Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

computer wont let me download [Solved]

Started by GEEgee57 , May 22 2013 07:13 AM

This topic is locked

#1
GEEgee57

Posted 22 May 2013 - 07:13 AM

Member

Member
79 posts

ok, virus was in computer...any program to kill it was saying it was infected and deleted....downloaded MBAM to flashdrive...scanned, still didnt kill virus 100%.....ran tdsskiller no results.....finally ran combofix.....seems to be gone..........not sure how to read combofix log......all these were done by flashdrive. MBAM is still on desktop, ran it quick and full says cannot detect any viruses......computer doesnt allow downloads .....please help....thank u

Attached Files

ComboFix.txt 18.31KB 544 downloads

#2
Jasmyne

Posted 22 May 2013 - 07:39 AM

Trusted Helper

Malware Removal
2,010 posts

Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now! It isn't always a quick & easy fix to remove malware but if you'll stick with me, I'll stick with you until your computer is clean. Throughout this process you may want to print instructions in case you loose internet access unless you have another way to access them aside from the infected computer. Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions!

Let's get a look at what's going on. Since you have been able to download other programs to a flashdrive, download OTL and copy the following information to a notepad and save them both on the flashdrive.

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT

Copy OTL to your desktop.
Double click on the icon to run it.
Please check the box next to Scan All Users.
Under the Custom Scans/Fixes box at the bottom, paste in the information I asked you to copy to the notepad file.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

#3
GEEgee57

Posted 22 May 2013 - 09:43 AM

Member

Topic Starter
Member
79 posts

OTL logfile created on: 5/22/2013 11:32:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 58.26% Memory free
5.98 Gb Paging File | 4.36 Gb Available in Paging File | 72.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 117.40 Gb Free Space | 39.40% Space Free | Partition Type: NTFS
Drive E: | 1.86 Gb Total Space | 1.84 Gb Free Space | 98.80% Space Free | Partition Type: FAT

Computer Name: ANTHONYS-PC | User Name: anthony's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/22 08:16:21 | 000,126,976 | ---- | M] () -- C:\Users\anthony's\AppData\Roaming\skypePM\WINC9B4.exe
PRC - [2013/05/15 12:38:24 | 001,298,240 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013/05/15 10:09:14 | 000,806,776 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2013/03/27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/03/23 02:28:51 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\UtilityChest_49\bar\1.bin\49barsvc.exe
PRC - [2013/03/23 02:28:51 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\UtilityChest_49\bar\1.bin\49brmon.exe
PRC - [2013/02/13 19:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
PRC - [2013/02/13 19:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files\SAMSUNG\Kies\Kies.exe
PRC - [2013/02/06 05:17:56 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files\SAMSUNG\Kies\KiesAirMessage.exe
PRC - [2013/02/01 06:30:12 | 001,705,608 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files\Inbox Toolbar\Inbox.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/10 18:15:22 | 001,523,712 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe
PRC - [2012/10/05 16:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012/02/10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/04/25 17:52:37 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6b\waol.exe
PRC - [2011/04/25 17:52:36 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6b\shellmon.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/26 17:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
PRC - [2010/10/25 15:53:46 | 000,145,920 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2010/10/25 15:40:08 | 000,058,936 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/08/24 14:35:02 | 002,459,192 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1294466277\ee\aolsoftware.exe
PRC - [2009/11/04 19:20:14 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/13 21:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/12/31 15:46:20 | 000,286,720 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/22 08:16:21 | 000,126,976 | ---- | M] () -- C:\Users\anthony's\AppData\Roaming\skypePM\WINC9B4.exe
MOD - [2013/05/21 03:20:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/21 03:20:38 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\33125250f48dd834dde012979858b39f\System.Deployment.ni.dll
MOD - [2013/05/21 03:20:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/21 03:20:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/05/15 03:14:09 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1770f4fb3b437d05badf13679e8ff0bd\System.ServiceModel.Routing.ni.dll
MOD - [2013/05/15 03:14:08 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6f750662bfef47bb20c17230472d8e7f\System.ServiceModel.Discovery.ni.dll
MOD - [2013/05/15 03:14:07 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d30d2f75af7cdf3880c1b5d1a2622d81\System.ServiceModel.Channels.ni.dll
MOD - [2013/05/15 03:13:56 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\950a487ee233b20ac56f1e2fbe7b29f6\System.ServiceModel.Activities.ni.dll
MOD - [2013/05/15 03:13:54 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\ce2164d32e319ee1d047119316c19557\System.IdentityModel.ni.dll
MOD - [2013/05/15 03:13:52 | 018,123,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\35f10af8371c9953294e6bdc86b5458b\System.ServiceModel.ni.dll
MOD - [2013/05/15 03:13:31 | 001,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b24c65edc1e2688b3f42830b0c620492\System.ServiceModel.Web.ni.dll
MOD - [2013/05/15 03:11:25 | 000,615,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\8d615f862df4bbbce1e8db9d54e3f394\DevicePodcast.ni.dll
MOD - [2013/05/15 03:11:23 | 000,299,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\eddd2c10f7f26c7d9bc829d58a242107\DeviceVideo.ni.dll
MOD - [2013/05/15 03:11:22 | 000,353,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\ab17b49c15978762fa850b26cbf40381\DevicePhoto.ni.dll
MOD - [2013/05/15 03:11:21 | 000,305,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\d99262faddfef2aa5a9ebc3e3c8ec32a\DeviceMusic.ni.dll
MOD - [2013/05/15 03:11:20 | 000,473,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\42181272db5142f8c30b840f9e332f74\VideoManager.ni.dll
MOD - [2013/05/15 03:11:18 | 000,776,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\e0814673978d88e7ef315affeea8306a\PhotoManager.ni.dll
MOD - [2013/05/15 03:11:16 | 001,929,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\06fb33fe1cebe31db02a7eac1a0eff14\Phonebook.ni.dll
MOD - [2013/05/15 03:11:12 | 000,945,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\acf17db7e1bedb24137cf5762b5e0bbe\MusicManager.ni.dll
MOD - [2013/05/15 03:11:10 | 000,403,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\c3454a3e90594f92a4f72e1f3ef5b79b\BATPlugin.ni.dll
MOD - [2013/05/15 03:11:05 | 000,516,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\3a2e264f8b8bf90827c54222d425a119\Kies.Common.MediaDB.ni.dll
MOD - [2013/05/15 03:11:04 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\271b23fa48ab76fec3869dfd4ea08bf4\Kies.Common.AllShare.ni.dll
MOD - [2013/05/15 03:11:03 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\9f9c16840f99762681d5d22b513d9d16\Kies.Common.DBManager.ni.dll
MOD - [2013/05/15 03:11:02 | 000,205,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\24406f57b2cb550f87abd0550114e270\Kies.Common.MainUI.ni.dll
MOD - [2013/05/15 03:11:01 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\99c314ad36cb327c59650b7dd4fcc8b8\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013/05/15 03:11:00 | 000,572,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ebb02b742bfeaea2f90a1aa3d99c37bb\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013/05/15 03:10:59 | 001,098,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\79b19561e6e7dbe53b4de73806587710\Kies.Common.DeviceService.ni.dll
MOD - [2013/05/15 03:10:56 | 001,138,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\2e03016472dc796c1019d0bd36f97f06\Podcaster.ni.dll
MOD - [2013/05/15 03:10:52 | 000,732,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\316826735a887022bed5d0f8356c3a8a\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013/05/15 03:10:41 | 000,926,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c16c6f9947a9e8252dea5c6029aa6150\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013/05/15 03:10:37 | 002,209,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\1186a79a1a50b9457dd18371fa291f75\Kies.Common.Multimedia.ni.dll
MOD - [2013/05/15 03:10:33 | 000,628,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\718b3bb48bb3216ad901c16c4c548239\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013/05/15 03:10:25 | 006,797,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\3dc0083c87f0f44adde05b180aea3209\DeviceHost.ni.dll
MOD - [2013/05/15 03:10:15 | 000,281,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\c3080b42764ab8ddebed6db271335002\Kies.Common.Util.ni.dll
MOD - [2013/05/15 03:10:14 | 001,928,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\23211ec645a6c9ef85d69795920f3e8f\Kies.UI.ni.dll
MOD - [2013/05/15 03:10:11 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f67e1afe33aa6c76e375dbd4fa132363\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013/05/15 03:10:10 | 001,246,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\ba1f218cdc4b19c824a8e8159fb4ed92\Kies.Interface.ni.dll
MOD - [2013/05/15 03:09:42 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\2bb04ca46f8374826e4e6cafae120aa1\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/15 03:09:41 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\c9508bbbee390fa5c287a84d1a88d7d9\System.Runtime.Serialization.ni.dll
MOD - [2013/05/15 03:09:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\3801a5e161089434ffe30b9350881308\System.Xml.Linq.ni.dll
MOD - [2013/05/15 03:09:36 | 002,115,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\3de72d3e20498c62099e85da7fd44b3c\Kies.ni.exe
MOD - [2013/05/15 03:06:38 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll
MOD - [2013/05/15 03:06:25 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll
MOD - [2013/05/15 03:06:21 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll
MOD - [2013/05/15 03:06:18 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll
MOD - [2013/05/15 03:06:09 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll
MOD - [2013/05/15 03:06:03 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll
MOD - [2013/03/18 08:10:10 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\17b4a6296ab10e2cf9a1a54a73a13ec4\System.WorkflowServices.ni.dll
MOD - [2013/03/18 07:39:43 | 017,357,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\0f4155c806e86a023b835d9070774f89\Kies.Theme.ni.dll
MOD - [2013/03/18 07:39:41 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\1b6f3c9a32cd1976fb79b2445e586939\DummyStorePlugin.ni.dll
MOD - [2013/03/18 07:39:13 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\3c6667cbc29155082e58137643a1dff1\Kies.Common.StoreManager.ni.dll
MOD - [2013/03/18 07:39:12 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll
MOD - [2013/03/18 07:39:09 | 000,109,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\657f2c28fc2068324d9b0f1d9d596361\Kies.Common.CRMManager.ni.dll
MOD - [2013/03/18 07:39:07 | 000,043,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll
MOD - [2013/03/18 07:39:05 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\9a1d52e92dab2e5f906e4edae93b8b8c\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013/03/18 07:39:04 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\fa06b799153f9c28c1866319b3db5580\Interop.DevFileServiceLib.ni.dll
MOD - [2013/03/18 07:38:18 | 000,040,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d77da7b6668e27f63af7da941e221304\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013/03/18 07:38:01 | 000,743,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll
MOD - [2013/03/18 07:38:01 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013/03/18 07:38:01 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013/03/18 07:38:00 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013/03/18 07:38:00 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\29e8db641e3708219f13d2a3b7528278\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013/03/18 07:37:52 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\ed97f510e91aff4e4f00987ec1fb8b70\Interop.DeviceServiceModelDBLib.ni.dll
MOD - [2013/03/18 07:37:51 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0ec1f5148809454e7dd63148636a05b2\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/03/18 07:37:30 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll
MOD - [2013/03/18 07:37:28 | 001,599,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\5cf4d41e6de5af4c27e7b66b172f73df\Kies.Locale.ni.dll
MOD - [2013/03/18 07:37:28 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll
MOD - [2013/03/18 07:37:27 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\48c087dd6e18fcbd057e0b1dd6cfa2fd\Kies.MVVM.ni.dll
MOD - [2013/03/18 07:37:01 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013/03/18 07:36:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013/03/18 07:35:45 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\a9ecbe8beef8c04f60f9127ec6599abf\SMDiagnostics.ni.dll
MOD - [2013/03/18 07:35:32 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013/03/18 07:26:05 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
MOD - [2013/03/18 07:25:53 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013/03/18 07:25:42 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll
MOD - [2013/03/18 07:25:40 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013/03/18 07:25:30 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2013/02/14 04:25:00 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/14 04:24:50 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/01/09 04:31:23 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/09 04:26:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 04:26:14 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb4fa29ea9ab56d453b36696edbe6423\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013/01/09 04:26:05 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 04:25:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 04:25:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 04:25:26 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/10/10 18:21:34 | 000,094,208 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\DrmHelper.dll
MOD - [2012/10/10 18:20:24 | 002,093,056 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\STBServer.dll
MOD - [2012/10/10 18:19:50 | 007,344,128 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\VaultMediaClient.dll
MOD - [2012/10/10 18:17:38 | 001,380,352 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\CoreApp.dll
MOD - [2012/10/10 18:16:58 | 001,232,896 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\VideoTranscoder.dll
MOD - [2012/10/10 18:15:22 | 001,523,712 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe
MOD - [2012/10/10 18:14:56 | 000,286,720 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\AudioTranscoder.dll
MOD - [2012/10/10 18:14:46 | 002,449,408 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\Core.dll
MOD - [2012/10/10 18:11:52 | 000,307,200 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\id3lib.dll
MOD - [2012/10/10 18:11:52 | 000,217,088 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\RSAEncrypt.dll
MOD - [2011/09/24 19:58:22 | 001,502,552 | -HS- | M] () -- \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-292394957-402572938-3920472687-1001\Indiv01.key
MOD - [2011/09/07 12:39:34 | 000,066,664 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\3ivx\libfaac.dll
MOD - [2011/04/25 17:52:37 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6b\zlib.dll
MOD - [2010/10/25 15:36:22 | 000,119,864 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2006/11/08 15:58:38 | 000,449,280 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\fpxlib.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2013/05/17 02:13:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/15 10:09:14 | 000,806,776 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/03/23 02:28:51 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\UtilityChest_49\bar\1.bin\49barsvc.exe -- (UtilityChest_49Service)
SRV - [2012/02/10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 12:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/12/21 04:04:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/26 17:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV - [2010/10/25 15:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ANTHON~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/05/19 19:37:40 | 000,031,560 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/02/06 07:42:10 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/02/06 07:42:08 | 000,181,784 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/06/24 22:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/07/07 17:13:46 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2011/01/13 01:33:38 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/24 16:53:40 | 001,170,304 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerA706.sys -- (AVerA706)
DRV - [2009/07/13 19:51:24 | 000,026,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sonydcam.sys -- (sonydcam)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/02/19 15:22:52 | 000,127,744 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ArcHlp.sys -- (archlp)
DRV - [2008/05/28 13:54:38 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2008/05/28 13:54:38 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008/01/30 10:56:02 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2008/01/10 17:59:44 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx80.sys -- (SWUMX80)
DRV - [2007/08/23 08:29:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/08/23 08:29:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/08/23 08:29:46 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/08/03 06:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/28 11:44:58 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/06/28 11:44:16 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=29-05-2011
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\anthony's\Documents\Vuze Downloads
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\URLSearchHook: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - No CLSID value found
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://searchservice...q={searchTerms}
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{43CA9FCE-CC2A-4DA3-968B-20624ACC1CA5}: "URL" = http://search.condui...499100741768276
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=29-05-2011
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{54B7D308-B001-4C6A-BAC8-1A7D1E8D6128}: "URL" = http://www.google.co...&rlz=1I7WZPC_en
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...n=2.5.15001.521
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7WZPC_en
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{BF5F9A54-B026-40D7-B22A-8647AA51BEBF}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...&iwk=241&lng=en
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/02/09 01:13:03 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2013/05/20 12:04:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Search Assistant BHO) - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1294466277\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TimeServer] C:\Users\anthony's\AppData\Roaming\skypePM\WINC9B4.exe ()
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Utility Chest Search Scope Monitor] C:\Program Files\UtilityChest_49\bar\1.bin\49SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [UtilityChest_49 Browser Plugin Loader] C:\Program Files\UtilityChest_49\bar\1.bin\49brmon.exe (VER_COMPANY_NAME)
O4 - HKU\S-1-5-21-292394957-402572938-3920472687-1001..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6b\AOL.EXE (AOL Inc.)
O4 - HKU\S-1-5-21-292394957-402572938-3920472687-1001..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-21-292394957-402572938-3920472687-1001..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-292394957-402572938-3920472687-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-292394957-402572938-3920472687-1001..\Run: [Verizon Media Manager] C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe ()
O4 - Startup: C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-292394957-402572938-3920472687-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-292394957-402572938-3920472687-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-292394957-402572938-3920472687-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} https://www.mydlink..../camclictrl.cab (Camera Stream Client Control Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1ABD02CB-7F71-4374-94F6-EFD8A6737B9F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/21 03:01:58 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/21 03:01:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/21 03:01:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/21 03:01:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/21 03:01:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/21 03:01:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/21 03:01:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/21 03:01:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/20 17:12:18 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/05/20 17:12:17 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/20 17:11:59 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/20 17:11:51 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/20 17:11:51 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/05/20 12:04:24 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/05/20 11:51:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/20 11:51:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/20 11:51:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/20 11:51:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/20 11:51:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/19 21:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2013/05/19 21:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze Remote Toolbar
[2013/05/19 21:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2013/05/19 19:38:00 | 000,000,000 | ---D | C] -- C:\Users\anthony's\AppData\Roaming\Malwarebytes
[2013/05/19 19:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/19 19:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/19 19:37:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/19 19:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/17 01:58:48 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/05/17 01:21:12 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/17 01:21:12 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/16 15:47:46 | 000,000,000 | ---D | C] -- C:\NBRT
[2013/05/10 01:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2013/05/10 00:40:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Verizon_Android
[2013/05/07 07:44:41 | 000,000,000 | ---D | C] -- C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/04/29 01:57:57 | 000,000,000 | ---D | C] -- C:\Users\anthony's\AppData\Roaming\vlc
[2011/05/23 04:47:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\anthony's\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/22 11:33:47 | 000,326,718 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/22 11:33:47 | 000,045,652 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/22 11:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/22 10:42:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 08:36:26 | 000,015,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 08:36:26 | 000,015,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 08:13:38 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 04:08:12 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/05/22 04:07:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/22 04:07:53 | 1617,280,647 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/22 04:07:50 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/21 03:19:35 | 000,292,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/20 12:04:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/20 11:35:14 | 000,001,367 | ---- | M] () -- C:\Users\anthony's\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/19 21:41:54 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/05/19 21:41:54 | 000,001,754 | ---- | M] () -- C:\Users\anthony's\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/05/19 19:37:58 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/19 19:37:40 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/05/17 02:13:32 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/17 02:13:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/05 15:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/29 01:57:01 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/22 04:07:53 | 1617,280,647 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/20 11:51:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/20 11:51:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/20 11:51:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/20 11:51:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/20 11:51:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/19 19:37:58 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/19 19:37:40 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/05/17 01:21:13 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/07 07:44:41 | 000,001,373 | ---- | C] () -- C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/04/29 01:57:01 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/02/05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/02/05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/02/05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/02/05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/02/05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/01/21 01:19:32 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2013/01/21 01:19:32 | 000,000,230 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2013/01/09 02:27:15 | 000,127,744 | ---- | C] () -- C:\Windows\System32\drivers\ArcHlp.sys
[2012/11/07 01:14:05 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/01/10 17:23:31 | 001,237,200 | ---- | C] () -- C:\Windows\System32\DcsCliCtrl.dll
[2011/12/24 00:36:02 | 000,010,068 | -HS- | C] () -- C:\Users\anthony's\AppData\Local\ofl8br2sh1704f74n2enxlo7ywh501
[2011/12/24 00:36:02 | 000,010,068 | -HS- | C] () -- C:\ProgramData\ofl8br2sh1704f74n2enxlo7ywh501
[2011/07/10 11:22:18 | 000,000,000 | ---- | C] () -- C:\Users\anthony's\AppData\Local\{C10DF118-4E4D-4F74-A25A-BB4E9082CE9B}
[2011/07/01 07:03:41 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/01 07:02:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/23 04:48:59 | 000,001,057 | ---- | C] () -- C:\Users\anthony's\AppData\Roaming\vso_ts_preview.xml
[2011/05/23 04:47:00 | 000,087,608 | ---- | C] () -- C:\Users\anthony's\AppData\Roaming\inst.exe
[2011/05/23 04:47:00 | 000,007,887 | ---- | C] () -- C:\Users\anthony's\AppData\Roaming\pcouffin.cat
[2011/05/23 04:47:00 | 000,001,144 | ---- | C] () -- C:\Users\anthony's\AppData\Roaming\pcouffin.inf
[2011/04/09 09:07:57 | 000,213,187 | ---- | C] () -- C:\Users\anthony's\AppData\Roaming\MMUpgrade.jpg
[2011/01/06 21:28:13 | 000,033,280 | ---- | C] () -- C:\Users\anthony's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/01 16:52:13 | 000,000,017 | ---- | C] () -- C:\Users\anthony's\AppData\Local\resmon.resmoncfg
[2010/12/24 18:44:18 | 000,000,116 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 21:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 00:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 21:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 08:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 17:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 00:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 21:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 08:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/13 21:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 12:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 21:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 06:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 01:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 21:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 08:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 21:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 01:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 08:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 08:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 00:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 08:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 08:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 08:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 08:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 08:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 08:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 08:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 08:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 21:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 08:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2013/02/01 01:42:20 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 17:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 22:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.LOG >
[2011/05/28 09:23:29 | 000,058,372 | ---- | M] () MD5=F8E389A7CDD24FCDB764E3ECE91792BE -- C:\ProgramData\HP\Installer\Temp\services.log
[2011/05/28 09:23:29 | 000,058,372 | ---- | M] () MD5=F8E389A7CDD24FCDB764E3ECE91792BE -- C:\Users\All Users\HP\Installer\Temp\services.log

< MD5 for: SERVICES.MOF >
[2009/06/10 17:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 17:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 16:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 06D5-44EA
Directory of C:\
07/14/2009 12:53 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender
07/14/2009 12:56 AM <SYMLINKD> en-US [c:\windows\system32\config]
07/13/2009 09:15 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
07/13/2009 09:15 PM <SYMLINK> MpClient.dll [c:\windows\system32\config]
07/13/2009 09:14 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
11/20/2010 08:19 AM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
07/13/2009 09:06 PM <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
07/13/2009 09:15 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
07/13/2009 09:15 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
07/13/2009 09:15 PM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
07/13/2009 09:14 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
11/20/2010 08:19 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
07/13/2009 09:07 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
07/13/2009 09:15 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
12 File(s) 2,930,176 bytes
Directory of C:\Program Files\Windows Defender\en-US\systemprofile
01/03/2013 11:29 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
01/03/2013 11:29 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local
01/03/2013 11:29 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
01/03/2013 11:29 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/03/2013 11:29 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:53 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\anthony's
12/18/2010 02:07 PM <JUNCTION> Application Data [C:\Users\anthony's\AppData\Roaming]
12/18/2010 02:07 PM <JUNCTION> Cookies [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Cookies]
12/18/2010 02:07 PM <JUNCTION> Local Settings [C:\Users\anthony's\AppData\Local]
12/18/2010 02:07 PM <JUNCTION> My Documents [C:\Users\anthony's\Documents]
12/18/2010 02:07 PM <JUNCTION> NetHood [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/18/2010 02:07 PM <JUNCTION> PrintHood [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/18/2010 02:07 PM <JUNCTION> Recent [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Recent]
12/18/2010 02:07 PM <JUNCTION> SendTo [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\SendTo]
12/18/2010 02:07 PM <JUNCTION> Start Menu [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Start Menu]
12/18/2010 02:07 PM <JUNCTION> Templates [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\anthony's\AppData\Local
12/18/2010 02:07 PM <JUNCTION> Application Data [C:\Users\anthony's\AppData\Local]
12/18/2010 02:07 PM <JUNCTION> History [C:\Users\anthony's\AppData\Local\Microsoft\Windows\History]
12/18/2010 02:07 PM <JUNCTION> Temporary Internet Files [C:\Users\anthony's\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\anthony's\Documents
12/18/2010 02:07 PM <JUNCTION> My Music [C:\Users\anthony's\Music]
12/18/2010 02:07 PM <JUNCTION> My Pictures [C:\Users\anthony's\Pictures]
12/18/2010 02:07 PM <JUNCTION> My Videos [C:\Users\anthony's\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:53 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:53 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:53 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:53 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:53 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:53 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:53 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:53 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
10/10/2012 01:54 AM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
10/10/2012 01:54 AM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
10/10/2012 01:54 AM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
10/10/2012 01:54 AM <JUNCTION> My Documents [C:\Users\Guest\Documents]
10/10/2012 01:54 AM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/10/2012 01:54 AM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/10/2012 01:54 AM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
10/10/2012 01:54 AM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
10/10/2012 01:54 AM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
10/10/2012 01:54 AM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
10/10/2012 01:54 AM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
10/10/2012 01:54 AM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
10/10/2012 01:54 AM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
10/10/2012 01:54 AM <JUNCTION> My Music [C:\Users\Guest\Music]
10/10/2012 01:54 AM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
10/10/2012 01:54 AM <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
01/03/2013 11:29 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
01/03/2013 11:29 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
01/03/2013 11:29 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
01/03/2013 11:29 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/03/2013 11:29 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4
07/13/2009 09:06 PM <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
1 File(s) 52,224 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0
07/13/2009 09:15 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
07/13/2009 09:15 PM <SYMLINK> MpClient.dll [c:\windows\system32\config]
07/13/2009 09:14 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
11/20/2010 08:19 AM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
07/13/2009 09:15 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
07/13/2009 09:15 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
07/13/2009 09:15 PM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
07/13/2009 09:14 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
11/20/2010 08:19 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
07/13/2009 09:07 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
07/13/2009 09:15 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
11 File(s) 2,877,952 bytes
Total Files Listed:
24 File(s) 5,860,352 bytes
76 Dir(s) 125,913,047,040 bytes free

< End of report >

#4
GEEgee57

Posted 22 May 2013 - 09:45 AM

Member

Topic Starter
Member
79 posts

sorry, i saw one at a time after i already pasted this

#5
GEEgee57

Posted 22 May 2013 - 09:51 AM

Member

Topic Starter
Member
79 posts

i didnt post the extras.txt yet

#6
GEEgee57

Posted 22 May 2013 - 09:54 AM

Member

Topic Starter
Member
79 posts

OTL Extras logfile created on: 5/22/2013 11:32:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 58.26% Memory free
5.98 Gb Paging File | 4.36 Gb Available in Paging File | 72.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 117.40 Gb Free Space | 39.40% Space Free | Partition Type: NTFS
Drive E: | 1.86 Gb Total Space | 1.84 Gb Free Space | 98.80% Space Free | Partition Type: FAT

Computer Name: ANTHONYS-PC | User Name: anthony's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{E92BBCD6-D46E-4A4A-80CB-6A1EAA1D2B6E}C:\program files\verizon\verizon media manager\release\verizon media manager.exe" = protocol=6 | dir=in | app=c:\program files\verizon\verizon media manager\release\verizon media manager.exe |
"UDP Query User{F4B04ED7-5A6E-46BA-986F-425E2CCE1ED6}C:\program files\verizon\verizon media manager\release\verizon media manager.exe" = protocol=17 | dir=in | app=c:\program files\verizon\verizon media manager\release\verizon media manager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01D42BF0-ED08-463f-8A28-99EB6FEE962B}" = ZTE Handset USB Driver
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22FE3793-5961-4ADE-AE66-69D9291C22B1}" = HPLaserJetHelp_LearnCenter
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EF6F0AE-5471-44BF-9809-B6FAD9D04478}" = Angry Birds Star Wars
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48A4AB80-3D19-47FD-9EE5-5641210BC79D}" = Vuze Remote Toolbar v7.1
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{924C3473-1138-4547-ADE3-B78954A806A9}" = PowerArchiver 2010
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{93A038DC-5F4C-4463-9847-E184E74951B6}" = Digital Cable Advisor
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A82D0C46-EBDF-4B27-A731-D06EF2056E81}" = HP FWUpdateEDO3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver
"{D58D3C8E-2B39-455C-AE79-878AEA3D38FC}" = HP Unified IO
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F97B750E-554D-4194-BF3F-41EA91389E10}" = ArcSoft TotalMedia Extreme
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AviSynth" = AviSynth 2.5
"cineMobile iPhone & Android 2012" = cineMobile iPhone & Android
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Freemake Video Converter_is1" = Freemake Video Converter version 3.2.1
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Logitech Unifying" = Logitech Unifying Software 2.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SolarApp" = Logitech Solar App 1.0
"TVWiz" = Intel® TV Wizard
"UtilityChest_49bar Uninstall" = Utility Chest Toolbar
"Verizon Media Manager" = Verizon Media Manager
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.0
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-292394957-402572938-3920472687-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent 6.0
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2013 12:20:02 AM | Computer Name = anthonys-PC | Source = MsiInstaller | ID = 11719
Description =

Error - 5/17/2013 1:44:42 AM | Computer Name = anthonys-PC | Source = VSS | ID = 8193
Description =

Error - 5/17/2013 1:44:42 AM | Computer Name = anthonys-PC | Source = System Restore | ID = 8193
Description =

Error - 5/19/2013 10:13:36 PM | Computer Name = anthonys-PC | Source = Application Error | ID = 1000
Description = Faulting application name: twunk_32.exe, version: 1.7.1.0, time stamp:
0x4a5bcdf0 Faulting module name: MSHTML.dll, version: 10.0.9200.16540, time stamp:
0x5125ef5c Exception code: 0xc0000005 Fault offset: 0x0042f27a Faulting process id:
0xdb8 Faulting application start time: 0x01ce54feea642f04 Faulting application path:
C:\Windows\twunk_32.exe Faulting module path: C:\Windows\system32\MSHTML.dll Report
Id: e0479bd6-c0f2-11e2-ab20-00038a000015

Error - 5/19/2013 10:35:57 PM | Computer Name = anthonys-PC | Source = Application Error | ID = 1000
Description = Faulting application name: twunk_32.exe, version: 1.7.1.0, time stamp:
0x4a5bcdf0 Faulting module name: MSHTML.dll, version: 10.0.9200.16540, time stamp:
0x5125ef5c Exception code: 0xc0000005 Fault offset: 0x0042f27a Faulting process id:
0x840 Faulting application start time: 0x01ce550244e30bd9 Faulting application path:
C:\Windows\twunk_32.exe Faulting module path: C:\Windows\system32\MSHTML.dll Report
Id: ffb4f87a-c0f5-11e2-ab20-00038a000015

Error - 5/20/2013 10:39:37 AM | Computer Name = anthonys-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Spigot\Search Settings\SearchSettings64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/20/2013 10:40:18 AM | Computer Name = anthonys-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Vuze\Azureus64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/21/2013 3:49:30 AM | Computer Name = anthonys-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Spigot\Search Settings\SearchSettings64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/21/2013 3:50:12 AM | Computer Name = anthonys-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Vuze\Azureus64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/22/2013 12:30:14 AM | Computer Name = anthonys-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Spigot\Search Settings\SearchSettings64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/22/2013 12:30:54 AM | Computer Name = anthonys-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Vuze\Azureus64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 12/5/2012 5:03:36 PM | Computer Name = anthonys-PC | Source = MCUpdate | ID = 0
Description = 4:03:36 PM - Error connecting to the internet. 4:03:36 PM - Unable
to contact server..

Error - 12/5/2012 5:04:50 PM | Computer Name = anthonys-PC | Source = MCUpdate | ID = 0
Description = 4:04:06 PM - Error connecting to the internet. 4:04:06 PM - Unable
to contact server..

Error - 12/5/2012 6:05:39 PM | Computer Name = anthonys-PC | Source = MCUpdate | ID = 0
Description = 5:05:39 PM - Error connecting to the internet. 5:05:39 PM - Unable
to contact server..

Error - 12/5/2012 6:06:40 PM | Computer Name = anthonys-PC | Source = MCUpdate | ID = 0
Description = 5:06:09 PM - Error connecting to the internet. 5:06:09 PM - Unable
to contact server..

Error - 1/4/2013 12:58:00 PM | Computer Name = anthonys-PC | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) AVerMedia BDA ATSC Tuner

Error - 1/4/2013 9:58:00 PM | Computer Name = anthonys-PC | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) AVerMedia BDA ATSC Tuner

Error - 1/7/2013 12:07:18 AM | Computer Name = anthonys-PC | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) AVerMedia BDA ATSC Tuner

Error - 1/7/2013 12:08:46 AM | Computer Name = anthonys-PC | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) AVerMedia BDA ATSC Tuner

Error - 1/7/2013 12:15:26 AM | Computer Name = anthonys-PC | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) AVerMedia BDA ATSC Tuner

Error - 1/14/2013 3:10:33 PM | Computer Name = anthonys-PC | Source = MCUpdate | ID = 0
Description = 2:10:22 PM - Error connecting to the internet. 2:10:22 PM - Unable
to contact server..

[ System Events ]
Error - 5/22/2013 3:01:32 AM | Computer Name = anthonys-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.

Error - 5/22/2013 3:01:32 AM | Computer Name = anthonys-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.

Error - 5/22/2013 3:01:32 AM | Computer Name = anthonys-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.

Error - 5/22/2013 3:01:32 AM | Computer Name = anthonys-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.

Error - 5/22/2013 3:02:02 AM | Computer Name = anthonys-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 5/22/2013 4:08:00 AM | Computer Name = anthonys-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:05:29 AM on ?5/?22/?2013 was unexpected.

Error - 5/22/2013 4:08:06 AM | Computer Name = anthonys-PC | Source = BugCheck | ID = 1001
Description =

Error - 5/22/2013 4:08:12 AM | Computer Name = anthonys-PC | Source = Service Control Manager | ID = 7000
Description = The IHA_MessageCenter service failed to start due to the following
error: %%2

Error - 5/22/2013 4:08:13 AM | Computer Name = anthonys-PC | Source = Service Control Manager | ID = 7023
Description = The WinDefend service terminated with the following error: %%5

Error - 5/22/2013 8:32:09 AM | Computer Name = anthonys-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
1.151.543.0).

< End of report >

#7
Jasmyne

Posted 22 May 2013 - 11:41 AM

Trusted Helper

Malware Removal
2,010 posts

P2P Warning!

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Vuze
BitTorrent

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Cyber Education Letter
File sharing infects 500,000 computers
USAToday

I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.
[/list]
----------------------------
Now that's out of the way, lets get started

Step 1 Batch File

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Click on the Start button and in the search box, type Notepad and click on it

Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad

fsutil reparsepoint delete "C:\Program Files\Windows Defender\en-US"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpAsDesc.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpClient.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCmdRun.exe"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCommu.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpEvMsg.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpOAV.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRTP.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MSASCui.exe"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpCom.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpLics.dll"
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpRes.dll"
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpAsDesc.dll"
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpClient.dll"
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpCmdRun.exe"
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpCommu.dll"
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpOAV.dll"
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpRTP.dll"
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpSvc.dll"
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MSASCui.exe"
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MsMpCom.dll"
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MsMpLics.dll"
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MsMpRes.dll"
fsutil reparsepoint delete "C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4\MpEvMsg.dll"
CD \
DIR /S /A:L > %USERPROFILE%\Desktop\JunctionPoints.txt
START JunctionPoints.txt
EXIT

Go to File > Save As... and save it to your flashdrive named fix.bat. Make sure you change the Save as type to All Files (*.*)
Copy fix.bat on your flashdrive and then to the desktop of the infected computer and right click then select Run as administrator

Please copy the contents of JunctionPoints.txt on your desktop to your next post.

Step 2 OTL Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box, right click and click Copy.

:OTL
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=29-05-2011
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\URLSearchHook: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - No CLSID value found
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{43CA9FCE-CC2A-4DA3-968B-20624ACC1CA5}: "URL" = http://search.condui...499100741768276
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=29-05-2011
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...&iwk=241&lng=en
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Search Assistant BHO) - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TimeServer] C:\Users\anthony's\AppData\Roaming\skypePM\WINC9B4.exe ()
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [Utility Chest Search Scope Monitor] C:\Program Files\UtilityChest_49\bar\1.bin\49SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [UtilityChest_49 Browser Plugin Loader] C:\Program Files\UtilityChest_49\bar\1.bin\49brmon.exe (VER_COMPANY_NAME)
[2013/05/19 21:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze Remote Toolbar
[2013/05/19 21:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/12/24 00:36:02 | 000,010,068 | -HS- | C] () -- C:\Users\anthony's\AppData\Local\ofl8br2sh1704f74n2enxlo7ywh501
[2011/12/24 00:36:02 | 000,010,068 | -HS- | C] () -- C:\ProgramData\ofl8br2sh1704f74n2enxlo7ywh501

:Commands
[emptytemp]

2. Please re-open Posted Image

on your desktop.
3. Place the mouse pointer inside the Posted Image

textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image

button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image

button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image

button. Post the log it produces in your next reply.

Step 3 Run AdwCleaner

Download AdwCleaner from here or here and save it to your desktop.
Run AdwCleaner and select Delete
Once it has completed it will ask to reboot the computer, please allow it to so.
After the computer reboots, a log will be produced. Please attach that log to your next post.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. JunctionPoints.txt
2. OTL Fix
3. New OTL Log
4. adwCleaner Log
5. How is your computer running now?

#8
GEEgee57

Posted 22 May 2013 - 12:24 PM

Member

Topic Starter
Member
79 posts

after i did fix.bat...........ran as administrator.....it says windows cannot find file junction points.txt....make sure file is correct and try again

#9
Jasmyne

Posted 22 May 2013 - 12:43 PM

Trusted Helper

Malware Removal
2,010 posts

Go ahead and continue with the next two steps in the previous post and then we will check to see if the batch file did its job.

#10
GEEgee57

Posted 22 May 2013 - 01:02 PM

Member

Topic Starter
Member
79 posts

ok i try now thanks

#11
GEEgee57

Posted 22 May 2013 - 01:12 PM

Member

Topic Starter
Member
79 posts

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_USERS\S-1-5-21-292394957-402572938-3920472687-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\ deleted successfully.
File move failed. C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-292394957-402572938-3920472687-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a}\ not found.
Registry key HKEY_USERS\S-1-5-21-292394957-402572938-3920472687-1001\SOFTWARE\Classes\CLSID\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a}\ deleted successfully.
HKEY_USERS\S-1-5-21-292394957-402572938-3920472687-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-292394957-402572938-3920472687-1001\Software\Microsoft\Internet Explorer\SearchScopes\{43CA9FCE-CC2A-4DA3-968B-20624ACC1CA5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43CA9FCE-CC2A-4DA3-968B-20624ACC1CA5}\ not found.
Registry key HKEY_USERS\S-1-5-21-292394957-402572938-3920472687-1001\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.
Registry key HKEY_USERS\S-1-5-21-292394957-402572938-3920472687-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-292394957-402572938-3920472687-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\ not found.
File move failed. C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06e05b40-77fa-40b6-9077-ed1a7577b1ef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06e05b40-77fa-40b6-9077-ed1a7577b1ef}\ deleted successfully.
File move failed. C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
C:\Program Files\Inbox Toolbar\Inbox.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\ not found.
File move failed. C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ deleted successfully.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry value HKEY_USERS\S-1-5-21-292394957-402572938-3920472687-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TimeServer deleted successfully.
C:\Users\anthony's\AppData\Roaming\skypePM\WINC9B4.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\InboxToolbar deleted successfully.
C:\Program Files\Inbox Toolbar\Inbox.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Utility Chest Search Scope Monitor deleted successfully.
C:\Program Files\UtilityChest_49\bar\1.bin\49SrchMn.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UtilityChest_49 Browser Plugin Loader deleted successfully.
C:\Program Files\UtilityChest_49\bar\1.bin\49brmon.exe moved successfully.
C:\Program Files\Vuze Remote Toolbar\Res\Lang folder moved successfully.
C:\Program Files\Vuze Remote Toolbar\Res folder moved successfully.
Folder move failed. C:\Program Files\Vuze Remote Toolbar\IE\7.1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Vuze Remote Toolbar\IE scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Vuze Remote Toolbar scheduled to be moved on reboot.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot\GC folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Users\anthony's\AppData\Local\ofl8br2sh1704f74n2enxlo7ywh501 moved successfully.
C:\ProgramData\ofl8br2sh1704f74n2enxlo7ywh501 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: anthony's
->Temp folder emptied: 799195 bytes
->Temporary Internet Files folder emptied: 314607080 bytes
->Java cache emptied: 2637096 bytes
->Flash cache emptied: 55489 bytes

#12
GEEgee57

Posted 22 May 2013 - 01:12 PM

Member

Topic Starter
Member
79 posts

should i do the quick scan now or no?

#13
Jasmyne

Posted 22 May 2013 - 01:16 PM

Trusted Helper

Malware Removal
2,010 posts

Yes go ahead with the OTL scan, but instead of a Quick Scan, paste this line:

dir C:\ /S /A:L /C

Into the Custom Scan Box, Select Scan All Users as we've done previously and then Click Run Scan. It will get our new scan and check to see if the other was fixed with the batch file previously as well.

#14
GEEgee57

Posted 22 May 2013 - 01:32 PM

Member

Topic Starter
Member
79 posts

ok great...its running now....

#15
GEEgee57

Posted 22 May 2013 - 01:41 PM

Member

Topic Starter
Member
79 posts

OTL logfile created on: 5/22/2013 3:35:40 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.16% Memory free
5.98 Gb Paging File | 4.78 Gb Available in Paging File | 79.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 117.57 Gb Free Space | 39.45% Space Free | Partition Type: NTFS
Drive E: | 1.86 Gb Total Space | 1.83 Gb Free Space | 98.18% Space Free | Partition Type: FAT

Computer Name: ANTHONYS-PC | User Name: anthony's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/15 10:09:14 | 000,806,776 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2013/03/27 16:18:02 | 001,098,072 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
PRC - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/03/23 02:28:51 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\UtilityChest_49\bar\1.bin\49barsvc.exe
PRC - [2013/02/13 19:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
PRC - [2013/02/13 19:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files\SAMSUNG\Kies\Kies.exe
PRC - [2013/02/06 05:17:56 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files\SAMSUNG\Kies\KiesAirMessage.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/10 18:15:22 | 001,523,712 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe
PRC - [2012/10/05 16:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012/02/10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/04/25 17:52:37 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6b\waol.exe
PRC - [2011/04/25 17:52:36 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6b\shellmon.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/26 17:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
PRC - [2010/10/25 15:53:46 | 000,145,920 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2010/10/25 15:40:08 | 000,058,936 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/08/24 14:35:02 | 002,459,192 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1294466277\ee\aolsoftware.exe
PRC - [2009/11/04 19:20:14 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/12/31 15:46:20 | 000,286,720 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\uBBMonitor.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/21 03:20:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/21 03:20:38 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\33125250f48dd834dde012979858b39f\System.Deployment.ni.dll
MOD - [2013/05/21 03:20:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/21 03:20:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/05/15 03:14:09 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1770f4fb3b437d05badf13679e8ff0bd\System.ServiceModel.Routing.ni.dll
MOD - [2013/05/15 03:14:08 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6f750662bfef47bb20c17230472d8e7f\System.ServiceModel.Discovery.ni.dll
MOD - [2013/05/15 03:14:07 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d30d2f75af7cdf3880c1b5d1a2622d81\System.ServiceModel.Channels.ni.dll
MOD - [2013/05/15 03:13:56 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\950a487ee233b20ac56f1e2fbe7b29f6\System.ServiceModel.Activities.ni.dll
MOD - [2013/05/15 03:13:54 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\ce2164d32e319ee1d047119316c19557\System.IdentityModel.ni.dll
MOD - [2013/05/15 03:13:52 | 018,123,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\35f10af8371c9953294e6bdc86b5458b\System.ServiceModel.ni.dll
MOD - [2013/05/15 03:13:31 | 001,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b24c65edc1e2688b3f42830b0c620492\System.ServiceModel.Web.ni.dll
MOD - [2013/05/15 03:11:25 | 000,615,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\8d615f862df4bbbce1e8db9d54e3f394\DevicePodcast.ni.dll
MOD - [2013/05/15 03:11:23 | 000,299,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\eddd2c10f7f26c7d9bc829d58a242107\DeviceVideo.ni.dll
MOD - [2013/05/15 03:11:22 | 000,353,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\ab17b49c15978762fa850b26cbf40381\DevicePhoto.ni.dll
MOD - [2013/05/15 03:11:21 | 000,305,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\d99262faddfef2aa5a9ebc3e3c8ec32a\DeviceMusic.ni.dll
MOD - [2013/05/15 03:11:20 | 000,473,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\42181272db5142f8c30b840f9e332f74\VideoManager.ni.dll
MOD - [2013/05/15 03:11:18 | 000,776,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\e0814673978d88e7ef315affeea8306a\PhotoManager.ni.dll
MOD - [2013/05/15 03:11:16 | 001,929,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\06fb33fe1cebe31db02a7eac1a0eff14\Phonebook.ni.dll
MOD - [2013/05/15 03:11:12 | 000,945,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\acf17db7e1bedb24137cf5762b5e0bbe\MusicManager.ni.dll
MOD - [2013/05/15 03:11:10 | 000,403,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\c3454a3e90594f92a4f72e1f3ef5b79b\BATPlugin.ni.dll
MOD - [2013/05/15 03:11:05 | 000,516,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\3a2e264f8b8bf90827c54222d425a119\Kies.Common.MediaDB.ni.dll
MOD - [2013/05/15 03:11:04 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\271b23fa48ab76fec3869dfd4ea08bf4\Kies.Common.AllShare.ni.dll
MOD - [2013/05/15 03:11:03 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\9f9c16840f99762681d5d22b513d9d16\Kies.Common.DBManager.ni.dll
MOD - [2013/05/15 03:11:02 | 000,205,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\24406f57b2cb550f87abd0550114e270\Kies.Common.MainUI.ni.dll
MOD - [2013/05/15 03:11:01 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\99c314ad36cb327c59650b7dd4fcc8b8\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013/05/15 03:11:00 | 000,572,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ebb02b742bfeaea2f90a1aa3d99c37bb\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013/05/15 03:10:59 | 001,098,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\79b19561e6e7dbe53b4de73806587710\Kies.Common.DeviceService.ni.dll
MOD - [2013/05/15 03:10:56 | 001,138,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\2e03016472dc796c1019d0bd36f97f06\Podcaster.ni.dll
MOD - [2013/05/15 03:10:52 | 000,732,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\316826735a887022bed5d0f8356c3a8a\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013/05/15 03:10:41 | 000,926,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c16c6f9947a9e8252dea5c6029aa6150\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013/05/15 03:10:37 | 002,209,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\1186a79a1a50b9457dd18371fa291f75\Kies.Common.Multimedia.ni.dll
MOD - [2013/05/15 03:10:33 | 000,628,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\718b3bb48bb3216ad901c16c4c548239\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013/05/15 03:10:25 | 006,797,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\3dc0083c87f0f44adde05b180aea3209\DeviceHost.ni.dll
MOD - [2013/05/15 03:10:15 | 000,281,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\c3080b42764ab8ddebed6db271335002\Kies.Common.Util.ni.dll
MOD - [2013/05/15 03:10:14 | 001,928,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\23211ec645a6c9ef85d69795920f3e8f\Kies.UI.ni.dll
MOD - [2013/05/15 03:10:11 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f67e1afe33aa6c76e375dbd4fa132363\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013/05/15 03:10:10 | 001,246,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\ba1f218cdc4b19c824a8e8159fb4ed92\Kies.Interface.ni.dll
MOD - [2013/05/15 03:09:42 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\2bb04ca46f8374826e4e6cafae120aa1\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/15 03:09:41 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\c9508bbbee390fa5c287a84d1a88d7d9\System.Runtime.Serialization.ni.dll
MOD - [2013/05/15 03:09:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\3801a5e161089434ffe30b9350881308\System.Xml.Linq.ni.dll
MOD - [2013/05/15 03:09:36 | 002,115,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\3de72d3e20498c62099e85da7fd44b3c\Kies.ni.exe
MOD - [2013/05/15 03:06:38 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll
MOD - [2013/05/15 03:06:25 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll
MOD - [2013/05/15 03:06:21 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll
MOD - [2013/05/15 03:06:18 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll
MOD - [2013/05/15 03:06:09 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll
MOD - [2013/05/15 03:06:03 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll
MOD - [2013/03/18 08:10:10 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\17b4a6296ab10e2cf9a1a54a73a13ec4\System.WorkflowServices.ni.dll
MOD - [2013/03/18 07:39:43 | 017,357,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\0f4155c806e86a023b835d9070774f89\Kies.Theme.ni.dll
MOD - [2013/03/18 07:39:41 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\1b6f3c9a32cd1976fb79b2445e586939\DummyStorePlugin.ni.dll
MOD - [2013/03/18 07:39:13 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\3c6667cbc29155082e58137643a1dff1\Kies.Common.StoreManager.ni.dll
MOD - [2013/03/18 07:39:12 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll
MOD - [2013/03/18 07:39:09 | 000,109,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\657f2c28fc2068324d9b0f1d9d596361\Kies.Common.CRMManager.ni.dll
MOD - [2013/03/18 07:39:07 | 000,043,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\7296ee8d41eeb2bcc543df81eea19ebe\Interop.FUSCryptLib.ni.dll
MOD - [2013/03/18 07:39:05 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\9a1d52e92dab2e5f906e4edae93b8b8c\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013/03/18 07:39:04 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\fa06b799153f9c28c1866319b3db5580\Interop.DevFileServiceLib.ni.dll
MOD - [2013/03/18 07:38:18 | 000,040,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d77da7b6668e27f63af7da941e221304\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013/03/18 07:38:01 | 000,743,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll
MOD - [2013/03/18 07:38:01 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013/03/18 07:38:01 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013/03/18 07:38:00 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013/03/18 07:38:00 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\29e8db641e3708219f13d2a3b7528278\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013/03/18 07:37:52 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\ed97f510e91aff4e4f00987ec1fb8b70\Interop.DeviceServiceModelDBLib.ni.dll
MOD - [2013/03/18 07:37:51 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0ec1f5148809454e7dd63148636a05b2\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/03/18 07:37:30 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll
MOD - [2013/03/18 07:37:28 | 001,599,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\5cf4d41e6de5af4c27e7b66b172f73df\Kies.Locale.ni.dll
MOD - [2013/03/18 07:37:28 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll
MOD - [2013/03/18 07:37:27 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\48c087dd6e18fcbd057e0b1dd6cfa2fd\Kies.MVVM.ni.dll
MOD - [2013/03/18 07:37:01 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013/03/18 07:36:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013/03/18 07:35:45 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\a9ecbe8beef8c04f60f9127ec6599abf\SMDiagnostics.ni.dll
MOD - [2013/03/18 07:35:32 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013/03/18 07:26:05 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
MOD - [2013/03/18 07:25:53 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013/03/18 07:25:42 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll
MOD - [2013/03/18 07:25:40 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013/03/18 07:25:30 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2013/02/14 04:25:00 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/14 04:24:50 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/01/09 04:31:23 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/09 04:26:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 04:26:14 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb4fa29ea9ab56d453b36696edbe6423\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013/01/09 04:26:05 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 04:25:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 04:25:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 04:25:26 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/10/10 18:21:34 | 000,094,208 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\DrmHelper.dll
MOD - [2012/10/10 18:20:24 | 002,093,056 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\STBServer.dll
MOD - [2012/10/10 18:19:50 | 007,344,128 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\VaultMediaClient.dll
MOD - [2012/10/10 18:17:38 | 001,380,352 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\CoreApp.dll
MOD - [2012/10/10 18:16:58 | 001,232,896 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\VideoTranscoder.dll
MOD - [2012/10/10 18:15:22 | 001,523,712 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe
MOD - [2012/10/10 18:14:56 | 000,286,720 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\AudioTranscoder.dll
MOD - [2012/10/10 18:14:46 | 002,449,408 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\Core.dll
MOD - [2012/10/10 18:11:52 | 000,307,200 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\id3lib.dll
MOD - [2012/10/10 18:11:52 | 000,217,088 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\Release\RSAEncrypt.dll
MOD - [2011/09/24 19:58:22 | 001,502,552 | -HS- | M] () -- \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-292394957-402572938-3920472687-1001\Indiv01.key
MOD - [2011/09/07 12:39:34 | 000,066,664 | ---- | M] () -- C:\Program Files\Verizon\Verizon Media Manager\3ivx\libfaac.dll
MOD - [2011/04/25 17:52:37 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6b\zlib.dll
MOD - [2010/10/25 15:36:22 | 000,119,864 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2006/11/08 15:58:38 | 000,449,280 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia Extreme\BackUp & Recorder\fpxlib.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2013/05/17 02:13:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/15 10:09:14 | 000,806,776 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013/03/27 16:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/03/23 02:28:51 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\UtilityChest_49\bar\1.bin\49barsvc.exe -- (UtilityChest_49Service)
SRV - [2012/02/10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 12:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/12/21 04:04:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/26 17:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV - [2010/10/25 15:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ANTHON~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/05/19 19:37:40 | 000,031,560 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/02/06 07:42:10 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/02/06 07:42:08 | 000,181,784 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/06/24 22:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/07/07 17:13:46 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2011/01/13 01:33:38 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/24 16:53:40 | 001,170,304 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerA706.sys -- (AVerA706)
DRV - [2009/07/13 19:51:24 | 000,026,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sonydcam.sys -- (sonydcam)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/02/19 15:22:52 | 000,127,744 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ArcHlp.sys -- (archlp)
DRV - [2008/05/28 13:54:38 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2008/05/28 13:54:38 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008/01/30 10:56:02 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2008/01/10 17:59:44 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx80.sys -- (SWUMX80)
DRV - [2007/08/23 08:29:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/08/23 08:29:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/08/23 08:29:46 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/08/03 06:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/28 11:44:58 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/06/28 11:44:16 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\anthony's\Documents\Vuze Downloads
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://searchservice...q={searchTerms}
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{54B7D308-B001-4C6A-BAC8-1A7D1E8D6128}: "URL" = http://www.google.co...&rlz=1I7WZPC_en
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...n=2.5.15001.521
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7WZPC_en
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..\SearchScopes\{BF5F9A54-B026-40D7-B22A-8647AA51BEBF}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-292394957-402572938-3920472687-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/02/09 01:13:03 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2013/05/20 12:04:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1294466277\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-292394957-402572938-3920472687-1001..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6b\AOL.EXE (AOL Inc.)
O4 - HKU\S-1-5-21-292394957-402572938-3920472687-1001..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\S-1-5-21-292394957-402572938-3920472687-1001..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-292394957-402572938-3920472687-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-292394957-402572938-3920472687-1001..\Run: [Verizon Media Manager] C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe ()
O4 - Startup: C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-292394957-402572938-3920472687-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-292394957-402572938-3920472687-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-292394957-402572938-3920472687-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-292394957-402572938-3920472687-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} https://www.mydlink..../camclictrl.cab (Camera Stream Client Control Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1ABD02CB-7F71-4374-94F6-EFD8A6737B9F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -HS- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/22 14:23:54 | 000,000,000 | ---D | C] -- C:\Users\anthony's\Desktop\fix.bat
[2013/05/22 14:19:49 | 000,000,000 | ---D | C] -- C:\Users\anthony's\Desktop\fix
[2013/05/21 03:01:58 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/21 03:01:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/21 03:01:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/21 03:01:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/21 03:01:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/21 03:01:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/21 03:01:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/21 03:01:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/20 17:12:18 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/05/20 17:12:17 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/20 17:11:59 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/20 17:11:51 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/20 17:11:51 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/05/20 12:04:24 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/05/20 11:51:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/20 11:51:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/20 11:51:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/20 11:51:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/20 11:51:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/19 21:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2013/05/19 19:38:00 | 000,000,000 | ---D | C] -- C:\Users\anthony's\AppData\Roaming\Malwarebytes
[2013/05/19 19:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/19 19:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/19 19:37:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/19 19:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/17 01:58:48 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/05/17 01:21:12 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/17 01:21:12 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/16 15:47:46 | 000,000,000 | ---D | C] -- C:\NBRT
[2013/05/10 01:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2013/05/10 00:40:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Verizon_Android
[2013/05/07 07:44:41 | 000,000,000 | ---D | C] -- C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/04/29 01:57:57 | 000,000,000 | ---D | C] -- C:\Users\anthony's\AppData\Roaming\vlc
[2011/05/23 04:47:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\anthony's\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/05/22 15:20:53 | 000,015,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 15:20:53 | 000,015,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 15:14:03 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 15:13:45 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/05/22 15:13:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/22 15:13:11 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/22 15:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/22 14:42:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 11:33:47 | 000,326,718 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/22 11:33:47 | 000,045,652 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/22 04:07:53 | 1617,280,647 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/21 03:19:35 | 000,292,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/20 12:04:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/20 11:35:14 | 000,001,367 | ---- | M] () -- C:\Users\anthony's\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/19 21:41:54 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/05/19 21:41:54 | 000,001,754 | ---- | M] () -- C:\Users\anthony's\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/05/19 19:37:58 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/19 19:37:40 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/05/17 02:13:32 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/17 02:13:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/05 15:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/29 01:57:01 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

========== Files Created - No Company Name ==========

[2013/05/22 04:07:53 | 1617,280,647 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/20 11:51:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/20 11:51:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/20 11:51:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/20 11:51:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/20 11:51:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/19 19:37:58 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/19 19:37:40 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/05/17 01:21:13 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/07 07:44:41 | 000,001,373 | ---- | C] () -- C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/04/29 01:57:01 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/02/05 17:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/02/05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/02/05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/02/05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/02/05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/01/21 01:19:32 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2013/01/21 01:19:32 | 000,000,230 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2013/01/09 02:27:15 | 000,127,744 | ---- | C] () -- C:\Windows\System32\drivers\ArcHlp.sys
[2012/11/07 01:14:05 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012/01/10 17:23:31 | 001,237,200 | ---- | C] () -- C:\Windows\System32\DcsCliCtrl.dll
[2011/07/10 11:22:18 | 000,000,000 | ---- | C] () -- C:\Users\anthony's\AppData\Local\{C10DF118-4E4D-4F74-A25A-BB4E9082CE9B}
[2011/07/01 07:03:41 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/07/01 07:02:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/23 04:48:59 | 000,001,057 | ---- | C] () -- C:\Users\anthony's\AppData\Roaming\vso_ts_preview.xml
[2011/05/23 04:47:00 | 000,087,608 | ---- | C] () -- C:\Users\anthony's\AppData\Roaming\inst.exe
[2011/05/23 04:47:00 | 000,007,887 | ---- | C] () -- C:\Users\anthony's\AppData\Roaming\pcouffin.cat
[2011/05/23 04:47:00 | 000,001,144 | ---- | C] () -- C:\Users\anthony's\AppData\Roaming\pcouffin.inf
[2011/04/09 09:07:57 | 000,213,187 | ---- | C] () -- C:\Users\anthony's\AppData\Roaming\MMUpgrade.jpg
[2011/01/06 21:28:13 | 000,033,280 | ---- | C] () -- C:\Users\anthony's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/01 16:52:13 | 000,000,017 | ---- | C] () -- C:\Users\anthony's\AppData\Local\resmon.resmoncfg
[2010/12/24 18:44:18 | 000,000,116 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = %SystemRoot%\system32\SHELL32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 06D5-44EA
Directory of C:\
07/14/2009 12:53 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:53 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\anthony's
12/18/2010 02:07 PM <JUNCTION> Application Data [C:\Users\anthony's\AppData\Roaming]
12/18/2010 02:07 PM <JUNCTION> Cookies [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Cookies]
12/18/2010 02:07 PM <JUNCTION> Local Settings [C:\Users\anthony's\AppData\Local]
12/18/2010 02:07 PM <JUNCTION> My Documents [C:\Users\anthony's\Documents]
12/18/2010 02:07 PM <JUNCTION> NetHood [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/18/2010 02:07 PM <JUNCTION> PrintHood [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/18/2010 02:07 PM <JUNCTION> Recent [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Recent]
12/18/2010 02:07 PM <JUNCTION> SendTo [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\SendTo]
12/18/2010 02:07 PM <JUNCTION> Start Menu [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Start Menu]
12/18/2010 02:07 PM <JUNCTION> Templates [C:\Users\anthony's\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\anthony's\AppData\Local
12/18/2010 02:07 PM <JUNCTION> Application Data [C:\Users\anthony's\AppData\Local]
12/18/2010 02:07 PM <JUNCTION> History [C:\Users\anthony's\AppData\Local\Microsoft\Windows\History]
12/18/2010 02:07 PM <JUNCTION> Temporary Internet Files [C:\Users\anthony's\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\anthony's\Documents
12/18/2010 02:07 PM <JUNCTION> My Music [C:\Users\anthony's\Music]
12/18/2010 02:07 PM <JUNCTION> My Pictures [C:\Users\anthony's\Pictures]
12/18/2010 02:07 PM <JUNCTION> My Videos [C:\Users\anthony's\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:53 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:53 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:53 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:53 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:53 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:53 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:53 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:53 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:53 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:53 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
10/10/2012 01:54 AM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
10/10/2012 01:54 AM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
10/10/2012 01:54 AM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
10/10/2012 01:54 AM <JUNCTION> My Documents [C:\Users\Guest\Documents]
10/10/2012 01:54 AM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/10/2012 01:54 AM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/10/2012 01:54 AM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
10/10/2012 01:54 AM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
10/10/2012 01:54 AM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
10/10/2012 01:54 AM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
10/10/2012 01:54 AM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
10/10/2012 01:54 AM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
10/10/2012 01:54 AM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
10/10/2012 01:54 AM <JUNCTION> My Music [C:\Users\Guest\Music]
10/10/2012 01:54 AM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
10/10/2012 01:54 AM <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
01/03/2013 11:29 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
01/03/2013 11:29 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
01/03/2013 11:29 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
01/03/2013 11:29 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
01/03/2013 11:29 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
70 Dir(s) 126,241,656,832 bytes free

< End of report >