Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Chitka pop ups [Solved]


  • This topic is locked This topic is locked

#1
Mozeta

Mozeta

    Member

  • Member
  • PipPip
  • 27 posts
Anytime I open the internet I get little pop up boxes in the bottom left or right corner. The one in the bottom left is usually an add for flash player or a half naked girl. One of the ones in the bottom right looks like a facebook box. Both of these boxes have X's and can be closed. Another one is a little larger than the other two and opens in the bottom right corner and it can't be closed, only clicked on which opens a new page. I can close that page, but the next time I click on any link it redirects to another location unrelated to what I clicked on. This larger pop up always has the words Chitka on it. These pop ups often stop pages from loading or redirect me to other sites and often times I get a message that says internet explorer has experienced errors and needs to close. After that, it closes and reopens to the last page I was on. For some reason, there are a few web pages I visit where these pop ups do not appear. For instance, I have never gotten a pop up on the Drudge Report or Gmail, but if I click on a link in the Drudge Report or go to other websites they will pop up again. My homepage (excite.com) no longer loads because of these pop ups. This is on my work laptop so I don't know how limited I am in running and installing certain types of outside software. I ran a McAfee scan, Malware bytes, and Spysbot, and none of them found anything or stopped the pop ups. I can't seem to get rid of this and they are planning on re-imaging my computer if I can't get rid of it.

I first notice the issue one day after coming back from lunch. I sat down on my computer and I don't know if I accidentally left the internet open or someone was playing a trick on me, but when moved the mouse to wake my computer up there were about 10 internet windows open and they were all adds I didn't open. As I closed each window by clicking the little X in the upper right hand corner, they closed. When i got to the very last one, a large picture of young female sitting on the toilet appeared. i closed that quickly as well and after that my internet has had these Chitka pop ups.




OTL logfile created on: 3/28/2013 12:02:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\OTL
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.96 Gb Total Physical Memory | 11.49 Gb Available Physical Memory | 72.02% Memory free
31.91 Gb Paging File | 26.83 Gb Available in Paging File | 84.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.29 Gb Total Space | 401.73 Gb Free Space | 57.53% Space Free | Partition Type: NTFS
Drive D: | 356.00 Mb Total Space | 295.41 Mb Free Space | 82.98% Space Free | Partition Type: NTFS
Drive E: | 238.47 Gb Total Space | 238.37 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive J: | 1040.00 Gb Total Space | 4.45 Gb Free Space | 0.43% Space Free | Partition Type: NTFS
Drive M: | 1040.00 Gb Total Space | 4.45 Gb Free Space | 0.43% Space Free | Partition Type: NTFS
Drive N: | 1040.00 Gb Total Space | 4.45 Gb Free Space | 0.43% Space Free | Partition Type: NTFS
Drive O: | 273.40 Gb Total Space | 163.07 Gb Free Space | 59.65% Space Free | Partition Type: NTFS
Drive P: | 900.00 Gb Total Space | 276.03 Gb Free Space | 30.67% Space Free | Partition Type: NTFS
Drive S: | 1627.60 Gb Total Space | 1110.64 Gb Free Space | 68.24% Space Free | Partition Type: NTFS
Drive U: | 1400.00 Gb Total Space | 4.24 Gb Free Space | 0.30% Space Free | Partition Type: NTFS
Drive X: | 1040.00 Gb Total Space | 4.45 Gb Free Space | 0.43% Space Free | Partition Type: NTFS
Drive Y: | 1040.00 Gb Total Space | 4.45 Gb Free Space | 0.43% Space Free | Partition Type: NTFS
Drive Z: | 850.00 Gb Total Space | 186.79 Gb Free Space | 21.98% Space Free | Partition Type: NTFS

Computer Name: STHOMASM6600 | User Name: sthomas | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/03/28 11:58:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/21 17:06:00 | 000,345,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2012/08/21 17:06:00 | 000,333,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2012/08/21 17:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2012/08/21 17:06:00 | 000,075,368 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2012/07/30 17:13:04 | 005,164,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
PRC - [2012/07/16 18:33:48 | 000,243,304 | ---- | M] () -- C:\Program Files\McAfee\Endpoint Encryption for PC v6\EpePcMonitor.exe
PRC - [2012/07/16 17:55:00 | 001,713,768 | ---- | M] () -- C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe
PRC - [2011/08/31 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011/06/10 15:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/06/05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/06/05 05:31:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/22 11:59:02 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011/04/08 12:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/03/19 08:17:16 | 007,580,576 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
PRC - [2011/03/19 08:17:12 | 000,239,104 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe
PRC - [2011/02/08 01:41:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/12/22 11:09:26 | 000,111,360 | ---- | M] (PrintFleet Inc) -- C:\Program Files (x86)\Local Print Agent\Local Print Agent.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/11/11 13:47:32 | 000,129,648 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2010/11/11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/12 18:23:04 | 000,824,752 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/10/12 16:44:00 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
PRC - [2010/08/13 17:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2010/04/13 19:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
PRC - [2010/04/13 19:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
PRC - [2010/04/13 19:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
PRC - [2010/04/13 19:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe
PRC - [2009/07/13 20:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/06/24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/11/07 15:28:54 | 000,114,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsComProviderSvr.exe
PRC - [2007/05/11 09:58:58 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe
PRC - [2007/05/11 09:57:22 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe
PRC - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/08 08:34:28 | 000,918,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\32ee09055ab9ee693a25dd5b0a793206\Microsoft.TeamFoundation.Client.ni.dll
MOD - [2012/08/08 08:31:15 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1dae3d98c8c441088389d6545ef70b44\IAStorUtil.ni.dll
MOD - [2012/08/08 08:29:01 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012/08/08 08:28:22 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/08/08 08:28:18 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/07/16 18:33:48 | 000,243,304 | ---- | M] () -- C:\Program Files\McAfee\Endpoint Encryption for PC v6\EpePcMonitor.exe
MOD - [2012/06/13 09:49:11 | 000,704,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\1bde8c683ae89928112a118338b6d098\Microsoft.TeamFoundation.Common.ni.dll
MOD - [2012/06/13 09:47:33 | 001,609,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\8bf0cc74710dfeab3ddecf69baef8a23\Microsoft.TeamFoundation.VersionControl.Client.ni.dll
MOD - [2012/06/13 09:47:33 | 000,520,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\bf114b75c199089615b8fa4336800969\Microsoft.TeamFoundation.VersionControl.Common.ni.dll
MOD - [2012/06/13 09:29:07 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\10eee783bd7dceed61e49befb726d776\IAStorCommon.ni.dll
MOD - [2012/06/13 08:32:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/06/13 08:31:34 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/06/13 08:31:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/06/13 08:31:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/06/13 08:31:17 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/06/13 08:31:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/04/22 11:59:02 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2009/06/24 20:19:50 | 000,099,560 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD DX\CLFormatDetector.dll
MOD - [2008/11/07 15:28:54 | 000,114,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsComProviderSvr.exe
MOD - [2008/11/07 15:23:38 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Microsoft Team Foundation Server 2008 Power Tools\x86\TfsComProviderStub.DLL
MOD - [2005/12/13 16:51:56 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3300 Series\lxccdrec.dll
MOD - [2005/06/14 18:08:28 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3300 Series\iptk.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/29 21:07:00 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/07/16 17:55:00 | 001,713,768 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011/05/13 10:10:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2011/05/13 10:10:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2011/02/08 01:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/01/25 01:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/20 11:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2010/12/23 14:23:48 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/23 14:14:10 | 000,992,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)
SRV:64bit: - [2010/12/23 14:07:12 | 000,845,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/02/10 17:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2007/03/26 08:49:58 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcccoms.exe -- (lxcc_device)
SRV - [2013/03/13 10:41:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/21 17:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/08/31 21:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2011/08/31 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2011/08/31 21:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2011/06/10 15:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/06/05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/06/05 05:31:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/19 08:17:16 | 007,580,576 | ---- | M] (Iron Mountain Incorporated) [Auto | Running] -- C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe -- (AgentService)
SRV - [2011/02/17 09:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/12/22 11:09:26 | 000,111,360 | ---- | M] (PrintFleet Inc) [Auto | Running] -- C:\Program Files (x86)\Local Print Agent\Local Print Agent.exe -- (Local Print Agent)
SRV - [2010/11/11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/03/26 08:49:26 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcccoms.exe -- (lxcc_device)
SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/01/29 21:07:00 | 000,647,624 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/01/29 21:07:00 | 000,289,952 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/01/29 21:07:00 | 000,229,560 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/01/29 21:07:00 | 000,160,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/01/29 21:07:00 | 000,100,944 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/16 18:26:58 | 000,087,632 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal)
DRV:64bit: - [2012/07/16 18:19:32 | 000,141,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 15:52:28 | 000,071,016 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MfeEEAlg.sys -- (MfeEEAlg)
DRV:64bit: - [2011/08/31 21:07:00 | 000,086,368 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2011/08/15 17:51:40 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/08/15 17:51:40 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/08/15 17:51:40 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/08/15 17:51:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/08/15 17:51:40 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/10 18:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 15:42:42 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/06/05 07:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/05/10 14:05:48 | 000,038,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/05/10 02:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/05 00:36:46 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/03/23 13:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/03/19 06:25:46 | 000,054,824 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV_Tracker64.sys -- (LV_Tracker)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 01:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/03 14:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2010/12/21 09:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/13 10:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/11/19 10:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 10:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 13:49:10 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010/11/11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/28 07:42:32 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/08/20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/07/21 13:13:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2009/12/17 00:46:36 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/18 04:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/05/11 15:59:58 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/08/16 09:48:32] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2007/09/04 16:53:34 | 000,071,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys -- (VSPerfDrv90)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://excite.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 76 BA 71 6D 66 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2013/01/30 15:55:32 | 000,001,543 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 192.157.56.28 www.google-analytics.com.
O1 - Hosts: 192.157.56.28 ad-emea.doubleclick.net.
O1 - Hosts: 192.157.56.28 www.statcounter.com.
O1 - Hosts: 192.157.56.28 connect.facebook.net.
O1 - Hosts: 192.157.56.28 platform.twitter.com.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O1 - Hosts: 93.115.241.27 platform.twitter.com.
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [LXCCCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCCtime.DLL ()
O4:64bit: - HKLM..\Run: [lxccmon.exe] C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\McAfee\Endpoint Encryption for PC v6\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe (Iron Mountain Incorporated)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 40
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: mii.com ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: mii.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: mii.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: mii.com ([admin] * in Trusted sites)
O15:64bit: - ..Trusted Domains: mii.com ([intranet] http in Local intranet)
O15:64bit: - ..Trusted Domains: mii.com ([www] * in Trusted sites)
O15:64bit: - ..Trusted Domains: mitek.ca ([www] * in Trusted sites)
O15:64bit: - ..Trusted Domains: [email protected] ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: mii.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: mii.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mii.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: mii.com ([admin] * in Trusted sites)
O15 - HKCU\..Trusted Domains: mii.com ([intranet] http in Local intranet)
O15 - HKCU\..Trusted Domains: mii.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: mitek.ca ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: [email protected] ([]* in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {338095E4-1806-4BA3-AB51-38A3179200E9} http://labmanager/La.../vmware-mks.cab (QuickMksAxCtl Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://connect.mii....ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.2.1 10.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mii.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{143589B6-5B45-4102-865B-331F37D8765D}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ECFED2C-7209-4DD4-9552-B05A72FAB99B}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E588FAB0-9737-4D4D-B18C-CB19AE8AA84B}: DhcpNameServer = 10.1.2.1 10.2.2.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FADCFAB8-0787-4B3C-ACC9-BEB452B03A51}: DhcpNameServer = 10.1.2.1 10.2.2.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/28 07:49:57 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/01/15 16:49:04 | 000,000,000 | ---D | M] - N:\Automation -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2013/03/28 11:58:25 | 000,000,000 | ---D | C] -- C:\OTL
[2013/03/28 07:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/03/28 07:48:18 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Program Files (x86)\SpyHunter-Installer.exe
[2013/03/27 12:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/27 12:32:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/25 08:35:21 | 000,000,000 | ---D | C] -- C:\TRE Compare2
[2013/03/18 10:51:57 | 000,000,000 | ---D | C] -- C:\Users\sthomas\Desktop\hotfixes 741
[2013/03/15 15:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/13 08:40:33 | 000,000,000 | ---D | C] -- C:\Users\sthomas\AppData\Local\Mozilla
[2013/03/13 08:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/12 13:49:26 | 000,000,000 | ---D | C] -- C:\Users\sthomas\AppData\Local\Programs
[2013/03/12 13:48:59 | 000,000,000 | ---D | C] -- C:\Users\sthomas\AppData\Roaming\Malwarebytes
[2013/03/12 13:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/12 13:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/12 13:48:05 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\sthomas\Desktop\Malwarebytes-setup-1.65.0.1400.exe
[2013/03/12 13:47:47 | 000,000,000 | ---D | C] -- C:\Users\sthomas\AppData\Local\Apps
[2013/02/12 14:06:12 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/02/12 14:06:12 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/02/12 14:06:12 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/02/12 14:05:45 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/02/12 14:05:45 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/02/12 14:05:45 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/02/12 10:45:47 | 000,000,000 | ---D | C] -- C:\MiTek743
[2013/02/08 12:13:27 | 000,000,000 | ---D | C] -- C:\Users\sthomas\AppData\Roaming\MiTek
[2013/02/07 11:07:23 | 000,000,000 | ---D | C] -- C:\TRE Compare
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2013/03/28 11:57:09 | 000,001,110 | ---- | M] () -- C:\Windows\MiiLink.ini
[2013/03/28 11:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/28 11:18:43 | 000,078,740 | ---- | M] () -- C:\Users\sthomas\Desktop\popups.jpg
[2013/03/28 07:49:57 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/03/28 07:48:18 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files (x86)\SpyHunter-Installer.exe
[2013/03/28 07:32:54 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/28 07:32:54 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/28 07:28:06 | 000,000,463 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2013/03/28 07:22:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/28 00:34:46 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2013/03/28 00:34:44 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2013/03/28 00:34:28 | 006,533,632 | ---- | M] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysNative\cdintf450_64.dll
[2013/03/28 00:34:28 | 004,833,792 | ---- | M] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf450.dll
[2013/03/27 12:34:08 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/26 08:34:21 | 000,012,626 | RHS- | M] () -- C:\Users\sthomas\ntuser.pol
[2013/03/26 08:32:56 | 000,066,872 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/03/22 15:47:03 | 000,002,020 | -H-- | M] () -- C:\Users\sthomas\Documents\Default.rdp
[2013/03/15 17:17:38 | 001,219,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/15 17:17:38 | 000,970,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/15 17:17:38 | 000,239,924 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/13 11:48:49 | 000,000,038 | ---- | M] () -- C:\Windows\tablemnt.ini
[2013/03/13 10:41:11 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/13 10:41:11 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/07 19:03:19 | 000,060,864 | ---- | M] () -- C:\Users\sthomas\g2mdlhlpx.exe
[2013/03/01 14:40:59 | 000,213,315 | ---- | M] () -- C:\Users\sthomas\Desktop\WST Claim.pdf
[2013/02/12 12:57:57 | 000,000,687 | ---- | M] () -- C:\Users\sthomas\Desktop\MiTek743 - Shortcut.lnk
[2013/01/30 15:55:32 | 000,001,543 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ac
[2013/01/30 15:55:32 | 000,001,543 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/29 21:07:00 | 000,647,624 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2013/01/29 21:07:00 | 000,289,952 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2013/01/29 21:07:00 | 000,229,560 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2013/01/29 21:07:00 | 000,162,224 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2013/01/29 21:07:00 | 000,160,824 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2013/01/29 21:07:00 | 000,100,944 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/28 11:17:01 | 000,078,740 | ---- | C] () -- C:\Users\sthomas\Desktop\popups.jpg
[2013/03/28 07:49:57 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/03/27 12:32:31 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/07 19:03:18 | 000,060,864 | ---- | C] () -- C:\Users\sthomas\g2mdlhlpx.exe
[2013/03/01 14:40:59 | 000,213,315 | ---- | C] () -- C:\Users\sthomas\Desktop\WST Claim.pdf
[2013/02/12 12:57:57 | 000,000,687 | ---- | C] () -- C:\Users\sthomas\Desktop\MiTek743 - Shortcut.lnk
[2012/02/24 16:12:47 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccinpa.dll
[2012/02/24 16:12:47 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcciesc.dll
[2012/02/24 16:12:47 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcccomx.dll
[2012/02/24 16:12:47 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxccinst.dll
[2012/02/24 16:12:46 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccserv.dll
[2012/02/24 16:12:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccusb1.dll
[2012/02/24 16:12:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccpmui.dll
[2012/02/24 16:12:46 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccppls.exe
[2012/02/24 16:12:46 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccprox.dll
[2012/02/24 16:12:46 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccpplc.dll
[2012/02/24 16:12:45 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcchbn3.dll
[2012/02/24 16:12:45 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccomc.dll
[2012/02/24 16:12:45 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcclmpm.dll
[2012/02/24 16:12:45 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccoms.exe
[2012/02/24 16:12:45 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccomm.dll
[2012/02/24 16:12:45 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccih.exe
[2012/02/24 16:12:45 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccfg.exe
[2012/02/15 11:25:28 | 000,015,266 | ---- | C] () -- C:\Windows\mitek.ini
[2011/09/29 09:54:45 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\u2lsamp1.dll
[2011/09/29 09:54:44 | 000,748,160 | ---- | C] () -- C:\Windows\SysWow64\CO2C40EN.DLL
[2011/09/29 09:54:44 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\IMPLODE.DLL
[2011/09/28 10:40:04 | 000,000,082 | ---- | C] () -- C:\Windows\miisec.ini
[2011/09/21 11:16:45 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/09/07 15:01:15 | 000,000,274 | ---- | C] () -- C:\Windows\mi2cdb.ini
[2011/09/07 15:01:15 | 000,000,038 | ---- | C] () -- C:\Windows\tablemnt.ini
[2011/09/07 14:28:07 | 000,000,095 | ---- | C] () -- C:\Users\sthomas\AppData\Local\fusioncache.dat
[2011/09/06 11:29:02 | 000,000,063 | ---- | C] () -- C:\Windows\SysWow64\behami.DLL
[2011/09/01 15:55:31 | 000,001,110 | ---- | C] () -- C:\Windows\MiiLink.ini
[2011/08/29 11:08:30 | 000,012,626 | RHS- | C] () -- C:\Users\sthomas\ntuser.pol
[2011/08/27 00:08:05 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2011/08/27 00:07:25 | 000,000,463 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2011/08/26 17:44:50 | 000,066,872 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/19 10:49:05 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/19 10:43:15 | 001,212,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/15 17:22:31 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2011/08/15 16:55:31 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/15 16:55:29 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/15 16:55:28 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/15 16:55:26 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/15 16:55:24 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/08/15 16:37:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2011/08/15 16:37:53 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2013/01/09 16:45:30 | 000,000,003 | ---- | M] ()(C:\Windows\SysNative\?6) -- C:\Windows\SysNative\닐6
[2013/01/09 09:43:09 | 000,000,003 | ---- | C] ()(C:\Windows\SysNative\?6) -- C:\Windows\SysNative\닐6

< End of report >

Edited by Mozeta, 28 March 2013 - 03:52 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, run this and let me know if it cures the problem

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
Mozeta

Mozeta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OTL logfile created on: 3/28/2013 8:04:24 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\OTL
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.96 Gb Total Physical Memory | 13.04 Gb Available Physical Memory | 81.71% Memory free
31.91 Gb Paging File | 28.39 Gb Available in Paging File | 88.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.29 Gb Total Space | 419.69 Gb Free Space | 60.10% Space Free | Partition Type: NTFS
Drive D: | 356.00 Mb Total Space | 295.41 Mb Free Space | 82.98% Space Free | Partition Type: NTFS
Drive E: | 238.47 Gb Total Space | 238.37 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: STHOMASM6600 | User Name: SThomas | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/03/28 11:58:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL\OTL.exe
PRC - [2012/08/21 17:06:00 | 000,345,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2012/08/21 17:06:00 | 000,333,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2012/08/21 17:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2012/08/21 17:06:00 | 000,075,368 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
PRC - [2012/07/30 17:13:04 | 005,164,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
PRC - [2012/07/16 18:33:48 | 000,243,304 | ---- | M] () -- C:\Program Files\McAfee\Endpoint Encryption for PC v6\EpePcMonitor.exe
PRC - [2012/07/16 17:55:00 | 001,713,768 | ---- | M] () -- C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe
PRC - [2011/08/31 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011/06/10 15:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/06/05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/06/05 05:31:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/22 11:59:02 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2011/03/19 08:17:16 | 007,580,576 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
PRC - [2011/03/19 08:17:12 | 000,239,104 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe
PRC - [2011/02/08 01:41:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/12/22 11:09:26 | 000,111,360 | ---- | M] (PrintFleet Inc) -- C:\Program Files (x86)\Local Print Agent\Local Print Agent.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/11/11 13:47:32 | 000,129,648 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2010/11/11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/12 18:23:04 | 000,824,752 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/10/12 16:44:00 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
PRC - [2010/08/13 17:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2010/04/13 19:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
PRC - [2010/04/13 19:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
PRC - [2010/04/13 19:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
PRC - [2010/04/13 19:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe
PRC - [2009/07/13 20:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/06/24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/11/07 15:28:54 | 000,114,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsComProviderSvr.exe
PRC - [2007/05/11 09:58:58 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe
PRC - [2007/05/11 09:57:22 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe
PRC - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/08 08:34:28 | 000,918,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\32ee09055ab9ee693a25dd5b0a793206\Microsoft.TeamFoundation.Client.ni.dll
MOD - [2012/08/08 08:31:15 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1dae3d98c8c441088389d6545ef70b44\IAStorUtil.ni.dll
MOD - [2012/08/08 08:28:22 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/08/08 08:28:18 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/07/16 18:33:48 | 000,243,304 | ---- | M] () -- C:\Program Files\McAfee\Endpoint Encryption for PC v6\EpePcMonitor.exe
MOD - [2012/06/13 09:49:11 | 000,704,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\1bde8c683ae89928112a118338b6d098\Microsoft.TeamFoundation.Common.ni.dll
MOD - [2012/06/13 09:47:33 | 001,609,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\8bf0cc74710dfeab3ddecf69baef8a23\Microsoft.TeamFoundation.VersionControl.Client.ni.dll
MOD - [2012/06/13 09:47:33 | 000,520,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\bf114b75c199089615b8fa4336800969\Microsoft.TeamFoundation.VersionControl.Common.ni.dll
MOD - [2012/06/13 09:29:07 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\10eee783bd7dceed61e49befb726d776\IAStorCommon.ni.dll
MOD - [2012/06/13 08:32:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/06/13 08:31:34 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/06/13 08:31:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/06/13 08:31:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/06/13 08:31:17 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/06/13 08:31:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/04/22 11:59:02 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2008/11/07 15:28:54 | 000,114,512 | ---- | M] () -- C:\Program Files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsComProviderSvr.exe
MOD - [2008/11/07 15:23:38 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Microsoft Team Foundation Server 2008 Power Tools\x86\TfsComProviderStub.DLL
MOD - [2005/12/13 16:51:56 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3300 Series\lxccdrec.dll
MOD - [2005/06/14 18:08:28 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3300 Series\iptk.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/29 21:07:00 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/07/16 17:55:00 | 001,713,768 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2011/05/13 10:10:44 | 001,043,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2011/05/13 10:10:44 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2011/02/08 01:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/01/25 01:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/20 11:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2010/12/23 14:23:48 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/23 14:14:10 | 000,992,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)
SRV:64bit: - [2010/12/23 14:07:12 | 000,845,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/02/10 17:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2007/03/26 08:49:58 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcccoms.exe -- (lxcc_device)
SRV - [2013/03/28 16:09:23 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/21 17:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/08/31 21:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2011/08/31 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2011/08/31 21:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2011/06/10 15:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/06/05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/06/05 05:31:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/19 08:17:16 | 007,580,576 | ---- | M] (Iron Mountain Incorporated) [Auto | Running] -- C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe -- (AgentService)
SRV - [2011/02/17 09:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/12/22 11:09:26 | 000,111,360 | ---- | M] (PrintFleet Inc) [Auto | Running] -- C:\Program Files (x86)\Local Print Agent\Local Print Agent.exe -- (Local Print Agent)
SRV - [2010/11/11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/03/26 08:49:26 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcccoms.exe -- (lxcc_device)
SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/01/29 21:07:00 | 000,647,624 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/01/29 21:07:00 | 000,289,952 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/01/29 21:07:00 | 000,229,560 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/01/29 21:07:00 | 000,160,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/01/29 21:07:00 | 000,100,944 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/07/16 18:26:58 | 000,087,632 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal)
DRV:64bit: - [2012/07/16 18:19:32 | 000,141,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 15:52:28 | 000,071,016 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MfeEEAlg.sys -- (MfeEEAlg)
DRV:64bit: - [2011/08/31 21:07:00 | 000,086,368 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2011/08/15 17:51:40 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/08/15 17:51:40 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/08/15 17:51:40 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/08/15 17:51:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/08/15 17:51:40 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/10 18:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 15:42:42 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/06/05 07:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/05/10 14:05:48 | 000,038,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/05/10 02:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/04/05 00:36:46 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/03/23 13:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/03/19 06:25:46 | 000,054,824 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV_Tracker64.sys -- (LV_Tracker)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 01:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/03 14:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2010/12/21 09:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/13 10:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/11/19 10:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 10:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 13:49:10 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010/11/11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/28 07:42:32 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/08/20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/07/21 13:13:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2009/12/17 00:46:36 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/18 04:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/05/11 15:59:58 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/08/16 09:48:32] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2007/09/04 16:53:34 | 000,071,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys -- (VSPerfDrv90)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 76 BA 71 6D 66 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\sthomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\sthomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\sthomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/03/28 19:43:51 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [LXCCCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCCtime.DLL ()
O4:64bit: - HKLM..\Run: [lxccmon.exe] C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\McAfee\Endpoint Encryption for PC v6\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe (Iron Mountain Incorporated)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 40
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: mii.com ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: mii.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: mii.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: mii.com ([admin] * in Trusted sites)
O15:64bit: - ..Trusted Domains: mii.com ([intranet] http in Local intranet)
O15:64bit: - ..Trusted Domains: mii.com ([www] * in Trusted sites)
O15:64bit: - ..Trusted Domains: mitek.ca ([www] * in Trusted sites)
O15:64bit: - ..Trusted Domains: [email protected] ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: mii.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: mii.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mii.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: mii.com ([admin] * in Trusted sites)
O15 - HKCU\..Trusted Domains: mii.com ([intranet] http in Local intranet)
O15 - HKCU\..Trusted Domains: mii.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: mitek.ca ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: [email protected] ([]* in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {338095E4-1806-4BA3-AB51-38A3179200E9} http://labmanager/La.../vmware-mks.cab (QuickMksAxCtl Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://connect.mii....ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mii.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{143589B6-5B45-4102-865B-331F37D8765D}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ECFED2C-7209-4DD4-9552-B05A72FAB99B}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E588FAB0-9737-4D4D-B18C-CB19AE8AA84B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FADCFAB8-0787-4B3C-ACC9-BEB452B03A51}: DhcpNameServer = 10.1.2.1 10.2.2.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/28 07:49:57 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/28 19:43:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/28 16:10:19 | 000,000,000 | ---D | C] -- C:\Users\sthomas\AppData\Roaming\Google
[2013/03/28 16:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/03/28 16:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/03/28 16:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/03/28 16:09:34 | 000,000,000 | ---D | C] -- C:\Users\sthomas\AppData\Local\Google
[2013/03/28 16:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/28 15:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\adobe flash
[2013/03/28 11:58:25 | 000,000,000 | ---D | C] -- C:\OTL
[2013/03/28 07:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/03/28 07:48:18 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Program Files (x86)\SpyHunter-Installer.exe
[2013/03/25 08:35:21 | 000,000,000 | ---D | C] -- C:\TRE Compare2
[2013/03/18 10:51:57 | 000,000,000 | ---D | C] -- C:\Users\sthomas\Desktop\hotfixes 741
[2013/03/15 15:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/13 08:40:33 | 000,000,000 | ---D | C] -- C:\Users\sthomas\AppData\Local\Mozilla
[2013/03/13 08:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/12 13:49:26 | 000,000,000 | ---D | C] -- C:\Users\sthomas\AppData\Local\Programs
[2013/03/12 13:48:59 | 000,000,000 | ---D | C] -- C:\Users\sthomas\AppData\Roaming\Malwarebytes
[2013/03/12 13:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/12 13:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/12 13:48:05 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\sthomas\Desktop\Malwarebytes-setup-1.65.0.1400.exe
[2013/03/12 13:47:47 | 000,000,000 | ---D | C] -- C:\Users\sthomas\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2013/03/28 19:59:56 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/28 19:59:56 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/28 19:59:35 | 000,002,279 | ---- | M] () -- C:\Users\sthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/28 19:53:49 | 000,000,463 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2013/03/28 19:52:32 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/28 19:50:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/28 19:43:51 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/03/28 19:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/28 19:19:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/28 16:20:16 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/28 11:57:09 | 000,001,110 | ---- | M] () -- C:\Windows\MiiLink.ini
[2013/03/28 11:18:43 | 000,078,740 | ---- | M] () -- C:\Users\sthomas\Desktop\popups.jpg
[2013/03/28 07:49:57 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/03/28 07:48:18 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files (x86)\SpyHunter-Installer.exe
[2013/03/28 00:34:28 | 006,533,632 | ---- | M] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysNative\cdintf450_64.dll
[2013/03/28 00:34:28 | 004,833,792 | ---- | M] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf450.dll
[2013/03/26 08:34:21 | 000,012,626 | RHS- | M] () -- C:\Users\sthomas\ntuser.pol
[2013/03/26 08:32:56 | 000,066,872 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/03/22 15:47:03 | 000,002,020 | -H-- | M] () -- C:\Users\sthomas\Documents\Default.rdp
[2013/03/15 17:17:38 | 001,219,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/15 17:17:38 | 000,970,496 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/15 17:17:38 | 000,239,924 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/13 11:48:49 | 000,000,038 | ---- | M] () -- C:\Windows\tablemnt.ini
[2013/03/07 19:03:19 | 000,060,864 | ---- | M] () -- C:\Users\sthomas\g2mdlhlpx.exe
[2013/03/01 14:40:59 | 000,213,315 | ---- | M] () -- C:\Users\sthomas\Desktop\WST Claim.pdf

========== Files Created - No Company Name ==========

[2013/03/28 16:09:48 | 000,002,279 | ---- | C] () -- C:\Users\sthomas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/28 16:09:48 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/28 16:09:37 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/28 16:09:37 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/28 11:17:01 | 000,078,740 | ---- | C] () -- C:\Users\sthomas\Desktop\popups.jpg
[2013/03/28 07:49:57 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/03/07 19:03:18 | 000,060,864 | ---- | C] () -- C:\Users\sthomas\g2mdlhlpx.exe
[2013/03/01 14:40:59 | 000,213,315 | ---- | C] () -- C:\Users\sthomas\Desktop\WST Claim.pdf
[2012/02/24 16:12:47 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccinpa.dll
[2012/02/24 16:12:47 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcciesc.dll
[2012/02/24 16:12:47 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcccomx.dll
[2012/02/24 16:12:47 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxccinst.dll
[2012/02/24 16:12:46 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccserv.dll
[2012/02/24 16:12:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccusb1.dll
[2012/02/24 16:12:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccpmui.dll
[2012/02/24 16:12:46 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccppls.exe
[2012/02/24 16:12:46 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccprox.dll
[2012/02/24 16:12:46 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccpplc.dll
[2012/02/24 16:12:45 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcchbn3.dll
[2012/02/24 16:12:45 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccomc.dll
[2012/02/24 16:12:45 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcclmpm.dll
[2012/02/24 16:12:45 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccoms.exe
[2012/02/24 16:12:45 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccomm.dll
[2012/02/24 16:12:45 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxccih.exe
[2012/02/24 16:12:45 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcccfg.exe
[2012/02/15 11:25:28 | 000,015,266 | ---- | C] () -- C:\Windows\mitek.ini
[2011/09/29 09:54:45 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\u2lsamp1.dll
[2011/09/29 09:54:44 | 000,748,160 | ---- | C] () -- C:\Windows\SysWow64\CO2C40EN.DLL
[2011/09/29 09:54:44 | 000,018,944 | ---- | C] ( ) -- C:\Windows\SysWow64\IMPLODE.DLL
[2011/09/28 10:40:04 | 000,000,082 | ---- | C] () -- C:\Windows\miisec.ini
[2011/09/21 11:16:45 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/09/07 15:01:15 | 000,000,274 | ---- | C] () -- C:\Windows\mi2cdb.ini
[2011/09/07 15:01:15 | 000,000,038 | ---- | C] () -- C:\Windows\tablemnt.ini
[2011/09/07 14:28:07 | 000,000,095 | ---- | C] () -- C:\Users\sthomas\AppData\Local\fusioncache.dat
[2011/09/06 11:29:02 | 000,000,063 | ---- | C] () -- C:\Windows\SysWow64\behami.DLL
[2011/09/01 15:55:31 | 000,001,110 | ---- | C] () -- C:\Windows\MiiLink.ini
[2011/08/29 11:08:30 | 000,012,626 | RHS- | C] () -- C:\Users\sthomas\ntuser.pol
[2011/08/27 00:08:05 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2011/08/27 00:07:25 | 000,000,463 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2011/08/26 17:44:50 | 000,066,872 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/19 10:49:05 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/19 10:43:15 | 001,212,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/15 17:22:31 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2011/08/15 16:55:31 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/15 16:55:29 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/15 16:55:28 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/15 16:55:26 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/15 16:55:24 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/08/15 16:37:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2011/08/15 16:37:53 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/13 10:39:38 | 000,000,000 | ---D | M] -- C:\Users\sthomas\AppData\Roaming\Accellion
[2011/08/21 03:19:41 | 000,000,000 | ---D | M] -- C:\Users\sthomas\AppData\Roaming\Attrice Corporation
[2011/09/01 16:45:35 | 000,000,000 | ---D | M] -- C:\Users\sthomas\AppData\Roaming\ICAClient
[2013/02/08 12:13:27 | 000,000,000 | ---D | M] -- C:\Users\sthomas\AppData\Roaming\MiTek
[2013/01/04 10:56:53 | 000,000,000 | ---D | M] -- C:\Users\sthomas\AppData\Roaming\nView_Wallpaper
[2011/11/01 12:07:59 | 000,000,000 | ---D | M] -- C:\Users\sthomas\AppData\Roaming\Scooter Software
[2012/06/11 15:01:21 | 000,000,000 | ---D | M] -- C:\Users\sthomas\AppData\Roaming\Wave Systems Corp
[2013/01/24 17:11:15 | 000,000,000 | ---D | M] -- C:\Users\sthomas\AppData\Roaming\webex

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/01/09 16:45:30 | 000,000,003 | ---- | M] ()(C:\Windows\SysNative\?6) -- C:\Windows\SysNative\닐6
[2013/01/09 09:43:09 | 000,000,003 | ---- | C] ()(C:\Windows\SysNative\?6) -- C:\Windows\SysNative\닐6

< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that the popups have disappeared
  • 0

#5
Mozeta

Mozeta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Yes, they seem to have stopped. Not sure how you did it when all those other things I tried didn't work. Thank you so very much.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Your host file was replaced with a hijacked one ..

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

First update windows to Service pack 1 and IE10

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP