7-B48E-BAF8DDB54429}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF418189-0897-441C-99B9-494C271D14A5}" = protocol=58 | dir=in | [email protected],-28545 |
"{E3A6C2F1-C778-4FA9-ABDA-646FB57E58F6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E3C8BE1F-61C1-423F-A6EB-AF490342DCCB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F2D9639F-3D8D-4602-AB3D-F4ABFB0F479B}" = protocol=58 | dir=out | [email protected],-28546 |
"{F6C21ED2-811D-4F28-B30E-50DB6F8867B4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{FCFFA041-189C-4570-B002-68AA2382952B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{ABD1743C-D24C-4929-A270-28D751C27388}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{CB5AE9C1-62B4-4DF7-B975-667E49037A0A}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{F15838DB-5CB1-48C5-9278-522349DC7703}C:\program files\ispq videochat 9\ispqvideochat9.exe" = protocol=6 | dir=in | app=c:\program files\ispq videochat 9\ispqvideochat9.exe |
"UDP Query User{10CC7145-E076-4FBD-8CAF-8264A1601070}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{9585F695-A8A8-4062-89B3-8EE46003F426}C:\program files\ispq videochat 9\ispqvideochat9.exe" = protocol=17 | dir=in | app=c:\program files\ispq videochat 9\ispqvideochat9.exe |
"UDP Query User{E80B216F-5F00-4B73-8752-C2FB6878EF60}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{041F704B-2224-4C53-8D9A-00CCB9C6E0AD}" = DisplayLink Graphics
"{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1" = Remove Empty Directories version 2.2
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BDD3B5A-454C-448F-991C-B656C318B77B}" = DisplayLink Core Software
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{98D451C4-4ACA-4273-BB47-57CFE46B048E}" = WD SmartWare
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A03E40E6-5395-46FC-A128-6997FC9D7080}" = iSpQ VideoChat 9
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"N360" = Norton Security Suite
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MusicManager" = Music Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/2/2013 2:12:19 AM | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = The program photoshop.exe version 7.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1130 Start
Time: 01ce010c308f1f0c Termination Time: 842 Application Path: C:\Program Files\Adobe\Photoshop
7.0\photoshop.exe Report Id: 772ff715-6cff-11e2-9dae-0025645c349a

[ Media Center Events ]
Error - 7/30/2012 4:46:49 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 4:46:48 PM - Error connecting to the internet. 4:46:48 PM - Unable
to contact server..

Error - 7/30/2012 4:47:03 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 4:46:54 PM - Error connecting to the internet. 4:46:54 PM - Unable
to contact server..

Error - 7/31/2012 6:16:25 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 6:16:25 PM - Error connecting to the internet. 6:16:25 PM - Unable
to contact server..

Error - 7/31/2012 6:16:47 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 6:16:30 PM - Error connecting to the internet. 6:16:30 PM - Unable
to contact server..

Error - 12/9/2012 4:27:50 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 3:27:50 PM - Error connecting to the internet. 3:27:50 PM - Unable
to contact server..

Error - 12/9/2012 4:28:24 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 3:28:19 PM - Error connecting to the internet. 3:28:19 PM - Unable
to contact server..

Error - 12/9/2012 5:29:13 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 4:29:13 PM - Error connecting to the internet. 4:29:13 PM - Unable
to contact server..

Error - 12/9/2012 5:29:42 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 4:29:42 PM - Error connecting to the internet. 4:29:42 PM - Unable
to contact server..

Error - 12/9/2012 6:30:41 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 5:30:41 PM - Error connecting to the internet. 5:30:41 PM - Unable
to contact server..

Error - 12/9/2012 6:31:15 PM | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 5:31:10 PM - Error connecting to the internet. 5:31:10 PM - Unable
to contact server..

[ System Events ]
Error - 2/2/2013 12:07:22 AM | Computer Name = Dennis-PC | Source = DCOM | ID = 10016
Description =

Error - 2/2/2013 12:07:42 AM | Computer Name = Dennis-PC | Source = DCOM | ID = 10016
Description =

Error - 2/2/2013 2:52:11 AM | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7034
Description = The AffinegyService service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/2/2013 6:38:43 AM | Computer Name = Dennis-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

< End of report >

∩╗┐
QuickScan 32-bit v0.9.9.118
---------------------------
Scan date: Sat Feb 02 05:19:03 2013
Machine ID: EECC92C8

No infection found.
-------------------

Processes
---------
Microsoft┬« Windows┬« Operating System 1804 C:\Windows\System32\taskeng.exe
Microsoft┬« Windows┬« Operating System 3476 C:\Windows\System32\wbem\WmiPrvSE.exe
OpenOffice.org 3.4.1 5128 C:\Program Files\OpenOffice.org 3\program\soffice.bin
OpenOffice.org 3.4.1 1908 C:\Program Files\OpenOffice.org 3\program\soffice.exe
OpenOffice.org Writer 3364 C:\Program Files\OpenOffice.org 3\program\swriter.exe
(unsigned) Music Manager 4532 C:\Users\Dennis\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

(verified) Adobe Acrobat Update Service 1840 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(verified) Bonjour 1972 C:\Program Files\Bonjour\mDNSResponder.exe
(verified) DisplayLink Core Software v6.3.40660.0 1264 C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(verified) DisplayLink Core Software v6.3.40660.0 5176 C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(verified) Google Chrome 5608 C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 5436 C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3176 C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4992 C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4900 C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4032 C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3664 C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 984 C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3504 C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 1228 C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3468 C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Logitech Webcam Software 1032 C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(verified) Malwarebytes Anti-Malware 2932 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(verified) Malwarebytes Anti-Malware 4072 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(verified) Malwarebytes Anti-Malware 2092 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(verified) Microsoft┬« .NET Framework 372 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(verified) Microsoft┬« CoReXT 2100 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(verified) Microsoft┬« CoReXT 2188 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(verified) Microsoft┬« Windows┬« Operating System 4016 C:\Program Files\Windows Media Player\wmpnetwk.exe
(verified) Microsoft┬« Windows┬« Operating System 3576 C:\Windows\explorer.exe
(verified) Microsoft┬« Windows┬« Operating System 500 C:\Windows\System32\csrss.exe
(verified) Microsoft┬« Windows┬« Operating System 424 C:\Windows\System32\csrss.exe
(verified) Microsoft┬« Windows┬« Operating System 3544 C:\Windows\System32\dwm.exe
(verified) Microsoft┬« Windows┬« Operating System 620 C:\Windows\System32\lsass.exe
(verified) Microsoft┬« Windows┬« Operating System 628 C:\Windows\System32\lsm.exe
(verified) Microsoft┬« Windows┬« Operating System 604 C:\Windows\System32\services.exe
(verified) Microsoft┬« Windows┬« Operating System 332 C:\Windows\System32\smss.exe
(verified) Microsoft┬« Windows┬« Operating System 1644 C:\Windows\System32\spoolsv.exe
(verified) Microsoft┬« Windows┬« Operating System 296 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 1888 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 1832 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 2716 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 824 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 1992 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 908 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 1452 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 1304 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 1192 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 1180 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 1156 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 996 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 968 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 4228 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 4520 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 748 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 1680 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 5920 C:\Windows\System32\svchost.exe
(verified) Microsoft┬« Windows┬« Operating System 3552 C:\Windows\System32\taskhost.exe
(verified) Microsoft┬« Windows┬« Operating System 340 C:\Windows\System32\taskhost.exe
(verified) Microsoft┬« Windows┬« Operating System 508 C:\Windows\System32\wininit.exe
(verified) Microsoft┬« Windows┬« Operating System 544 C:\Windows\System32\winlogon.exe
(verified) Microsoft┬« Windows┬« Operating System 3024 C:\Windows\System32\WUDFHost.exe
(verified) MobileDeviceService 1936 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(verified) Symantec Security Technologies 672 C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccsvchst.exe
(verified) Symantec Security Technologies 3628 C:\Program Files\Norton Security Suite\Engine\6.4.0.9\ccsvchst.exe
(verified) Windows┬« Internet Explorer 5556 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows┬« Internet Explorer 6092 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows┬« Search 5096 C:\Windows\System32\SearchFilterHost.exe
(verified) Windows┬« Search 2788 C:\Windows\System32\SearchIndexer.exe
(verified) Windows┬« Search 3300 C:\Windows\System32\SearchProtocolHost.exe

Network activity
----------------
Process chrome.exe (3468) connected on port 443 (HTTP over SSL) --> 173.194.73.125
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 204.141.87.82
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 204.141.87.82
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 208.71.125.66
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 208.71.125.66
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 204.141.87.96
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 204.141.87.96
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 204.141.87.32
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 204.141.87.34
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 204.141.87.34
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 204.141.87.34
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 204.141.87.34
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 204.141.87.34
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 204.141.87.34
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 54.243.169.217
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 54.243.169.217
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 54.243.162.238
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 54.243.162.238
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 204.141.87.9
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 204.141.87.18
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 96.6.159.139
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 72.21.81.253
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 173.194.43.39
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 173.194.43.39
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 173.194.43.45
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 173.194.43.45
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 173.194.43.45
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 173.194.43.45
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 173.194.75.103
Process iexplore.exe (5556) connected on port 80 (HTTP) --> 173.194.75.103
Process chrome.exe (5608) connected on port 5222 (XMPP/Jabber) --> 173.194.73.125
Process chrome.exe (5608) connected on port 443 (HTTP over SSL) --> 173.194.43.41
Process iexplore.exe (6092) connected on port 80 (HTTP) --> 70.37.129.141

Process wininit.exe (508) listens on ports: 49152 (RPC)
Process services.exe (604) listens on ports: 49157 (RPC)
Process lsass.exe (620) listens on ports: 49155 (RPC)
Process svchost.exe (824) listens on ports: 135 (RPC)
Process svchost.exe (908) listens on ports: 49153 (RPC)
Process svchost.exe (996) listens on ports: 49154 (RPC)
Process svchost.exe (2716) listens on ports: 49158 (RPC)
Process svchost.exe (5920) listens on ports: 990 (FTP over SSL)

Autoruns and critical files
---------------------------
(verified) Adobe┬« Flash┬« Player Update Service C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(verified) Google Chrome C:\Users\Dennis\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Intel® Common User Interface C:\Windows\system32\igfxdev.dll
(verified) Microsoft┬« Windows┬« Operating System c:\windows\system32\userinit.exe

Browser plugins
---------------
(unsigned) Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll

(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) AUX BHO C:\Program Files\xfin_portal\auxi\comcastAu.dll
(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) CANON iMAGE GATEWAY Album Plugin Utilit C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
(verified) Easy-WebPrint EX c:\program files\canon\easy-webprint ex\ewpexbho.dll
(verified) Easy-WebPrint EX c:\program files\canon\easy-webprint ex\ewpexhlp.dll
(verified) Google Talk Plugin C:\Users\Dennis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
(verified) Google Talk Plugin Video Accelerator C:\Users\Dennis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
(verified) Google Update C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
(verified) Google Update C:\Users\Dennis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
(verified) Microsoft┬« CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft┬« Windows┬« Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft┬« Windows┬« Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft┬« Windows┬« Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft┬« Windows┬« Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft┬« Windows┬« Operating System C:\Windows\System32\winrnr.dll
(verified) Norton Confidential c:\program files\norton security suite\engine\6.4.0.9\coieplg.dll
(verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
(verified) NPSWF32_11_5_502_146.dll C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
(verified) Symantec Intrusion Detection C:\Program Files\Norton Security Suite\Engine\6.4.0.9\IPS\IPSBHO.DLL
(verified) Windows Live┬Ö Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
(verified) Windows┬« Internet Explorer C:\Windows\System32\ieframe.dll

Missing files
-------------
File not found: C:\Windows\3D Fireplace.scr
--> HKCU\Control Panel\Desktop\"SCRNSAVE.EXE"

Scan
----
MD5: b78f4c2c592c87df54e8e0c6aaef3874 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: c93d9d67f3d5f9e8fdb566e0aa07b2a0 C:\Program Files\Norton Security Suite\Engine\6.4.0.9\cltLMJ.dll
MD5: 7ff9e1d17ec76760c89b2cb2592b959a C:\Program Files\Norton Security Suite\Engine\6.4.0.9\FWSetup.dll
MD5: 4dbe27b3be5d1f9bf781371e817e4100 C:\Program Files\OpenOffice.org 3\program\avmedia.dll
MD5: 4167ae99a4cc521848e5471fa83a9eed C:\Program Files\OpenOffice.org 3\program\basegfx.dll
MD5: 4f70d05cb3c5bd7b87dcc3a34334e0f0 C:\Program Files\OpenOffice.org 3\program\canvastools.dll
MD5: fcd4e3223ab57109d09f03ef74d9b181 C:\Program Files\OpenOffice.org 3\program\comphelpMSC.dll
MD5: 9e7c434e383d451d299eb7861ed1cecc C:\Program Files\OpenOffice.org 3\program\configmgr.uno.dll
MD5: 2ac0c450558a733f3cfea6a58f882384 C:\Program Files\OpenOffice.org 3\program\cppcanvas.dll
MD5: 54f3e14ce1f32aeec1e81e8609288cbc C:\Program Files\OpenOffice.org 3\program\deployment.uno.dll
MD5: 7fb936aa67fa487f59529c9a4907685e C:\Program Files\OpenOffice.org 3\program\deploymentmisc.dll
MD5: 46e76a45cfe687831d1f7c0e50638061 C:\Program Files\OpenOffice.org 3\program\dnd.dll
MD5: ae2b466f9bd6c72ea4ca2085a9cf9314 C:\Program Files\OpenOffice.org 3\program\drawinglayer.dll
MD5: 3c69e5bc0aa40116a7528f2993b4428c C:\Program Files\OpenOffice.org 3\program\dtrans.dll
MD5: 5308f25995b4d22f48af7390907c96d3 C:\Program Files\OpenOffice.org 3\program\editeng.dll
MD5: e91f3a5185fa77c0c540465c906f2bde C:\Program Files\OpenOffice.org 3\program\emser.dll
MD5: 04d6ff723a7b836860121a2687817ffd C:\Program Files\OpenOffice.org 3\program\fileacc.dll
MD5: 712a643921ebf9f0a553c51c56b696cb C:\Program Files\OpenOffice.org 3\program\filterconfig1.dll
MD5: 7387c5df60803da0da3170fa63222b3a C:\Program Files\OpenOffice.org 3\program\fsstorage.uno.dll
MD5: 81f5b92fef7d59c526b432a0e5f9f2ae C:\Program Files\OpenOffice.org 3\program\ftransl.dll
MD5: cdd76188ecf2ea78eb816151d0130327 C:\Program Files\OpenOffice.org 3\program\fwe.dll
MD5: cc22c9fb26428feab01526f2a23b30fc C:\Program Files\OpenOffice.org 3\program\fwi.dll
MD5: 032a6d7058ec06ca6cf73a6d0493ada0 C:\Program Files\OpenOffice.org 3\program\fwk.dll
MD5: a418f67097947209ef95700609704625 C:\Program Files\OpenOffice.org 3\program\fwl.dll
MD5: 6fb634d328600072790e97b5882fbe81 C:\Program Files\OpenOffice.org 3\program\helplinker.dll
MD5: d2a90407f02e2b2b7d636ef402beba59 C:\Program Files\OpenOffice.org 3\program\i18nisolang1MSC.dll
MD5: 5c801c9bc7a0317a14b7628fccd2d17e C:\Program Files\OpenOffice.org 3\program\i18npaper.dll
MD5: 41dff500f0c1c438d0500f08df8b827b C:\Program Files\OpenOffice.org 3\program\i18npool.uno.dll
MD5: 5f49fbf4e018abb9c4adc4a8d57f9c76 C:\Program Files\OpenOffice.org 3\program\i18nutilMSC.dll
MD5: ec00034a5d1e094fcffa6af27ebf9604 C:\Program Files\OpenOffice.org 3\program\icudt40.dll
MD5: a8c4cda29ed3598e38f25f12183849af C:\Program Files\OpenOffice.org 3\program\icuin40.dll
MD5: f6cb86f2e560e2536bba522f97bc6039 C:\Program Files\OpenOffice.org 3\program\icuuc40.dll
MD5: f934feb2a0403b90af3a7db7ffbb96c8 C:\Program Files\OpenOffice.org 3\program\libcurl.dll
MD5: 1330ea93145b834d1a6ed1f1ac3163fc C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MD5: f559a05614e458fd92b2ebd0ecd422b9 C:\Program Files\OpenOffice.org 3\program\libxslt.dll
MD5: 839f0e530c6dade8c356619fcf9a0298 C:\Program Files\OpenOffice.org 3\program\lng.dll
MD5: ea85b693f3b321a9df90cfbd1673daf2 C:\Program Files\OpenOffice.org 3\program\localebe1.uno.dll
MD5: 783b61c9a2380ce89cee7f87919acebb C:\Program Files\OpenOffice.org 3\program\localedata_en.dll
MD5: 6b291aff5aff3d265a03c7367ce1781e C:\Program Files\OpenOffice.org 3\program\mcnttype.dll
MD5: c64b09515203dc640feff8c1de5721e0 C:\Program Files\OpenOffice.org 3\program\oleautobridge.uno.dll
MD5: 4652e5ebcd8df597c96c3de2ec4a7827 C:\Program Files\OpenOffice.org 3\program\package2.dll
MD5: 557d165abac057f379d47e92f395405f C:\Program Files\OpenOffice.org 3\program\sax.dll
MD5: b744fb9f6096a3708bd66ccd2669072f C:\Program Files\OpenOffice.org 3\program\sax.uno.dll
MD5: fbc74172f7246c9531cc46d159276971 C:\Program Files\OpenOffice.org 3\program\sb.dll
MD5: 365eb15783b9be4db9c2a6064532b2bc C:\Program Files\OpenOffice.org 3\program\sfx.dll
MD5: 4ee367b8b1964160a1f1b80095183d3a C:\Program Files\OpenOffice.org 3\program\soffice.bin
MD5: 749949494676218ffa99501f4aa22ecc C:\Program Files\OpenOffice.org 3\program\soffice.exe
MD5: 4513b7400878973f9b1ba71153b4f4cf C:\Program Files\OpenOffice.org 3\program\sofficeapp.dll
MD5: 336b257ec1d65f97b149ba032f41b428 C:\Program Files\OpenOffice.org 3\program\sot.dll
MD5: a87ebc20991c9600b88b07dfb676a139 C:\Program Files\OpenOffice.org 3\program\spl.dll
MD5: acf3a47ce86b6e89616c4d3a692a4422 C:\Program Files\OpenOffice.org 3\program\svl.dll
MD5: 561714dfa385fa4e35d81dcf8014377f C:\Program Files\OpenOffice.org 3\program\svt.dll
MD5: 045e08bca72b938f9bf262104eaf8ad7 C:\Program Files\OpenOffice.org 3\program\svx.dll
MD5: eed31faf7b206345cc1c382cb6f14390 C:\Program Files\OpenOffice.org 3\program\svxcore.dll
MD5: e7c63e0dd9106987827c7bd7c6e60f86 C:\Program Files\OpenOffice.org 3\program\sw.dll
MD5: e264a92c9f853989ea73d51c9d86bb7b C:\Program Files\OpenOffice.org 3\program\swd.dll
MD5: c850ca110cb798851bfd47f60e8b4b2d C:\Program Files\OpenOffice.org 3\program\swriter.exe
MD5: df86d23fa9a07336bc9755a579313ba5 C:\Program Files\OpenOffice.org 3\program\swui.dll
MD5: 19d630850103634c4fdf2700ad0ec525 C:\Program Files\OpenOffice.org 3\program\sysdtrans.dll
MD5: 1437d1e9ab218cf7a2c739839f994504 C:\Program Files\OpenOffice.org 3\program\t602filter.dll
MD5: ec120face13767ccfb18fb2ea170ac83 C:\Program Files\OpenOffice.org 3\program\tk.dll
MD5: 2fc3769842eb87578032e8b6c1de9a08 C:\Program Files\OpenOffice.org 3\program\tl.dll
MD5: c68069dbab5ef8861f6d54cc989d60d0 C:\Program Files\OpenOffice.org 3\program\ucb1.dll
MD5: e6aef6498578702ed3e8024d9792f30b C:\Program Files\OpenOffice.org 3\program\ucbhelper4MSC.dll
MD5: d7c7d3b53f0e2327bb0b9302f7ed3e2c C:\Program Files\OpenOffice.org 3\program\ucpchelp1.dll
MD5: b8179797507c0e6febd1186510993799 C:\Program Files\OpenOffice.org 3\program\ucpexpand1.uno.dll
MD5: f31ad307e2f5797b837c3932a7794d26 C:\Program Files\OpenOffice.org 3\program\ucpfile1.dll
MD5: 978feca76b34e7cc1db81402fe7d00dc C:\Program Files\OpenOffice.org 3\program\unoxml.dll
MD5: d3d863a44bf78990103d666b1096a0ab C:\Program Files\OpenOffice.org 3\program\updatefeed.uno.dll
MD5: ad9bcd42a5f1b115f3a9fba6082d450b C:\Program Files\OpenOffice.org 3\program\updchk.uno.dll
MD5: 750726e5868345ab2d46850eb1e60df9 C:\Program Files\OpenOffice.org 3\program\utl.dll
MD5: 5f459d7731baae4da72b05cdca00ab8b C:\Program Files\OpenOffice.org 3\program\uui.dll
MD5: e8832bcf29cc03f9a490c9aac3056706 C:\Program Files\OpenOffice.org 3\program\vcl.dll
MD5: c820c516cb162fd1845e2612a65536cb C:\Program Files\OpenOffice.org 3\program\vos3MSC.dll
MD5: 218b2ba51244f5285904ae03f5898112 C:\Program Files\OpenOffice.org 3\program\xcr.dll
MD5: 3684c6915b335af8956416b2c6c58210 C:\Program Files\OpenOffice.org 3\program\xo.dll
MD5: 365e2425d2e303f7f50bd7cfbb9d396c C:\Program Files\OpenOffice.org 3\program\xstor.dll
MD5: 8506a78404b3b469a2382c509b7db967 C:\Program Files\OpenOffice.org 3\URE\bin\bootstrap.uno.dll
MD5: 7ad794fa7b80ec3f97097da7e7011347 C:\Program Files\OpenOffice.org 3\URE\bin\cppu3.dll
MD5: 9262bf9af67ca4499f7dae1fb2aa58e0 C:\Program Files\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
MD5: a9b511fa5c2994746a06007cc7efd029 C:\Program Files\OpenOffice.org 3\URE\bin\introspection.uno.dll
MD5: 31dcf8ed7c7d8c87eb5379ad122a328e C:\Program Files\OpenOffice.org 3\URE\bin\jvmfwk3.dll
MD5: 6c0a96c3485d25236f3db7d8a120f21a C:\Program Files\OpenOffice.org 3\URE\bin\msci_uno.dll
MD5: 5a56472e352be516bbdb652bd152ecef C:\Program Files\OpenOffice.org 3\URE\bin\reflection.uno.dll
MD5: 352a00c74c96fa5a41ea32bf4bfaca10 C:\Program Files\OpenOffice.org 3\URE\bin\reg3.dll
MD5: b89137476d554df13421df8f5f5789ec C:\Program Files\OpenOffice.org 3\URE\bin\sal3.dll
MD5: a0849fba350aa979617856770f8aa1d2 C:\Program Files\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
MD5: b6f943d2d99307bfd7d2adfa3b866813 C:\Program Files\OpenOffice.org 3\URE\bin\stlport_vc7145.dll
MD5: 10d5662d127ef17019513c7251e10117 C:\Program Files\OpenOffice.org 3\URE\bin\stocservices.uno.dll
MD5: 66177dc56ac40a87f17c8b4333049d10 C:\Program Files\OpenOffice.org 3\URE\bin\store3.dll
MD5: ccfa2fc955ee4cb4157afdd5f11e52e7 C:\Program Files\OpenOffice.org 3\URE\bin\uwinapi.dll
MD5: 6238d624e7cf2c59e773c6d2a326c85b C:\Program Files\OpenOffice.org 3\URE\bin\xmlreader.dll
MD5: 4335d8da53a3717e1c400ae1835adac7 C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
MD5: de048234992b57ffe077c5b399e8bee8 C:\Users\Dennis\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MD5: 34f044099f79be0c080c8745ddd7120e C:\Users\Dennis\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MD5: 4529c6ca18e4eb13f8a5894ae7eaea65 C:\Users\Dennis\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MD5: 693b26228df803b1b22466516bb2d7ba C:\Users\Dennis\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MD5: 21db464c6e3d69b21f16d0ee9e0aad28 C:\Users\Dennis\AppData\Local\Programs\Google\MusicManager\log4cxx.dll
MD5: bfe0fb1ad57bb45b037614c035667514 C:\Users\Dennis\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
MD5: ddcd8e82bfeb4029e939cf441a2c8745 C:\Users\Dennis\AppData\Local\Programs\Google\MusicManager\pthread.dll
MD5: c3e39fb1398eee8e612c2fe53a9192ef C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MD5: 1e3cb1435ec745058628ae40fea9f471 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MD5: 0cc9f588ec70276bcc39cca83b1d534f C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4887489f50210be650432a982d01800f\PresentationFontCache.ni.exe
MD5: d049551c58fdb7c7e2245fdfc373c77c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MD5: 3518cb4e2d896cab53d5386f15ac0566 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MD5: fba4773ecfeffc6566fb2ad13cec4940 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MD5: 9caa912445da4517f952d008dc7198c7 C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll
MD5: 6846d2ca7e1d5937aee3f99bb7f5464b C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
MD5: 41e215f560028dbaa897deaef8390a7a C:\Windows\system32\cabview.dll
MD5: d4fdcc6b5e6dbe12333fd1b423924060 C:\Windows\System32\CNMLMA9.DLL
MD5: ecf036299aa554b5e0455262857b39d0 C:\Windows\system32\diagperf.dll
MD5: 4e225e5876714bb0a594a6440d154800 C:\Windows\system32\DRIVERS\snp2uvc.sys
MD5: 7e57b6d3d74cb9ef3055ba4e89f038d4 C:\Windows\system32\Macromed\Flash\Flash32_11_5_502_146.ocx
MD5: 43b18040c01f0a03ebff6acc3d72fd8a C:\Windows\system32\pcadm.dll
MD5: 487f44b08efeaf5ad087878357b9403d C:\Windows\system32\pdh.dll
MD5: a4d5096e72eaa631097dd1dba0176da3 C:\Windows\system32\spool\DRIVERS\W32X86\3\CNMDRA9.DLL
MD5: 7c74443ea61d40fe9f11b1ce8007c083 C:\Windows\system32\spool\DRIVERS\W32X86\3\CNMUIA9.DLL
MD5: 36b2d3c5710185af01c8261d5ca6ba2c C:\Windows\system32\spool\PRTPROCS\W32X86\CNMPDA9.DLL
MD5: 4f2659160afcca990305816946f69407 C:\Windows\System32\taskeng.exe
MD5: c6b0509aa89f656247694e2d6abf7255 C:\Windows\system32\wbem\wmiprov.dll
MD5: 1951c6f1e53079f6b29ecff77eaf9403 C:\Windows\System32\wbem\WmiPrvSE.exe
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll

No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 0.43 KB recvd
Scanned 1234 files and modules - 45 seconds

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 63.55 0 K 24 K
dwm.exe 3544 9.83 84,928 K 52,660 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 1176 6.48 25,916 K 44,212 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
ooVoo.exe 2216 5.57 79,024 K 104,176 K ooVoo ooVoo LLC (Verified) ooVoo LLC
DisplayLinkManager.exe 1264 4.32 26,452 K 35,140 K DisplayLinkManager Application DisplayLink Corp. (Verified) DISPLAYLINK
explorer.exe 3576 4.23 63,980 K 93,652 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a 2.85 0 K 0 K Hardware Interrupts and DPCs
System 4 1.09 116 K 34,000 K
csrss.exe 500 0.91 2,140 K 33,328 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
MusicManager.exe 4532 0.21 31,864 K 58,748 K Music Manager Google Inc. (Unable to verify) Google Inc.
chrome.exe 5608 0.20 128,112 K 143,364 K Google Chrome Google Inc. (Verified) Google Inc
googletalkplugin.exe 3212 0.11 14,760 K 17,380 K Google Talk Plugin Google (Verified) Google Inc
svchost.exe 748 0.11 3,132 K 7,572 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 620 0.10 4,424 K 10,692 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 1936 0.08 2,316 K 8,136 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
chrome.exe 4852 0.06 99,020 K 108,780 K Google Chrome Google Inc. (Verified) Google Inc
ccsvchst.exe 3628 0.04 47,944 K 10,228 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
DisplayLinkUI.exe 5176 0.03 1,708 K 6,400 K DisplayLinkUI Sys-Tray Application DisplayLink Corp. (Verified) DISPLAYLINK
SearchIndexer.exe 2788 0.03 55,216 K 56,552 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 5436 0.02 50,392 K 56,692 K Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 1452 0.02 23,796 K 24,776 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ccsvchst.exe 672 0.02 37,560 K 17,700 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
svchost.exe 1192 0.02 8,732 K 14,156 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 3664 0.02 10,460 K 15,156 K Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 968 0.01 167,768 K 171,600 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbamgui.exe 2932 0.01 2,512 K 7,464 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
chrome.exe 3504 0.01 47,608 K 35,328 K Google Chrome Google Inc. (Verified) Google Inc
soffice.bin 1216 0.01 28,784 K 67,464 K OpenOffice.org 3.4.1 OpenOffice.org (Unable to verify) OpenOffice.org
svchost.exe 996 0.01 20,992 K 31,424 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 628 0.01 1,320 K 3,224 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 4016 0.01 5,092 K 5,300 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 296 0.01 7,628 K 24,236 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 5092 < 0.01 1,872 K 6,460 K Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 2100 < 0.01 4,756 K 11,232 K Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
WmiPrvSE.exe 4236 < 0.01 18,932 K 23,472 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 424 < 0.01 1,440 K 3,964 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1832 < 0.01 7,492 K 7,204 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 1644 < 0.01 6,392 K 11,956 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 3024 1,404 K 5,016 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2188 640 K 2,420 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 544 1,804 K 5,072 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 508 992 K 3,580 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
UMVPFSrv.exe 1032 1,248 K 3,480 K Logitech User mode UMVPF service Logitech Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
taskhost.exe 3552 6,848 K 7,192 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 908 18,136 K 18,336 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1680 10,200 K 13,400 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 824 3,284 K 6,480 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1156 2,056 K 5,316 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1992 1,028 K 3,728 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1888 3,200 K 6,912 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5920 2,172 K 6,276 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4228 3,152 K 8,080 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1304 4,288 K 7,372 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2716 2,084 K 5,012 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1180 508 K 2,028 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4520 924 K 3,316 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
soffice.exe 5224 772 K 2,560 K OpenOffice.org 3.4.1 OpenOffice.org (Unable to verify) OpenOffice.org
smss.exe 332 272 K 868 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 604 5,016 K 8,200 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 4652 1,700 K 4,528 K Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
PresentationFontCache.exe 372 14,264 K 13,880 K PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 1972 1,576 K 4,624 K Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamservice.exe 2092 110,880 K 4,160 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamscheduler.exe 4072 1,820 K 5,316 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
chrome.exe 1228 19,812 K 21,308 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4900 19,268 K 19,404 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4032 19,320 K 20,548 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 984 19,192 K 19,836 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4992 23,456 K 24,912 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4980 3,888 K 7,872 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3176 59,192 K 67,968 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3468 6,892 K 13,752 K Google Chrome Google Inc. (Verified) Google Inc
audiodg.exe 740 15,432 K 14,052 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1840 816 K 3,020 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

#7
bleeka

Posted 02 February 2013 - 05:12 AM

New Member

Topic Starter
Member
7 posts

I also removed that firefox add-on I dont know what it was but I dont need it..

#8
RKinner

Posted 02 February 2013 - 12:18 PM

Malware Expert

Expert
24,624 posts

Still missing the TDSSKiller log.

Uninstall

JavaFX 2.1.0
Java™ 6 Update 31
Java 7 Update 10 - The latest is 7 Update 11 but having Java on your PC is no longer recommended as there are too many security problems.
Vuze - This is P2P which is a bad idea and a good source of infected files.

Adobe Reader X (10.1.5) - Get the latest reader from adobe.com. Make sure you uncheck any other offered downloads or installs. They like to foist the ask toolbar or McAfee Security scan on you.

ooVoo - This is using too much CPU. I would uninstall it then if you really need it, get the latest version and right click and run as Admin when you install it.

DisplayLink Graphics - This is using too much CPU. I would uninstall it then if you really need it, get the latest version and right click and run as Admin when you install it.

Music Manager - This is using too much CPU and I can't see how it starts plus it can't be verified which is unusual for Google products. I would uninstall it then if you really need it, get the latest version and right click and run as Admin when you install it.

Belkin Setup and Router Monitor - This is causing errors. It is not clear to me why you need it but if you do I would download the latest version and then uninstall it and right click and run as Admin to install.

After you have done that:

I assume this is a Dell laptop? Shut it down. Remove the main battery and with it plugged into the wall start it up and run Process Explorer again and create the log and copy and paste it into the reply.

#9
bleeka

Posted 02 February 2013 - 06:23 PM

New Member

Topic Starter
Member
7 posts

Ron

Ok so i did as you said.. I uninstalled the 3 Javas, Vuze, Adobe reader Music Manager n elkin
adobe wqas uninstalled and reinstalled as adim .

Display Link is for my HDMI convertor from PC to Flat screen for teleconferences for work...
ooVoo as much as I hate it I cant uninstall I used that also for work... many times a day ..

I did uninstall them and reinstall latest version as administartor.. so hope that helps..

after this is all said and done do I uninstall the programs that we installed to save spave.. this is my home work computer and its fulling up quickly again ..

Denn

TDSSKiller.2.8.15.0_02.02.2013_02.08.07_log.txt 282.36KB 88 downloads

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 41.17 0 K 24 K
ooVoo.exe 348 16.44 170,976 K 183,768 K ooVoo ooVoo LLC (Verified) ooVoo LLC
dwm.exe 3932 9.43 70,520 K 39,304 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
DisplayLinkManager.exe 1244 9.33 26,460 K 32,448 K DisplayLinkManager Application DisplayLink Corp. (Verified) DISPLAYLINK
procexp.exe 5804 7.62 27,152 K 45,504 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts n/a 6.90 0 K 0 K Hardware Interrupts and DPCs
System 4 3.81 56 K 1,500 K
audiodg.exe 1088 3.14 17,112 K 15,860 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 3968 1.25 31,576 K 50,012 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 520 0.75 1,968 K 11,140 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
ccsvchst.exe 1056 0.06 21,664 K 11,744 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
svchost.exe 980 0.05 14,800 K 25,796 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
DisplayLinkUI.exe 4044 0.01 1,776 K 6,224 K DisplayLinkUI Sys-Tray Application DisplayLink Corp. (Verified) DISPLAYLINK
AppleMobileDeviceService.exe 1852 0.01 2,400 K 8,152 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe 908 0.01 17,100 K 17,192 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1192 < 0.01 7,560 K 13,068 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 648 < 0.01 1,344 K 3,204 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
mbamgui.exe 3832 < 0.01 2,484 K 6,992 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
wmpnetwk.exe 4456 < 0.01 4,680 K 2,344 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1352 < 0.01 11,900 K 12,564 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 2752 < 0.01 40,508 K 33,220 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
ccsvchst.exe 3992 < 0.01 13,440 K 10,244 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
WLIDSVC.EXE 2288 < 0.01 4,684 K 11,208 K Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
chrome.exe 3356 < 0.01 7,180 K 13,744 K Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 2032 < 0.01 6,180 K 22,452 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 996 < 0.01 2,108 K 5,016 K Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2204 < 0.01 7,532 K 6,920 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 956 < 0.01 59,024 K 66,664 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 3304 1,404 K 4,980 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 6104 2,072 K 5,056 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2536 656 K 2,412 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 576 1,752 K 4,960 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 528 980 K 3,492 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
UMVPFSrv.exe 1020 876 K 3,260 K Logitech User mode UMVPF service Logitech Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
taskhost.exe 3884 7,104 K 7,208 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 4324 1,212 K 4,436 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1656 9,276 K 11,356 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 748 3,548 K 7,688 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 828 2,944 K 6,116 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1156 1,700 K 4,284 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1828 3,220 K 6,900 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2256 4,300 K 7,356 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2060 520 K 2,012 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1992 1,016 K 3,696 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3248 1,952 K 4,748 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5612 896 K 3,308 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4552 3,196 K 8,092 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5176 2,156 K 6,192 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 1612 5,696 K 10,664 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 340 260 K 820 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 624 4,648 K 8,420 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 4984 1,628 K 4,468 K Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
PresentationFontCache.exe 296 14,260 K 13,872 K PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 1960 1,580 K 4,616 K Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamservice.exe 812 110,728 K 3,756 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamscheduler.exe 708 1,808 K 5,036 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsass.exe 640 3,972 K 9,928 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
DisplayLinkUserAgent.exe 1432 32,132 K 16,348 K DisplayLinkUserAgent Application DisplayLink Corp. (Verified) DISPLAYLINK
csrss.exe 440 1,416 K 3,652 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1804 816 K 2,996 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

Attached Files

System Idle Process.txt 6.91KB 93 downloads

#10
RKinner

Posted 02 February 2013 - 06:53 PM

Malware Expert

Expert
24,624 posts

I think you need to go to the dell support site and see if they have any new drivers for your PC. http://www.dell.com/support/drivers

The battery didn't help. Your oovoo.exe and DisplayLinkManager.exe are worse and interrupts is running ridiculously high. This last is a sign of a bad driver since we have ruled out the battery. I would suspect the video driver first.

You can uninstall or delete any tools we had you download and their logs but I would keep Process Explorer for now.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Go into Control Panel, Power Options. Make sure that when it is plugged in that it is using the High Performance option.

I found an oovoo forum where they are talking about the problem of it using too much CPU (above idea is from the forum)
http://forum.oovoo.c...spx?PageIndex=2

This page has a service request link:

http://forum.oovoo.c...ms/t/15322.aspx

Perhaps if you fill out a service request they can help.